Security attacks have become more advanced; therefore, security solutions have needed to evolve to deal with those threats. Cisco's acquisition of Sourcefire brings a new paradigm to the security landscape. No longer is security a one-time, instantaneous event. Security now is threat based, network cognizant, and continuous. All organizations, public and private, need to be aware not only of the constantly changing threat environment, but must be prepared to respond in kind.
Mobility. Cloud computing. The Internet of Everything. These are the big buzzwords in the IT world over the last few years. It's where the growth and money are. And they all have one thing in common. They pose serious security risks to your organization and its data.
On September 16, 2014, Cisco completed the most important step to date with the introduction of the Cisco Adaptive Security Appliance (ASA) with FirePOWER Services next-generation firewall combined with technical, professional, and managed security services. This integration includes the flagship products from each vendor: Cisco's ASA firewall and Sourcefire's Next-Generation Intrusion Prevention System (NGIPS) and Advanced Malware Protection (AMP) technologies.
The purpose of this paper is to examine Cisco's security solutions and how Cisco's acquisition of Sourcefire has changed the security landscape. Cisco's ASA already provided next-generation firewall protection. The addition of Sourcefire's IPS and AMP provides protection in what is being called the attack continuum: before, during, and after an attack. Sourcefire's FirePOWER Services brings contextual awareness by assessing threats proactively, interpreting that data, and then applying the optimal network defense scheme.
The combination of Cisco's ASA and Soucefire's code gives customers a fully integrated security solution providing advanced and zero-day attack prevention, policy and application control, contextual awareness with visibility into users, devices, and applications. Security personnel can now detect, track, and remediate attacks from a single architectural platform.
The most basic problem with security, whether it is enterprise networks or physical security at a military base, is that everyone wants security – as long as it's convenient and inexpensive. Until a breach occurs, then everyone wants to know why there wasn't better security measures in place. Here are some of the challenges faced by security leadership:
- How do you make security part of a holistic network design and get security out of the silos and apply it from the ground up? One of the primary challenges for security leadership is when IT initiatives do not include the proper oversight from security personnel. (Think about your last IT project kickoff meeting. Whether it was a tech refresh, growth-driven expansion or relocation, how much time was spent talking about network security, with the proper oversight and controls in place? And if it was discussed, where did it fall on the priority list? This is the beginning of the problem. Everyone wants their network to be secure, but with the bean counters focused on cost, and the users focused on performance, all too often security drops to the bottom of the priority list.)
- How can you be proactive when your security team is spending all of their time taking care of alerts and/or events? This is a staffing problem. As much attention as security receives, there is a critical lack of qualified staff available. As attacks become more sophisticated, staff needs to be trained to deal with those attacks. That is not possible when staff is at critical levels and is needed to react to day-to-day challenges.
- Network security is addressed by device, not workflow. Policies and controls are implemented in an inconsistent manner across different network and security technologies. There is no one way to address all devices the same way. The new paradigm is to look at security threats as a continuous process before, during, and after an attack.
- Security policies are too complex to be properly enforced, and silos are common place. The need for contextual awareness requires centralized control, data exchange, common data, and integration across technologies. This is where Sourcefire comes in.
Sourcefire Next-Generation Security
Next-generation security means three things: Next-Generation Firewall (NGFW), NGIPS, and AMP. In the case of Sourcefire, its NGFW comes with integrated IPS. Sourcefire's approach uses these tools to take a "before, during, and after" approach to an attack. What makes this different from the previous approach to security is that it moves from an instantaneous process to a continuous process. If a successful attack occurs, information on the attack is collected and the data is analyzed and used in the defense of future attacks.