Cisco Next-Generation Firewall (NGFW)

Posted on by Carine Benji

In our Technomaxresdefaultlogies Category I would like to talk about  Cisco Next Generation Firewalls.

Last year , Cisco gained strength in next-generation firewalls via Sourcefire code.The official acquisition of Sourcefire by Cisco on October 2013, has allowed him to build a firewall unique its kind.

With this acquisition, Cisco has been able to expand its range and skills in security area.  This approach is a vision of security that is to intervene before the attack, during the attack and After attack.

Cisco – SourceFire …

Cisco is historically known for his expertise on before the attack, this is the security access where Cisco  excelled for many years, while SourceFire is rather an expert after the attack, Forensic, the detection of intrusion, the management of security events. So the fusions of two companies in terms of skills and technology solutions provide completeness that can provide new solutions related to the attacks.

Historically …
There’s 10 years iASA 5500-2t was used firewalls that were intended to  open  and control ports because of attacks of the protocols types. But hackers have moved quickly their interest to take part of application vulnerabilities to launch attacks, so we started talking about Application Firewall , Next-Generation Firewall.Today almost all the attacks are carried through illegal and authorized applications. So we must be interested in the threat, to attack itself to be able to make good decisions; just the application control is not enough.

Example …

If weimages (2) imagine an attack whose goal is to exfiltration of data, then the first phase of the attack is to send a phishing email to a user to control his machine.Typically this will pass through an authorized port and an authorized application:email application.

So far there was no Exploit on the mall itself, it’s just the content that contains the threat ; we will have much interest to know the threat in order to make a decision.
As this attack aims to exfiltration information, so hackers will make sure to pass through authorized flows, in order to get out of the network and outputs the data (it will be https, ssh).
Once again as are authorized flows, we will have fewer means to make the right decision based on the application only : It will take several correlate security events that match informations managing the threat. Hence the Firewall Next-Gen with IPS next-Gen.

What is this Firewall ? …

It encompasses several areas, the basic of connection and routing is Cisco ASA technology, which is known for its advanced-threat-security-cyber-security-for-the-real-world-15-638robustness and performance, and is now the most deployed firewall in the world. The part of application control and IPS Next-Gen intelligence are the legacy of SourceFire.

Customers…
All customers who have an ASA X in their network have the ability to implement the full functionality of next generation firewall by upgrading, the aim is to bring more functionality on what already works.