Cisco has produced a security appliance that rolls multiple services into a single box, with the aim of making it easier for businesses to secure network borders.
The Adaptive Security Appliance (ASA) 5500 integrates VPNs, firewall, Intrusion Prevention System (IPS), and other services into a single box. According to Cisco, it will mean less security gear and easier detection and prevention of worms, viruses, spyware and other unwanted network traffic.
The ASA 5500 series combines the functions of PIX firewalls, Cisco VPN 3000 Concentrators, Cisco IPS 4200 series appliances, and anti-virus and network quarantine technology based on Cisco's Network Admission Control (NAC) multi-vendor effort.
There are three models: the ASA 5510, 5520 and 5540, which support 300Mbit/s, 450Mbit/s and 650Mbit/s of bandwidth respectively. Cisco claimed each device can move traffic at its maximum throughput rate with all services turned on.
The device runs a management application that allows users to administer multiple network security services from a single interface. Policies can more easily be pushed across VPN, firewall and IPS services running on the box, the company claims. Users can also configure anti-spyware, anti-virus and denial-of-service attack detection services, as well as singling out and controlling specific applications (such as Kazaa or other peer-to-peer applications).
The box sits at the edge of a corporate network, securing incoming and outgoing packet flows, as well as remote access VPN traffic. It could also reside in a corporate data centre, or on segments of a LAN, allowing administrators to restrict access to certain network assets, or for monitoring and securing internal traffic for malicious software.
Cisco said it plans to integrate the ASA technology into its Catalyst 6500 switch platform, as well as a service blade in its access routers. But it did not say when.
To build the new multi-function box, Cisco technologists said that pieces of code from various security product operating systems were combined under a new real-time operating system based on a "Linux-like" kernel, designed specifically for security.
"There are elements of IOS (Cisco's main device operating system), and there are elements of legacy systems, such a PIX firewall, VPN Concentrator," and IPS appliances, says Jason Nolet, director of engineering at Cisco. "We leveraged parts of IOS where it made sense, and parts of other operating systems that had the best capabilities were looking for."
Nolet said that each function of the ASA 5500 can integrate into a current Cisco VPN, IPX firewall or IDS deployment. VPN 3000 devices, for example, would recognise the ASA 5500 as a peer device, as would PIX firewalls or IDS appliances deployed across an enterprise. Security services running on the ASA 5500 could be managed via existing security management tools, such as Cisco's VPN/Security Management Solutions (VMS). But ultimately, the goal is to have users migrate from legacy security management to the ASA 5500 platform, Cisco executives adds.
"The benefit of this is obvious," says Jayshree Ullal, senior vice president of Cisco's Security and Technology Group. "You don't have to log in and out of firewalls and IDS devices," and VPN gear. "You're dealing with just one device."
Cisoc said it planned to announce more security services for the ASA 5500 relating to its Network Admission Control programme later this year. It also planned to announce more vendor partners
The Cisco ASA 5510 costs US$3,500, while the ASA 5520 costs $8,000 and the ASA 5540 costs $17,000. All products are available now.