Tactical Advice

Review: Cisco ASA 5512-X Boosts Protection

Firewall supports flexible policies and reputation management.
Product Review: Cisco ASA 5512-X Boosts Protection
Cisco's Prime Security Manager dashboard makes it easy to drill down to analyze network events, examine particular user traffic flows and summarize major web destinations.

To better protect the enterprise network, organizations need stronger firewalls. Cisco Systems’ Adaptive Security Appliance 5512-X delivers a solid set of features to address those needs: Zero-day malware protection, application-aware software and integration with endpoint device control for end-to-end security.

Advantages

Cisco added three important innovations to the 5512-X and the rest of the ASA product line. First, the application detection portfolio includes more than a thousand applications that are recognized by the ASA, making it easy to set up a specific blocking rule in a matter of minutes. This saves administrators from having to figure out a particular app’s behavioral characteristics or cobble together a firewall rule to allow or deny apps across the network.

The ASA also taps the concept of objects to embolden rule and policy creation. Almost anything can become an object. For example, a security manager can create two policies in which anyone on Windows PC can view customer relationship management data, but anyone on an Android device cannot. This makes the product more flexible than its previous version.

Finally, Cisco integrated its reputation management service, called Security Intelligence and Operations (SIO), into the ASA. Actual Cisco customer networks around the world can volunteer to serve as an early warning system for new exploits. A number of other manufacturers have such operations, but Cisco has arguably the widest global customer research and has adeptly integrated this research into the 5512-X itself.

Why It Works for IT

Gone are the days when event viewers and log dumps were the only tools that a security professional could use. Cisco has nicely integrated actionable and graphical reports into its Prime Security Manager interface used to manage the ASA firewall.

With these screens, managers can drill down from the main dashboard user by user, as well as examine particular applications or destinations, all inside a web browser.

Another plus for IT: The 5512-X offers up to 1.2 gigabits per second of throughput and boasts solid-state hard disks that allow for speedy logging, reporting and storage of URLs and other data that support the next-generation features.

Disadvantages

While the Prime Security Manager web interface can handle basic policies, administrators with specific firewall operational needs may need to turn to the Cisco command line. Organizations seeking ASA firewall functionality and intrusion prevention will need to purchase two separate 5512-X appliances. Finally, the advanced features add about 30 percent in processing overhead compared with traditional firewalls. High-traffic environments may need to deploy a more expensive box than the ASA to handle that overhead.

Sign up for our e-newsletter

About the Author

David Strom

David Strom is the author of two books on computer networking, along with thousands of articles on various IT topics. Follow him on Twitter: @dstrom

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.