In October 2013, Cisco closed on the $2.7 billion acquisition of Sourcefire. Ever since, Cisco has been incrementally integrating Sourcefire’s technologies. Today Cisco finally fully embraces the Sourcefire technology in the company’s new Cisco Firepower NGFW, quite literally the next generation of Cisco’s network defense perimeter technology.
Scott Harrell, Vice President of Product Management, Security Business Group at Cisco, explained that the Cisco Firepower NGFW is a fully integrated platform that includes firewall, IPS and URL filtering capabilities as well as integration out to secure endpoints. Additionally, Cisco’s threat telemetry information is integrated into the Firepower NGFW. The management of all threat information and the security workflow is also improved.
“When we bought Sourcefire two years ago, we knew it would be a journey to get to this point,” Harrell told Enterprise Networking Planet. “Many industry analysts were skeptical of Cisco’s ability to bring Sourcefire’s technology together with technology like our classical ASA firewall and with this launch, we’re saying: we got it.”
Over the last two years, Cisco has been adding Firepower features to the ASA product line. In September 2014, Cisco added Firepower services from Sourcefire to Cisco ASA firewalls. At the time, Harrell explained that the Sourcefire Firepower services could be used to replace an existing Cisco IPS service running on the ASA.
With the new Firepower NGFW, Harrell said that an existing ASA 5500 can be upgraded via software to the new image. Additionally some of the older Firepower appliances can now also be upgraded to the new image. Historically, ASA was mostly just a firewall and Firepower was mostly just an IPS, but with Firepower NGFW, the two worlds are coming together.
The core of the Firepower NGFW is a new Linux operating system distribution. Harrell explained that Cisco is calling its new Linux powered operating system FXOS ( Firepower eXtensible Operating System). The new FXOS introduces service-chaining capabilities that can help to enable a security inspection and remediation workflow.
Chaining and understanding context is further enhanced through the integration of the Cisco Identity Service Engine (ISE). Harrell explained the Firepower can now consume ISE information about users and policy. Additionally the integration of ISE and Firepower enables rapid threat containment where an alert from Firepower can be extended through ISE to keep a threat or malicious end point off the network.
“So you’re not just blocking threats at the firewall, you can actually force the infected user into a quarantine zone until they get remediated, ” Harrell said.
While firewall and IPS devices were once though of as two separate technologies with the Firepower NGFW that’s no longer the case.
“It’s really all now just one convergence of technology,” Harrell said. “This is a logical integration that runs all the way up to the management plane.”
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.
