Project Description

Protect across the Attack Continuum with Cisco ASA NGFW and NGIPS

Digitization offers many growth opportunities for organizations. With this business transformation, however, comes new attack vectors for adversaries. Mitigating the risks of subversion of your systems, ransomware, and data breaches is critical for business operations.

Cloud Network Solutions is pleased to offer solutions from Cisco, a company that leads the way in enhancing your security posture with the broadest integrated security portfolio in the industry, including the most threat-focused next-generation firewalls (NGFWs) in the industry. Cisco NGFWs, available through Cloud Network Solutions, feature management options tailored to how you work, enabling network teams configuration and management.

These NGFWs defend your organization and increase threat visibility with industry-leading advanced protection capabilities. You save time and labor with a threat-centric approach that automates protection before, during, and after an attack. Cisco NGFWs are the only NGFWs in the industry with next-generation IPS (NGIPS) and the power of retrospective security to rapidly contain malware after an attack.

In contrast, legacy firewalls, unified threat management (UTM) solutions, and point security products lack sufficient visibility and protection against today’s advanced threats. Most NGFWs concentrate only on application control, but threat focus is equally critical. The reality is threats are pervasive—targeting your network, mobile devices, cloud, applications, and more.

Cisco ASA NGFW a Cost-Effective, Integrated Solution

Cisco’s first commitment with its NGFWs is a commitment to your network uptime and availability, which is essential to your mission-critical functions. A hallmark of Cisco’s approach is rich support for network protocols and interoperability with high-performance network architectures. This support is provided for both conventional and software-defined network environments.

Building on this differentiation, Cisco ASA NGFW with FirePOWER™ Services are also the industry’s first threat-focused next-generation firewalls. They provide controls that respond in real time to the dynamic threat landscape and your always-changing IT environment. Cloud Network Solutions offers complete lifecycle services for your security infrastructure.

Unlike traditional solutions, our solution uniquely enables greater visibility and protection across the entire attack continuum and against threats coming from multiple vectors. The ASA with FirePOWER Services detects and rapidly contains advanced threats that evade traditional defenses.

Our solution combines ASA firewalling with visibility and control of users and over 4000 applications with Cisco Firepower Next-Generation IPS (NGIPS), Advanced Malware Protection (AMP), Cisco AnyConnect Secure Mobility Client, URL filtering, IP, domain name system (DNS), and URL threat intelligence—all in a single device.

By tightly integrating these capabilities, the solution delivers robust threat protection and visibility for both known and unknown threats. It enables you to incorporate advanced, yet flexible and manageable, threat protection to reduce your risk—all while lowering cost and complexity.

Cisco ASA NGFW with FirePOWER Benefits

The following table describes how the solution can help you achieve your business objectives.

Desired Business OutcomeHow We Can Make It Happen
Protect critical data•     Discover, understand, and stop emerging threats: Advanced threat, application control, and advanced malware protection capabilities are combined in a single solution. These capabilities are integrated with stateful firewalling functions to extend your existing IT effectiveness.

There is no need to buy and manage point products from multiple vendors, which introduce blind spots, increase the management burden, and typically do not work well together.
Increase visibility and management flexibility•     Manage multiple firewalls centrally: Whether you have multiple firewalls at a single location, numerous branch offices (for example, retail locations), or throughout a distributed enterprise, these can all be centrally managed.

You can integrate the proposed ASA with FirePOWER Services with Cisco Firepower Management Center, available through Cloud Network Solutions, either as a physical or virtual appliance, for optimized visibility. Cloud Network Solutions also offers a cloud-based option through Cisco Defense Orchestrator (CDO). It provides centralized security policy management across ASA, ASA with FirePOWER Services, and Cisco Umbrella, all available through Cloud Network Solutions. This delivers centralized visibility and policy consistency.

•     View more when using local management: Designed for simpler single instance deployments, the integrated Cisco Adaptive Security Device Manager (ASDM) provides streamlined on-box management. It combines basic threat defense with access-policy control.
Lower TCO with security automation•     Decrease OpEx: Standardization on a single platform reduces operating expenses. A common environment for configuration can reduce staff-training costs. The proposed solution bring together class-leading application control, IPS, and stateful firewalling with VPN. These capabilities combine to reduce the number of managers required for class-leading threat defense.

