You have a Cisco ASA stateful firewall[i]. You like it. It's reliable. You think, "It works... if it ain't broke, don't fix it." But you've had your ASA for years now, and during that time, threats have evolved. Malware is more sophisticated than ever. What's more, your business has grown, the demands on the network are greater than ever, and you have to manage it all with the same size team and resources that you had 5 years ago.
Given these challenges, you have to start asking yourself how your firewall can do MORE for you than it already is:
The Cisco Firepower Next-Generation Firewall (NGFW) can do all of these things. Here are three simple reasons to upgrade.
The Cisco ASA stateful firewall provides access control and traffic filtering. The Cisco NGFW provides all of that and more, like application visibility and control, as well as deep visibility into threats using built-in advanced security capabilities, like:
While the ASA provides proven reliability and uptime, the Cisco NGFW builds on the ASA heritage and provides reliability and uptime even when using advanced security features like NGIPS. In fact, throughput on the Cisco Firepower 2100 does not degrade when NGIPS functionality is turned on. Finally, you can utilize advanced security capabilities built into the firewall without drastically sacrificing network throughput.
Cisco NGFW wasn't designed in a silo. It was built to work together with other Cisco security tools. Threat intelligence, policy information and event data are shared across all Cisco security tools as part of Cisco's Integrated Security architecture. This is important for a couple reasons.
First, these integrations provide more visibility across multiple attack vectors, from edge to endpoint, so you can stop threats faster. Therefore, when asinglesecurity tool sees a threat in one place,everytool will instantly know about it, and automatically block it across the entire extended network.
Second, these integrations can automate network and security operations to help save you time so you can focus on high priority tasks. For instance, the Cisco NGFW shares policy information with the Cisco Identity Services Engine (ISE) so that ISE can automatically enforce policy on devices. Cisco Advanced Malware Protection (AMP) for Endpoints will notify the Cisco NGFW if it has quarantined a file on a specific device or multiple devices.
In a time when budgets, staff, and resources are limited (and every day is a struggle to keep up in a never-ending game of whack-a-mole with threat alerts), automation can help your team be strategic rather than just reactive.
If you're ready to swap out your old ASA for a new Cisco NGFW and take advantage of these added benefits, it's time to migrate. We've made migration easy with the new Firepower Migration Tool. It automatically converts the configuration of a supported ASA platform to a supported Cisco NGFW running our Firepower Threat Defense (FTD) platform. Visit our website, download and launch the tool, use the step-by-step tutorial video to walk you through 6 easy steps to migrate, and then you're done.
Your firewall should be doing more for you. It should be doing more to streamline your network operations and protect you from threats. The move should also be easy and seamless. Watch a demo, get a free trial, or talk to your Cisco representative about upgrading to a Cisco Firepower NGFW today.
[i] Cisco ASA stateful firewall DOES NOT refer to the "Cisco ASA with Firepower Services" or the Cisco 5500-X Series. Any Cisco ASA with Firepower Services delivers "next-generation" capabilities and is not just a stateful firewall alone.