FRAMINGHAM, Mass. — A year ago Cisco Systems Inc. put forward a vision called SecureX, which would to exert context-based security control over end-user devices. On Tuesday the company took the first step to deliver on that vision while acknowledging more needs to be done.
At the start of the RSA Conference 2012 in San Francisco, Cisco unveiled ASA CX Context-Aware Security, a next-generation firewall which lets administrators set security controls over user devices and network resources related to more than 1,000 applications and many tens of thousands of granular elements within those applications. Cisco also reiterated its strategy is also to build this type of functionality not just into its firewalls but into its Catalyst switches and wireless switches.
“The wireless switches from Cisco will be able to say, ‘That’s an iPad, that’s a phone,” said Russell Rice, Cisco director of product marketing during a media and analyst event.
The idea behind amassing a substantial amount of technical detail about smartphones and tablets and their application usage is to give IT managers a way to decide whether specific devices should be granted network access — for instance, some companies may permit ‘Bring Your Own Device’ for use at work, and others may not. Components called the Identity Services Engine and TrustSec together are used for policy enforcement at the firewall point, blocking or allowing user devices to do specific things.
Rajneesh Chopra, director of product management, provided a demo of ASA CX firewall, saying it will tell you the “who, what, when, where and how” about devices. He said it will tell you about applications, such as whether anyone is uploading videos to Facebook. And it will supply fine-grained URL filtering.
A demo of ASA CX showed how it was tracking user activity related to Web categories, destinations, applications and whether off-limits activities were attempted. Setting policy would be as simple as writing a business policy, such as “Block interns from games,” Chopra noted.
The SecureX framework is also supposed to be able to aggregate threat information from Cisco AnyConnect Secure Mobility and real-time threat data from the global Cisco Security Intelligence Operation to provide security alerts.
As part of the event, Cisco invited a handful of corporate customers to face an audience of analysts and media to provide their take on corporate security, especially the “Bring Your Own Device” issue.
Nick Young, network support manager for Four Seasons Healthcare in the United Kingdom, said in his situation “the business is telling me, ‘Now I’m going to bring my iPad in, I’m the manager.’ We have to allow people to put things on, and that’s where Cisco comes in.” He said products like ASA CX should be a help in providing visibility into these BYOD devices and exerting fine-grained controls.
Analysts at the evemt were generally positive about the next-generation firewall and how Cisco is putting real product behind the SecureX concept.
“Last year it was just logos and big ideas,” says IDC analyst Phil Hochmuth. “Now we have the instruction manual that comes with SecureX.”
“This makes a lot of sense. And it’s good to see them coming out and deploying a next-generation firewall,” says Gartner analyst Neil MacDonald about ASA CX.
Cisco’s new senior vice-president of the security and government group, appears likely to lead the company into adapting security products to be optimized for virtualized environments.
In an interview Young said Cisco should be developing firewalls and Web gateways — maybe even an intrusion-prevention system — adapted as security appliances that would run in virtualized environments.
In addition to its ASA-CX next-generation context-aware firewall, Cisco also introduced the Cisco ASA 5500-X Series of midrange security appliances intended for Internet edge deployment for small to large enterprises. These are also expected to use the SecureX approach. They include the ASA 5512-X at 1Gbps throughput; the ASA 5515-X at 1.2Gbps; the ASA 5525-X at 2Gbps; the ASA 5545-X at 3Gbps; and the ASA 555-X at 4Gbps.