•     Minimize containment and remediation costs: The proposed solution supports integration with multiple Cisco and third-party solutions to enable automated, rapid threat containment and remediation of subverted systems.

•     Reduce capital and operating costs: The proposed solution is the only NFGW that correlates threat intelligence with an endpoint agent, the Cisco AMP for Endpoints client.

Automated impact flags allow your team to focus on the highest-priority threats pertinent to your environment. This is possible because Cisco is the only NGFW vendor with NGIPS capabilities. In fact, Cisco Firepower NGIPS was top-rated in the 2017 IHS Markit Network Security Appliances and Software Market Tracker.
The Cisco ASA NGFW with FirePOWER Services Advantage

Cloud Network Solution’s proposed ASA with FirePOWER Services delivers the unique capability to defend your organization before, during, and after an attack. These NGFWs provide control and visibility into your environment to mitigate threats before an attack can begin. Threat protection is enhanced with passive network discovery, whitelisting, and anomaly detection. Automated alerts help you make prioritized and actionable security decisions. The proposed ASA with FirePOWER Services allows you to automate containment of compromised endpoints on your network.

The proposed solution meets your demand for continuous security against ongoing attacks and evolving threats. It provides the only NGFWs in the industry to give you retrospective security. This allows your organization to identify malware trajectories and compromised systems after an attack. Your security team can then efficiently “go back in time” and understand the source and spread of malware. As reported in the Cisco 2017 Midyear Cybersecurity Report, industry-wide median time to detection is over 100 days. It is less than 3.5 hours with the proposed solution’s integrated threat defense capabilities. Decreasing time to detection and remediation frequently reduces the cost of data breaches. These capabilities should be considered in your TCO analysis.

Superior Threat Protection

Today’s cyber attacks are sophisticated. They compromise sensitive data and damage the reputations of public and private sector organizations alike. The proposed Cisco ASA NGFW with FirePOWER Services includes optional subscriptions for the integrated Cisco Firepower NGIPS and Cisco AMP for Networks, available through Cloud Network Solutions. This capability enables discovery, understanding, blocking, and remediation of malware and emerging threats missed by other security layers.

Integrated Threat Defense across the Entire Attack Continuum




According to the 2016 NSS Breach Detection Systems Security Value Map, Cisco NGIPS and AMP enable the leading breach detection solution. Cisco achieved:

  • 2 percent security effectiveness rating; the highest of all vendors tested
  • 100 percent blocking of all evasion techniques during testing; Cisco was the only vendor to accomplish this
  • Excellent performance with minimal impact on endpoint or application latency

The proposed solution also includes Application Visibility and Control (AVC) as well as Cisco Firepower NGIPS, which delivers full visibility and control across users, devices, and applications. In January 2017, Gartner awarded Cisco the single best position in its 2017 Magic Quadrant for IPS.

Cisco ASA NGFW with FirePOWER Services:
Greater Network Visibility with the only NGIPS in an NGFW

Frost & Sullivan announced Cisco has been awarded its 2017 Firewall Market Leadership Award. They wrote, “Cisco’s security business is the company’s fastest-growing segment. In particular, Cisco is excelling in the NGFW market … with its focus on superior threat defense and simplified management options for multiple customer segments.”

Outstanding Value

Cloud Network Solutions offers Cisco ASA NGFWs which were deemed, in the most rigorous independent NGFW testing to date, from NSS Labs in 2017, to provide above-average value. In this testing, Cisco outperformed eight competitors in security effectiveness, blocking 100 percent of evasions and surpassing four vendors by over 50 points. You can download the reports to get the details. For the fourth year in a row, the proposed Cisco ASA NGFW earned a “Recommended” rating from NSS Labs.

With optimal visibility and control as well as automatic prioritization of threats, you can efficiently manage false-positive alerts that would otherwise consume valuable resources. This results in reduced labor and lower costs.

Marketing-Leading Threat Intelligence

No discussion of the threat-focused capabilities outlined above is complete without mention of another significant Cisco differentiator: Cisco Talos Security Intelligence and Research Group (Talos), also available through Cloud Network Solutions. Talos is an elite group of over 250 security researchers and threat analysts that provide the intelligence backbone for all Cisco security products and services.

