SAN FRANCISCO -- Cisco extended its SourceFire advanced malware protection platform to new endpoints, introduced...
two new AMP-dedicated appliances, and announced a virtual firewall for data centers in a bid to beef up its security portfolio.
The announcements were made at this week's Cisco Live conference in San Francisco.
"There are lots of surfaces where threats can come at you," said Raja Patel, Cisco's senior director of cloud security and threat intelligence product management. "The notion [that] you can have a trusted environment and an untrusted environment has gone by the wayside. It used to be you had to go to places you shouldn't in order to get infected. Today, you can do your daily business or go to a typically accessed webpage and get infected that way."
Cisco continues to extend AMP throughout the enterprise, endpoints
The extension adds advanced malware protection (AMP) -- which Cisco acquired as part of its purchase last year of Sourcefire -- to the Macintosh OSX environment; it's a reflection of the growing use of Apple Inc. products among enterprises. Earlier this year, Cisco added AMP to its content security portfolio of products that included Web and email security appliances and cloud gateways.
Cisco also fortified AMP so it can address low-prevalence threats: malware that doesn't have a documented history behind it. Among other new features, Cisco added file capture and extraction and support for private clouds.
Enabling customers to cloak as much of their infrastructure with AMP is a good move for Cisco, said John Grady, program manager of security products for Framingham, Mass.-based IDC.
"They've done a good job continuing the momentum Sourcefire had built, and by announcing the integration of AMP to content security platforms -- and with the improvements and the idea of AMP everywhere -- Cisco has shown it's ready to follow-through," he said.
Enterprises need all-encompassing approach to advanced malware protection
The challenges associated with fighting malware need a "holistic solution" like Cisco is offering, Grady said. "You hear about the advanced malware protection and prevention story constantly. Companies want a solution to this, and the fact of the matter is [prevention] is best served by a holistic solution rather than a single point on the network or a cloud-based approach."
The growing threat of malware
Protecting yourself from ransomware
The mobile security battleground
Guarding against fraudulent certificates
The two new network appliances -- the FirePower AMP8150 and FirePower AMP7150 -- offer 2 Gbps and 500 Mbps of throughput, respectively; a 50% boost in performance over previous models. They are Cisco's first network components specifically engineered for AMP, Patel said.
"We believe we are building an approach that isn't just point-in-time, but is retrospective and continues to learn, and it extends from content gateways and network platforms to endpoints throughout the enterprise," he said.
Virtual firewall designed for ACI, SDN deployments
Additionally, Cisco introduced two Adaptive Security Appliance (ASA) firewalls, including a virtual firewall for data centers that supports software-defined networking (SDN) and the vendor's application-centric infrastructure (ACI) technology. The ASA supports VMWare's hypervisor -- with support for others coming down the road -- but the vendor intends to ultimately make the firewall hypervisor-agnostic. "We want this ASA firewall to be openly orchestrated by SDN or by a third-party orchestration vendor like Embrane provides in our ACI environment," Patel said.
The ASA 5585X firewall appliance, meanwhile, has been retooled with double the throughput of the previous version, and now offers 640 Gbps of capacity in a 16-node clustered configuration.
All of the security products announced at Cisco Live are available now.