Cisco Boosts ACI Security With FirePOWER Integration

Cisco announced that it is integrating the FirePOWER Next Generation Intrusion Prevention System with its Application Centric Infrastructure automated policy fabric, Cisco's alternative to other Software Defined Network solutions on the market. Cisco acquired Sourcefire in 2013 and now offers the threat protection services software through both physical devices and virtual appliances. The FirePOWER services were also integrated with the 5500 series of Cisco ASA firewalls.

With ACI enabling a policy-based multi-tenant infrastructure, the addition of NGIPS will enable companies to dynamically detect and block advanced threats with continuous visibility and control across the full attack continuum, according to Cisco. After it is made available in June, Cisco says the new integrated ACI security solution will provide advanced security to protect data centers before, during, and after attacks, dynamically detecting threats and automating incident responses.

Cisco also announced that ACI is now validated by independent auditors for deployment in PCI-compliant networks. Cisco touts a broad ecosystem of partners for ACI with Intel Security, Check Point Software, Infoblox, Radware, Symantec, and most recently Fortinet's FortiGate.

Automation, integration and ease-of-use are in focus here, as Cisco cites Enterprise Strategy Group (ESG) research that show 68 percent of IT security professionals reported that it is difficult to remove expired or out-of-date access control lists (ACLs) or firewall rules because it is so time-consuming and entails many manual processes.

An extensive ESG survey report on ACLs is available here, which says 74 percent of midmarket and enterprise respondents claimed that, on average, took days or weeks to complete firewall or routing ACL changes.