Talos gathers the industry’s largest collection of real-time threat intelligence, including:

  • 100 terabytes of daily security data
  • 13 billion daily web requests
  • 35 percent of worldwide email traffic
  • 6 million global sensors

The Talos team continually updates Cisco Firepower NGIPS, Security Intelligence, and AMP capabilities in the proposed ASA with FirePOWER Services. They do so using myriad tools, including big-data machine learning, advanced forensics, and intelligence cultivated and curated from Cisco and third-party threat feeds. The proposed Cisco NGFWs receive updates related to:

  • IPS signatures
  • Intelligence for indicators of compromise (IoC) correlation
  • AMP signatures and AMP Threat Grid malware intelligence
  • Known bad and suspect URLs, IP addresses, and DNS servers
Proposed Cisco ASA with FirePOWER Services NGFW Product Listing

Cloud Network Solutions offers these components with the following features and benefits:

Component Description
Cisco ASA 5500-X Series NGFWs with FirePOWER Services These NGFWs combine the proven security capabilities of the ASA firewall with the industry-leading AMP and Cisco Firepower NGIPS threat mitigation features together in a single device. The highly scalable appliance family provides consistent security for a variety of location types and environmental conditions.


•     Maximum AVC throughput: 250 – 1750 Mbps

•     Maximum AVC and IPS throughput: 125 – 1.3 Gbps

•     Maximum concurrent sessions: 20,000 – 1,000,000

•     Maximum new connections per second: 5000 – 50,000

•     Maximum AVC or IPS sizing throughput (440 byte HTTP): 90 – 725 Mbps

•     URL Filtering: 80+ categories; more than 280 million URLs


•     Security Plus License provides higher connection capacity (up to 25 remote access VPN users), enhanced demilitarized zone (DMZ) support, and VLAN trunking support (5506-X, 5506W-X, 5506H-X, 5508-X, 5512-X).

•     Integrated wireless access point model, compatible with Cisco Wireless Lan Controller (WLC) (5506W-X).

•     Ruggedized four-port model (5506H-X).

Models include: 5506-X, 5506W-X, 5506H-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X

Cisco Defense Orchestrator This cloud-based management application allows you to manage security policies with ease. CDO makes it possible to orchestrate security policy management from one central location across all your ASAs. Setup is easy. You can onboard your device within minutes. Cloud-based solution requires no new capital expenditures, floor space, or application management.


•     Policy creation and management: Provides a simple, consistent way to create and maintain security policies while reducing management complexity and costs.

•     Existing policy awareness: Uncovers and remediates issues driven by inconsistency across your current objects and policies.

•     Security templates: Enforces consistency of future deployments and simplifies deployment through the use of templates. They can also be used as a migration tool from existing ASA platforms to ASA NGFW appliances.

•     Application-level visibility: Delivers insight into application-level usage, top applications, attacks, and risks.

Cisco Security Manager

This solution allows you to efficiently scale and centrally manage a wide range of Cisco security devices for improved visibility. Cisco Security Manager integrates a suite of capabilities, including policy, object, and event management, reporting, and troubleshooting for ASA firewall functions.
Cisco Firepower Management Center

(hardware or virtual appliance)

This solution provides centralized management of network security and operational functions for multiple devices. Gain total network visibility.


•     Appliances:

–    Maximum number of sensors managed: 300 (dependent upon sensor type and event rate)

–    Maximum event storage: 4.8 TB

–    Maximum network map (hosts/users): 600,000/600,000

–    Maximum flows per sec: 20,000

•     Virtual:

–    Maximum number of devices managed: 25

Models include: MC750, MC1500, MC2000, MC3500, MC4000, MC-VMW-SW (virtual appliance)

Cisco Adaptive Security Device Manager (ASDM) This solution provides on-device firewall network operations and basic FirePOWER Services management. Its GUI helps simplify monitoring and management of small-scale deployments. The intuitive, simple web-based management interface provides quick views on network traffic trends and tools for troubleshooting.
Services Overview

To confidently grow your business, safely implement new technologies, and anticipate and respond to new threats, Cloud Network Solutions provides Security Services as your trusted advisor and digital partner. Our services include but are not limited to Network Security Audit,  Advisory, Implementation, Optimization, Managed Security & Technical Support. Contact Us.

Project Details

  • Solution OverviewCisco ASA Next Generation Firewalls