F5 BIG-IP Application Security Manager (ASM) is a Web Application Firewall (WAF) designed to secure Web Applications in virtual software-defined data center (SDDC), managed cloud service environment, public cloud, or traditional data center. F5 BIG-IP Application Security Manager (ASM) empowers Organizations to safeguard their Web Applications against threats, application vulnerabilities, and zero-day attacks.
F5 BIG-IP Application Security Manager (ASM) is a proactive Web Application Firewall capable of protecting from DDOS attacks, SQL Injections and also capable of patching reported vulnerabilities within span of minutes to protect against web threats.
Some of the key features of F5 BIG-IP Application Security Manager are
- Layer 7 Attack Protections
- Advanced Enforcement
- Effective Bot Defense
- Application Awareness
- Data Protection and Cloaking
- Violation Correlation and Incident Grouping
In short F5 BIG-IP Application Security Manager (ASM) servers the purpose of securing web applications.
Since the release of an Apple watch, many companies are trying to build their applications to serve technology not only on the palms but also on the wrists.
Cisco is not far from developing Apps for Apple Watch. Now Cisco is offering WebEx app for Apple Watch with following capabilities
Start meetings in your WebEx Meeting
Center Personal Room from your Apple Watch.
• Organize (schedule, invite, and start) meetings
• Two-way video conferencing
• View shared content, attendee list chat,
• and Audio Active Speaker
• End-to-end encryption
• Attend WebEx Training Center classes and Event
• Center online events
• Share content in real-time from your iPad, or files from
your Box account
Well time will say how practical, Apple Watch will be in severing the business needs of a Corporation.
The Cisco ASA CX Context-Aware Security, Cisco Prime Security Manager and Cisco ASA Intrusion Prevention System are no more sold by Cisco, Cisco recently announced End of Sale for the above Cisco Security Products. With the acquisition of Source fire, Cisco is powering up their Security Appliances like ASA with FirePOWER Services.
Those who are still using the traditional ASA CX Context-Aware Security, Cisco Prime Security Manager and Cisco ASA Intrusion Prevention System are advised to migrate towards to Cisco ASA 5500-X and 5585-X with FirePOWER Services. These ASA bundles are capable of delivering the power of ASA firewall with Sourcefire threat and advanced malware protection. Cisco is trying to capitalize on the these three things to make there mark in Next Generation Firewall market segment. Also Cisco is replacing the Cisco Prime Security with Cisco FireSIGHT Management Centre to mange the new ASA 5500 –X and 5585-X Appliances.
Juniper Network claims, with addition of new hardware updates for the Juniper Networks® SRX5800 Services Gateway makes it’s the industry’s fastest firewall. According to latest press release by Juniper, the Juniper Networks® SRX5800 Services Gateway is capable of delivering Internet Mix (IMIX) firewall throughput up to 2 Terabits per second (2 Tbps).
Juniper added third-generation input/output cards, an enhanced midplane chassis and third-generation system control boards – to the SRX5800. The input/output card supports two packet-forwarding engines (PFE), a high-density configuration of 2×100 GbE and 4×10 Gbe high speed interfaces. The third-generation input/output card is capable of delivering 240 Gbps of bandwidth, double the bandwidth of the previous hardware card.
“As the threat landscape continues to evolve and a variety of devices increasingly flood the network, companies are forced to not only meet network performance demands but also ensure they have efficient, fast and scalable protection in place,” said Christopher Hoff, vice president and security CTO at Juniper Networks.
Well I believe these new announcement will certainly create healthy competition in the service provider market segment, and this is going to benefit large enterprises and service providers in long run.
The other day I was integrating Cisco Iron Port ESA with Cisco ACS Server for AAA, I was thinking of utilizing Cisco’s power Tacacs+ protocol, to my surprise Cisco Iron Port ESA doesn’t support Tacacs+. The only option available is radius and it does not provide the granularity and control over the Cisco Iron Port ESA.
After Cisco acquiring Iron Port in 2007, I thought Cisco will further enhance this product and include Tacacs+ features but unfortunately they failed to do so. Being a very powerful email gateway Iron Port offers great features in terms of Anti Spam, Email filtering, email redirection and many reach features, which are customizable as well.
Also there is no proper documentation on how to integrate Cisco Iron Port ESA with Cisco ACS Server.
Starting May 22nd 2015, CCIE Service Provider version 4.0 is making the debut, like other CCIE written exams, the Cisco CCIE® Service Provider Written Exam (400-201) version 4.0 lasts for two hours and one can expect 90-110 questions. These questions are designed to validate how a Service Provider Professional is capable of designing; implementing, diagnosing and troubleshooting complex Service providers network infrastructures and services based on dual stack solutions (IPv4 and IPv6).
