Security Newsletter November 2013


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Newsletter November 2013

  1. 1. Security Newsletter Switzerland Edition November 2013 Dear Security Partner, The Swiss Borderless Networks Team would like to update you on the latest Security information that happened over the last months. Please let us know if you have any question related to the information provided below. Best regards, Jean-François Pujol & the Cisco Switzerland Borderless Networks Team What is this Newsletter about ? This is the 3rd Security interest newsletter. The Swiss Borderless Networks team consolidates announcements and technology updates into this condensed newsletter. It’s manually composed, so it contains only the information required for your benefits. Pass this newsletter to your colleagues and inform us by mail to so we can add them to the mailing list. If you would like to unsubscribe, just drop a mail. Most of the links given require a CCO login (some with partners rights). ACI Application Centric Infrastructure (ACI) Security Solutions The new Cisco ACI Security Solution family enables data center customers to uniquely integrate Cisco’s Adaptive Security Appliance data center security products into the Application Centric Infrastructure. This announcement delivers four significant changes to the Data Center security product line: • • • • A new virtual appliance called the Cisco Adaptive Security Virtual Appliance (ASAv) for traditional tiered data center networks and the Application-Centric Infrastructure. The ASAv was built from the ground up for full featured fabric integration, and is designed to protect the new generation of data centers where east-west traffic dominates. It has the complete ASA feature set, works with multiple hypervisors and vSwitches, and comes with a new flexible licensing model. Cisco has also opened up the ASA platform for seamless service insertion into network fabrics for both virtual and physical appliances. This is done through open APIs, native VXLAN, and tag support. Deep integration with ACI provides a comprehensive security solution for the ACI fabric. This includes physical ASA 5585-Xs operating in a cluster for vertical scaling up to 640Gbps, limitless virtual scaling using the new ASAv, and the integration of Sourcefire next-generation IPS technologies for advanced threat and malware protection. Centralized security policy life-cycle management of ASAs using ACI's Application Policy Infrastructure Controller for deployment, management, auditing, and IT governance. More information can be found at the following links : • ACI Security Solution • ASAv • Press Releases: Cisco Pioneers Real-Time Application Delivery in Global Data Centers and Clouds to Enable Greater Business Agility Technology Leaders Rally Behind Cisco's Application Centric Infrastructure ASA New ASA-CX version 9.2.1 is available What • • • • • are the key new features in ASA-CX 9.2.1 ? IPS on NGFW PRSM support for basic ASA management functionality NGFW support on SSP40 and SSP60 for multi-gigabit Internet gateways Rate-limiting based on NGFW policy For other enhancements, see the link below here : Cisco ASA CX and Cisco Prime Security Manager New Features By Release Will we require customers to purchase a separate license for IPS on NGFW? Yes. The new IPS license on NGFW will be made available as a standalone license as well as a bundled licensing with other popular options (Web Security Essentials, AVC, etc). Are there differences from the current ASA IPS? Yes. For example, the signatures available for IPS on NGFW are focused on threats that are prevalent for the Internet Edge. In other words, IPS on NGFW is not optimized for Datacenter server protection in Peregrine timeframe. Will there be a performance impact from turning on IPS on NGFW? Yes. We will provide updated data sheets with the corresponding information. In the near future, sizing metrics will be shared to ensure environments are properly sized. Release notes : Release Notes for ASA CX and Cisco Prime Security Manager 9.2
  2. 2. Documentation : Finding ASA CX and Cisco Prime Security Manager Documentation Anyconnect Secure Mobility Client Anyconnect is now supported on Windows 8.1 (available as of version 3.1.04072), on Android 4.4 (KitKat), and MacOS-X Mavericks. However, due to some issues with those software platforms, early adopters may encounter some limitations. Please check availability and software updates on or our dedicated Facebook web page. Cisco statement regarding some competitor’s misleading advertisements Dear Partner, To clarify some recent misleading communication sent out by others, we want to assure you that Cisco continues to aggressively invest in the ASA 5500-X Next-Generation Firewall (NGFW) so you get the market-leading security you need to stay ahead of today's sophisticated threats. Backed by the world's largest security and threat research organization, Next-Generation Firewalls from Cisco help you see risks, eliminate threats, and gain consistent controls from the small office to the data center. In fact, just last week Cisco released major new updates to the ASA 5500-X Next-Generation Firewall that: . Combine new NGFW, NGIPS, integrated Web security and application control to proactively protect you from known and emerging threats at the Internet edge . Increase NGFW scalability from the smallest branch to the highest internet edge deployments . Simplify NGFW administration to reduce operational costs and complexity with a single, unified management console Our commitment to security has never been stronger. With our recent acquisition of Sourcefire, and industry-leading ASA firewall, next-generation IPS and advanced malware protection your investment will only get stronger. Our new model for security through a visibility-driven, threat-centric, and platform-based approach means your ASA 5500X NGFW investment will evolve ahead of tomorrow's threats. Protect your investment. Initiate migration to the Cisco ASA 