By: John Grady; Christina Richmond

Since completing the acquisition of Sourcefire in October 2013, Cisco has prioritized the integration of itsnewly owned technology and service offerings across the portfolio. Early in 2014, Cisco added Sourcefire'sAdvanced Malware Protection (AMP) to its content security products, including its Email SecurityAppliance, Web Security Appliance, and Cloud Web Security offerings. In addition, development of theAMP technology continued after the acquisition with the release of version 5.3, which improved eventcorrelation and investigation capabilities, and with the introduction of dedicated appliances for AMPdeployments in environments with more stringent data privacy requirements.

On September 16, 2014, Cisco completed the most important step to date with the introduction of theCisco ASA with FirePOWER Services next-generation firewall combined with technical, professional, andmanaged security services. The announcement marks the integration of the flagship products from eachvendor: Cisco's ASA firewall and Sourcefire's Next-Generation IPS (NGIPS) and AMP technologies. Bycombining these technologies, and blending in Cisco's services, the new offering delivers on three keytenants:

• Visibility — To enable administrators and analysts to more efficiently and effectively identifythreats through better context, telemetry, and indicators of compromise

• Threat prevention — Via NGIPS and AMP and Cisco Collective Security Intelligence• Platform — Providing multiple services on a single firewall helps enable better security while

reducing complexity and costs

From an implementation perspective, FirePOWER services can be added to existing ASA 5500-X andASA 5585-X deployments or included with new deployments of those firewalls. Wrapped around andbroadening Cisco's design to assist customers with the "Before, During, and After" continuum are fourmain service options. Cisco's Migration Services helps clients assess and implement the new architecture.Cisco SMARTnet Technical Services provides access to support tools and expertise. Managed Servicesprovides full-time threat monitoring and management. Finally, the Sourcefire Incident Response teamassists customers in diagnosing, identifying, and remediating risks using FirePOWER technology. Thecontextual awareness that AMP provides also feeds into Cisco's big data analysis tools for proactiveremediation (before), rapid insights into current attacks (during), and compilation and analysis of forensicdata, continuous file analysis, and visibility into file trajectory and behavior, to make more informed securityand incident response decisions (after).

As threats have become more dynamic and multi-vector, there has been an increasing focus on threatprevention on the firewall. The addition of IPS and then application control were the first major shifts frombasic inspection to more robust analysis. The integration of core STAP functionality represents the nextevolution. Cisco has moved quickly to recognize and address this dynamic; however, the company musttake additional steps. While consolidated functionality can provide benefits, a single pane of glassmanagement console is preferred to enable better efficiency and stronger security. While Cisco isdeveloping this management structure, it is not currently available. Similarly, the integration of FirePOWERservices with Cisco's network infrastructure products (which have always been important for the deliveryof Cisco's security services) is another key development that is not available but will help drive furtheradoption. That being said, the integration steps that have been accomplished and new combined

Cisco Adds FirePOWER Capabilities to ASAFirewallsSeptember 25, 2014 - IDC Link

- 1-

messaging for Cisco's technology together with its services are strong enhancements. There is still morework to do from a technology perspective but also to bring a seamless and cohesive message to the marketthat Cisco provides end-to-end security solutions.

Subscriptions Covered:Security Products, Security Services

Please contact the IDC Hotline at 800.343.4952, ext.7988 (or +1.508.988.7988) or sales@idc.com for information on applying the priceof this document toward the purchase of an IDC or Industry Insights service or for information on additional copies or Web rights. Visitus on the Web at www.idc.com. To view a list of IDC offices worldwide, visit www.idc.com/offices. Copyright 2014 IDC. Reproduction isforbidden unless authorized. All rights reserved.

- 2-