Tactical Advice

Review: Cisco ASA 5512-X Boosts Protection

Firewall supports flexible policies and reputation management.
Product Review: Cisco ASA 5512-X Boosts Protection
Cisco's Prime Security Manager dashboard makes it easy to drill down to analyze network events, examine particular user traffic flows and summarize major web destinations.

To better protect the enterprise network, organizations need stronger firewalls. Cisco Systems’ Adaptive Security Appliance 5512-X delivers a solid set of features to address those needs: Zero-day malware protection, application-aware software and integration with endpoint device control for end-to-end security.

Advantages

Cisco added three important innovations to the 5512-X and the rest of the ASA product line. First, the application detection portfolio includes more than a thousand applications that are recognized by the ASA, making it easy to set up a specific blocking rule in a matter of minutes. This saves administrators from having to figure out a particular app’s behavioral characteristics or cobble together a firewall rule to allow or deny apps across the network.

The ASA also taps the concept of objects to embolden rule and policy creation. Almost anything can become an object. For example, a security manager can create two policies in which anyone on Windows PC can view customer relationship management data, but anyone on an Android device cannot. This makes the product more flexible than its previous version.

Finally, Cisco integrated its reputation management service, called Security Intelligence and Operations (SIO), into the ASA. Actual Cisco customer networks around the world can volunteer to serve as an early warning system for new exploits. A number of other manufacturers have such operations, but Cisco has arguably the widest global customer research and has adeptly integrated this research into the 5512-X itself.

Why It Works for IT

Gone are the days when event viewers and log dumps were the only tools that a security professional could use. Cisco has nicely integrated actionable and graphical reports into its Prime Security Manager interface used to manage the ASA firewall.

With these screens, managers can drill down from the main dashboard user by user, as well as examine particular applications or destinations, all inside a web browser.

Another plus for IT: The 5512-X offers up to 1.2 gigabits per second of throughput and boasts solid-state hard disks that allow for speedy logging, reporting and storage of URLs and other data that support the next-generation features.

Disadvantages

While the Prime Security Manager web interface can handle basic policies, administrators with specific firewall operational needs may need to turn to the Cisco command line. Organizations seeking ASA firewall functionality and intrusion prevention will need to purchase two separate 5512-X appliances. Finally, the advanced features add about 30 percent in processing overhead compared with traditional firewalls. High-traffic environments may need to deploy a more expensive box than the ASA to handle that overhead.

Sign up for our e-newsletter

About the Author

David Strom

David Strom is the author of two books on computer networking, along with thousands of articles on various IT topics. Follow him on Twitter: @dstrom

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...