Cisco lights up security space with new offerings

Next-generation offerings and incentives rolled out by networking giant

With a new firewall and enhanced global partner programmes, Cisco is putting its security practice front and centre.

The Cisco ASA with FirePower Services, heralded by Cisco as "the industry's first threat-focused next-generation firewall (NGFW)", combines the Cisco ASA 5500 Series firewall with application control, next-generation intrusion prevention systems (NGIPS), and advanced malware protection (AMP) to address threats across "the entire attack continuum".

That is before an attack occurs, while it's happening, and after it has been launched.

Sources at Cisco say the new-and-improved ASA 5500 delivers unprecedented network visibility, delivering contextual awareness of users, mobile devices, vulnerabilities, URLs, and more; multilayered threat protection, moving beyond mere policy and application control to fight zero-day and persistent attacks; and reduced cost and complexity resulting from the integration of multiple security technologies in a single platform.

"We've entered an era in which legacy NGFW solutions are not enough to thwart attackers," said Christopher Young, senior vice president of Cisco's security business group.

"Now more than ever, organisations need to be able to implement dynamic controls to manage the pace of change of their environments and address security incidents. Cisco ASA with FirePower Services [empowers] customers to deepen their protection from the datacentre, through the network, to the endpoint."

The insidiousness of modern-day attacks, and attackers, has led developers of security technology to fight fire with fire, in a way.

"We looked at the market, at how attackers operate, and our analysis shows that they're predictable. They research their targets; they attack quickly and leave something behind before moving on," said Jason Brvenik, principal engineer at Cisco's security business group.

"Those same models apply to defensive policies as well. You have to research your assets and vulnerabilities, you have to harden your assets to limit susceptibility, and you have to [deploy] tools to defend yourself in real-time.

"You can't be everywhere all the time, and no defence is perfect, but when compromise happens, you can scope it, contain it, and remediate it as soon as possible."

Alongside the new firewall, Cisco has unveiled changes to its security channel programmes.

Partners now have two new security specialisation options: ESS-IPS intrusion prevention and Advanced Security Architecture (ASA).

The former is one of four Express Security Specialisation initiatives offered by the networking vendor to providers that want to kick-start their security businesses by focusing on specific areas of expertise. The other three Express specialisations are in email security, web security, and NGFWs.

Through the ASA specialisation, partners have access to training on how to integrate security offerings across their portfolios. They can also participate in Cisco's Value Incentive Program (VIP) and increase deal size via cross-selling opportunities.

"Our expanded [specialisation] portfolio is a significant opportunity for partners, especially at the mid-market and enterprise levels," said Al Jacobellis, director of security solutions strategy at Cisco's worldwide partner organisation.

"The [ASA] specialisation is for partners that can sell, implement, and support our entire portfolio across the attack continuum. And with our Express specialisations, we're taking a modular approach. If you don't want to focus on all our security products -- if you prefer to focus just on IPS, or email, or NGFW, or the web -- we'll provide support for that too."

Also new from Cisco: Security Ignite, a global programme that rewards Cisco's partners with additional up-front discounts of up to six per cent on new next-gen security business they register through the Opportunity Incentive Programme (OIP) or Teaming Incentive Programme (TIP).

Jacobellis said partners have ample opportunity to provide security-side services such as implementation, consulting, and upgrades to next-gen platforms. "Security is a competitive market, and it requires a lot of investment," he said.