Using the world-class security and networking services provided by the Cisco® ASA 5500 Series Firewall Edition, businesses can securely deploy mission-critical applications and networks in a highly reliable manner.

EXECUTIVE SUMMARY

Securing the network is critical to the continued health of the connected business. As enterprise security requirements evolve to respond to a rapidly changing threat environment, organizations face the prospect of deploying an ever-increasing number of services and products for location-specific needs. The Cisco® ASA 5500 Series of adaptive security appliances introduces a new paradigm of modular network security to meet these needs. With the Cisco ASA 5500 Series, organizations can adapt their security posture to the specific requirements of an individual environment. This modularity provides the superior protection of location-specific security with the operational efficiencies of a standard platform, increasing security while decreasing costs in management, training, and sparing.

CHALLENGE

The network provides the connected enterprise with many competitive advantages, including increased business efficiency and effectiveness. Maintaining and sustaining these competitive advantages in the face of mounting security threats has required organizations to invest in a growing number of security technologies. Increasingly, these threats have become more sophisticated and specialized, seeking to take advantage of specific characteristics of individual network environments. Responding to these threats has required an increasingly environment-specific architecture, with individual network environments themselves requiring more sophisticated and specialized services to counter these threats. The sets of services required to securely extend network access to employees at home differ significantly from the sets of services required to secure a public Internet commerce site.

This environment-specific approach to security imposes a significant operational burden on an enterprise, requiring multiple products and platforms, combined with multiple management and monitoring consoles. Beyond the operational costs associated with management, staff training, and sparing for each individual product, the complexity of the solution can slow down service deployment and introduce new security risks into the organization.

Attempts to reconcile the conflict between the security requirements of the organization and the operational burden the organization is capable of bearing have forced security administrators to make compromises between these two challenges. Either the organization accepts a decreased security posture, or it pays a significant operational cost to maintain disparate systems.

SOLUTION

The Cisco ASA 5500 Series Adaptive Security Appliance is a modular platform that provides the next generation of security and VPN services for small and medium-sized business and enterprise applications. The comprehensive portfolio of services within the Cisco ASA 5500 Series enables customization for location-specific needs through its tailored package product editions for the enterprise-firewall, IPS, anti-X, and VPN. These packages enable superior protection by providing the right services for the right location. Each edition combines a focused set of services within the Cisco ASA Family to meet the needs of specific environments within the enterprise network. By ensuring the security needs of each location are met, the overall network security posture is raised. At the same time, the Cisco ASA 5500 Series enables standardization on a single platform to reduce the overall operational cost of security. A common environment for configuration simplifies management and reduces training costs for staff, while the common hardware platform of the series reduces sparing costs.

Each edition addresses specific enterprise environment needs:

• Firewall Edition-Enables businesses to securely deploy mission-critical applications and networks in a reliable manner, while providing significant investment protection and lower operational costs through its unique, modular design.

• IPS Edition-Protects business-critical servers and infrastructure from worms, hackers, and other threats through the combination of firewall, application security, and intrusion prevention services.

• Anti-X Edition-Protects users at small or remote sites with a comprehensive package of security services. Enterprise-grade firewall and VPN services provide secure connectivity back to the corporate headend. Industry-leading anti-X services from Trend Micro protect the client system from malicious Websites and content-based threats such as viruses, spyware, and phishing.

• VPN Edition-Enables secure, remote user access to internal network systems and services, and supports VPN clustering for larger enterprise deployments. This solution combines Secure Sockets Layer (SSL) and IP Security (IPSec) VPN remote-access technologies with threat mitigation technologies such as Cisco Secure Desktop, and firewall and intrusion prevention services to ensure VPN traffic does not introduce threats to the enterprise.

Additional information on each of these editions is available in edition-specific solution overviews at http://www.cisco.com/go/asa.