Networking giant Cisco has introduced a new line of firewalls designed for businesses that perform high volumes of sensitive transactions, such as those in banking and retail. The Firepower 2100 Series Next-Generation Firewall also promises up to 200 percent improvement in throughput to eliminate bottlenecks from the Internet edge to the data center, thanks to a new architecture and other improvements.
"The new Cisco Firepower 2100 Series provides businesses with the confidence to pursue new digitization opportunities, knowing they have a security architecture designed to protect against the greatest threats, without affecting the performance of critical business functions," the company said in a statement.
Protection and Performance
That security architecture includes a dual multicore CPU that accelerates key cryptographic, firewall and threat defense functions, according to Cisco. The goal of the 2100 lines is to provide enterprises with ongoing protection and threat inspection without having to sacrifice performance.
The series consists of four models: the 2110, 2120, 2130 and 2140. Each delivers throughput ranges from 1.9-8.5 Gbps, for enterprise use cases from the Internet edge to the data center, the company said.
The new firewall series also comes with threat defense and productivity enhancements, including the Firepower Device Manager, Firepower Management Center for centralized security management and Defense Orchestrator for cloud-based management.
"As businesses increasingly move to digital business models, cybersecurity solutions must scale to add new functions and address the latest vulnerabilities and threats without impacting application or network performance," Cisco said. "Traditionally, this has not been the case."
Instead, Cisco said that enabling intrusion inspection on a firewall can reduce throughput performance by as much as 50 percent, which can have a significant impact on customer-facing Web applications, such as e-commerce and online banking, that require top performance but are often targeted by attackers. This can lead some enterprises to turn off critical security capabilities to improve performance, putting themselves and customers at risk.
No Need To Overprovision
"The Cisco Next-Generation Firewalls have been proven to be the most effective on the market, but we also know that businesses everywhere are struggling with a number of factors, including lack of talent and expanding attack surfaces, which can impact the effectiveness of even the best solutions," said David Ulevitch, vice president and general manager at Cisco’s Security Business Group, in the statement. "The New Cisco Firepower 2100 Series addresses these challenges, making it easier for enterprises to manage their architecture and ensure that they have the best performance at all times."
The purpose-built processing also helps enterprises by making it unnecessary for them to redesign their architectures to circumvent security bottlenecks, reducing the need to overprovision resources, while at the same time fostering deeper inspection levels, the company said.
"From preliminary testing, we’re seeing minimal impact on large packet firewall throughput when enabling intrusion inspection, SSL decryption, and other functions," the company said. In fact, with IPS fully enabled, we see with large packets less than 1 percent throughput degradation to network traffic. Contrast that with the typical 50 percent or greater impact in competing designs."