Cisco unveils security-product barrage at Cisco Live Conference

Includes a push into virtualising its ASA firewall,

Cisco's Advanced Malware Protection (AMP) technology, known as FireAMP, is already supported in its firewalls and e-mail gateways, but now the company is making AMP available as a standalone product.

That's just one of a slew of security announcements the company is making at this week's Cisco Live Conference.

The dedicated AMP for Networks appliances include the FirePOWER AMP8150 (up to 2Gbps performance) and AMP7150 (up to 500Mbps performance), a line of products that start at $48,000. Both of the new dedicated AMP appliances are designed to monitor and block malware, including zero-days, via Cisco's cloud-based content-inspection technology. But for Cisco customers that don't want to send their data off premises in this sandboxing process, Cisco has also come up with an on-premises option called the AMP Private Cloud Appliance that starts at $100,000.

+ ALSO ON NETWORK WORLD Cisco announces security service linked with new operations centers | Cisco details Sourcefire security-threat integration, integration, open-source direction +

The AMP Private Cloud appliance was created to meet the needs of organizations working under security and data-privacy rules that restrict where data can be transmitted. It will work the same way as the other AMP choices, such as collecting information from AMP endpoint connector agents for Windows, Mac OS X or Android.

"There's a synchronization mechanism to keep up with all the dynamic analysis, machine-learning and blacklists," said Marty Roesch, vice president and chief architect for Cisco's Security Business Group. AMP for Endpoints starts at $30 per user for enterprise deployments over 5,000 seats.

Cisco says it's also expanding how AMP works by including a search engine for threat analysis that lets the security manager perform forensics related to file and host names relative to the scope and containment of malware across an enterprise. In addition, AMP 5.3 has a "file extraction" capability that lets the security manager request that a host computer that has an AMP agent send up a copy of a file if it hasn't gone through the sandboxing analytics process to be inspected for malware. Cisco has also added a way to correlate "indicators of compromise" using AMP. In forensics, indictors of compromise point to the strong likelihood of specific compromise or intrusion into an enterprise network.

One Cisco customer, Dan Polly, vice president enterprise information security manager at First Financial Bank, says unknown threats and social engineering attacks, especially phishing attacks on employees, remain a key concern. First Financial Bank has deployed several security technologies, but AMP is considered an "anchor" of defense for the bank because its sandboxing approach "finds things traditional A/V can't," Polly says. First Financial expects to also look into the newer option Private Cloud option.

Cisco today also announced its intent to acquire ThreatGRID, the New York City-based security firm that offers malware analysis and threat intelligence technology, for an undisclosed price. Cisco said it's acquiring ThreatGRID to enhance Cisco's Advanced Malware Protection (AMP) products.

Cisco also made a push into virtualising its ASA firewall, saying the new software-based ASAv is designed to run on the VMware platform initially with plans to add support for KVM and Microsoft's HyperV. "Our goal is to make it hypervisor-agnostic," says Raja Patel, Cisco's senior director, cloud security and threat intelligence product management.

Patel says the virtualized ASAv firewall was built with RESTful APIs so it can be used to run in Cisco's Software-Defined Network data center environment or any SDN supporting RESTful APIs. The ASAv firewall is not oriented toward next-generation application filtering but is mainly port-based for flexibly firewalling virtualized workloads, for example in bursting environments. Cisco says it's possible to spin up virtual machines and leverage one to four cores to produce 2Gbps of performance per instance. The Cisco ASAv virtual firewall starts at $56,000.

Cisco also announced an updated version of the ASA 5585-X series that will now support 16-node clustering for up to 640Gbps throughput. It starts at $29,995. All of these products are available now, and by the end of next month, Cisco will be providing a free Cisco Validated Design guide for Cisco Secure Data Center that outlines planning and design architectures.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags sourcefireFirewall & UTMsecurityampanti-malwareWide Area Network

More about AdvancedAMPASACiscoCisco SecurityCisco SecurityFirst FinancialIDGKVMMicrosoftVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place