The Cisco CCIE® Service Provider Written Exam (400-201) covers following 6 domains
- Service Provider Architecture and Evolution
- Core Routing
- Service Provider Based Services
- Access and Aggregation
- High Availability and Fast Convergence
- Service Provider Security, Service Provider Operation and Management
Since a dedicated title from Cisco Press is not yet released, following Cisco Press titles can be used as the reference for the preparations of the CCIE® Service Provider Written Exam (400-201)
Cisco Live presentations are also great resources for the preparations; you can find more details about them on the INE CCIE Service Provider v4 Kickoff classes. If you have an access INE All Access Pass you can watch those videos or attend the class live on line.
I wish all those early exam takers all the best. Those who are new to CCIE journey, I encourage them to read the post I wrote about why do I want to be CCIE ?
Other day I was attending the Online CCIE Community event organized by Cisco Systems, the event was hosted by Jeanne Beliveau-Dunn, Vice President and General Manager of Learning@Cisco and there were two amazing speakers
- Dave Mallory, Chief Technology Officer, Learning@Cisco, CCIE
- Yusuf Bhaji, Senior Manager, Global Certifications, CCIE
According to Yusuf Bhaji, Cisco will integrate SDN into all of the CCIE Certifications tracks.
Since a new version of CCIE Service Provider is available from the third week of May, all the CCIE aspirers will experience the SDN in CCIE Service Provider exam in form of Cisco Evolved Programmable Network ( e.g. ASR1k/9K, ME3600, etc)
Cisco is also considering to add Cisco ACI ( eg Nexus 9k, AVS) in the next revision of CCIE Data Centre.
However tracks like CCIE R&S, CCIE Security, CCIE Wireless and CCDE will be aligned with Cisco APIC-EM, Open SDN Controllers, WRL Controllers and the SDN content is expected to be included in next revision. Still the dates or the time lines are not known.
I believe it’s a good time for Networking professional to focus on SDN, start mastering scripting languages like Python. For certain SDN and Network programing is going to emerge and those who are already skilled with these skill sets can be seen in more demand.
Palo Alto leads the Gartner Magic Quadrant for Enterprise Network Firewalls for fourth consecutive year.ASA, Cisco, Firewalls, Gartner, Magic Quadrant, Network firewalls
According to the recently released Gartner’s latest Magic Quadrant for Enterprise Network Firewalls report, Palo Alto Networks leads the Magic Quadrant for the fourth consecutive year. They share this honor only with checkpoint. I was expecting Cisco with their Fire power services would make some impact at the Enterprise market yet they failed.
Palo Alto being an innovator into Next Generation Firewall certainly gave them the edge to lead. So far my experience with Palo Alto compared to their competitors in the Next Generation Firewall is far much better, I have experienced some of their competitors Next Generation Firewall fails miserably especially when we turn on the advance features like content filtering, IPS and so on.
This is not the case with Palo Alto Networks next generation firewall. However Palo Alto have to invest on their training development program not only for their partners but also for Security Professionals who wants to excel on Palo Alto certifications. The report can be downloaded at http://connect.paloaltonetworks.com/gartner-mq-2015.
The recently released Next-Generation Intrusion Prevention System (NGIPS) Test Report by NSS labs recognizes the Palo Alto Networks Intrusion Prevention System (IPS) service for its strong security efficiency. NSS Labs performed an independent test of the Palo Alto Networks PA-5020 PAN-OS v6.1.1 with the Next Generation Intrusion Prevention System (NGIPS) Methodology v1.0.
Source: NSS Lab Report downloaded from Palo Alto Networks
We all know Palo Alto is making there mark when it comes to Next Generation firewalls and surpassing most of the leaders in the NG Firewall domain. The test report released clearly states that Palo Alto Networks PA-5020 was the only product that blocked 100% of the live exploits during NSS lab test. This kind of report certainly creates huge expectations from Palo Alto Networks and who knows they may dominate the Next Generation IPS domain.
Mr. Vikram Phatak, the CEO of NSS Labs says
Exploits being used by Threat Actors in active campaigns are the most likely source of compromise that enterprises face every day. The Palo Alto Networks PA-5020 was the only product that blocked 100% of these live exploits during our test, and 98.8% against all exploits, earning a recommendation by NSS Labs for security effectiveness.
The complete report can be downloaded from the Palo Alto networks website. Lets wait and see who is going to dominate the NG IPS Segment in coming years.
A BIP-IP Access Policy Manager, popularly known as BIG-IP APM is capable of securing applications, network and even cloud environment in a flexible way, and even it provides high performance access to your applications and network. The BIG-IP APM also provides quite informative insight of who is on your network or cloud, what applications they are access with what devices, from where, and what time they are trying to access and simultaneously maintaining unified, context-aware, policy-based control of their access irrespective of weather it’s a remote, local, web, wireless or a cloud access.
BIG-IP APM is available in three deployment options
- Add-on module for BIG-IP Local Traffic Manager ( LTM)
- Can be installed and run on BIG-IP LTM Virtual Edition.
- BIG-IP Edge Gateway.
BIG-IP APM comes our with many features like
- AAA Support
- IPV-6 Ready
- Single-Sign-On (SSO) Enhancements
- Real-time Health Data
- Supports SSL VPN