5500-X NGFW today. If you have any questions, do not hesitate to contact the Cisco Swiss Security team at And thanks for being a highly valued Cisco partner. To learn more about Cisco ASA 5500-X NGFW, please visit: Cisco ASA 5500-X Series Next-Generation Firewalls Cisco ASA Next-Generation Firewall Services Cisco Prime Security Manager Content Security New x80 Series Content Security Appliances The x80 series is built on Cisco’s market-leading Unified Computing System (UCS) server platform, a Gartner Magic Quadrant leader, rated highest by customers over Dell, IBM, and HP (TheInfoPro, 2012). The x80 series takes full advantage of the robust Cisco UCS platform to deliver significant enhancements over previous generations of appliances, including: • Up to 60% performance improvement over previous generations • 2x increase in days allocated for reporting on Cisco SMA • DC power option and remote power cycling Greater scalability and reliability Appliance Type Cisco Email Security Deployment Type Midsize Offices Large enterprises & SPs Midsize Offices Cisco Web Security Large enterprises & SPs Midsize Offices Cisco Content Security Management Large enterprises & SPs Product Data sheets: WSA, ESA, and SMA Model Product ID C380 C680 C680 (w/ locking faceplate) S380 S680 S680 (w/ locking faceplate) M380 M680 M680 (w/ locking faceplate) ESA-C380-K9 ESA-C680-K9 ESA-C680-LKFPK9 WSA-S380-K9 WSA-680-K9 WSA-S680-LKFPK9 SMA-M380-K9 SMA-M680-K9 SMA-M680LKFP-K9
  3. 3. vESA and vWSA demo licenses available on Cisco Web and Email Security Virtual Appliance 45-day evaluation licenses are now available for request at the licensing portal for BOTH Cisco field and partners. These evaluation licenses, along with ESAV and WSAV software, are available at no cost to customers, and can significantly speed up and simplify the evaluation and sales process. Conditions: Please note that only one license per product may be requested for each opportunity. A second trial license can be requested at the end of first 45-days, if an extension is needed. Please also note that there is no TAC support associated with these licenses. Here’s What You Do: • Step One: Fill out the ESAV/WSAV demo license request form here: • Step Two: Download the ESAV or WSAV software image: The Web Security Appliance is available here: The Email Security Appliance is available here: • Step Three: Load the software image onto an appropriate server and apply the license. There are several different models available, with different hardware resource allocation requirements. One software license can be applied to as many virtual appliances as needed. Partner specific tools and resources Check the following link: Web Security Partner Central Cisco Security Manager CSM Cisco Security Manager (CSM) version 4.4 Service Pack 2 is now available for download on CCO. Security Manager 4.4 Service Pack 2 provides fixes for various problems. For more information, see Resolved Caveats— Release 4.4 Service Pack 2. This service pack also provides IPS 7.0.9 version support for following platforms: • Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services Module • Cisco Intrusion Prevention System Network Module Enhanced (NME) • Cisco Intrusion Prevention System Advanced Integration Module (AIM) for Cisco1841, 2800, and 3800 Series Integrated Services Routers. See the release notes here:   IPS EoL announcement of Cisco IPS 7.0 Cisco IPS Sensor Software Version 7.0 will reach External end-of-life announcement on 01-AUG-2013. For more details, refer to EoL announcement (EOL9284) on : Cisco IPS 4500—New PIDs and Pricing Changes Cisco announced the availability of the new Cisco IPS 4520-XL Sensor, the highest performance IPS Sensor from Cisco’s IPS product family. The 4520-XL secures data center infrastructure and applications from advanced threats and sophisticated attacks. The IPS 4520-XL is an enhanced version of the 4520 Sensor, with 2 IPS blades offering up to 20 Gbps of max inspection performance. ISA 500 Announcement for EoS and EoL for the Cisco Small Business ISA500 Series Integrated Security Appliances Cisco announces the end-of-sale and end-of-life dates for the Cisco Small Business ISA500 Series Integrated Security Appliances. The last day to order the affected product(s) is Nov. 14th, 2013. Customers will continue to receive phone support from the Cisco Small Business Support Center (SBSC). For customers with active product warranties, support will be available as stated in the product warranty terms and conditions, even if this date exceeds the Last Date of Support. Product Migration options There is no direct replacement available for the Cisco ISA500 Integrated Security Appliances at this time. Customers may, however, consider migrating to the Cisco ASA 5512-X Series Next-Generation Firewalls, Cisco ASA 5505 Adaptive Security Appliance, or Cisco MX60 and MX60W Cloud Managed Security Appliances. Information about these products can be found at the links below. ASA5512-X ASA5505 MX60 and MX60W ISE Now Available: Identity Service Engine release 1.2 ISE 1.2 features : ISE is an all-in-one enterprise policy control solution, securing access to wired, wireless and VPN networks With ISE, endusers and IT are more productive, which, ultimately, lowers IT operating costs. Among the many enhancements with ISE 1.2, we draw your attention to these five: 1. Broad partner eco-system that starts with MDM The ISE MDM Integration feature enables the network to automatically determine device compliance and can allow the user an option to enable or decline MDM. The MDM partner ecosystem is currently : Airwatch, Inc., Good Technology, MobileIron, Inc., Zenprise, Inc., SAP Afaria, FiberLink Maas360, Cisco Mobile Collaboration Management Services (MCMS)
  4. 4. 2. Industry's first real-time profiling feed service Cisco’s new profiling feed service allows users to get on the network with the latest consumer devices-easy for users, easy for IT. Cisco live feed will ensure that you can recognize and onboard the latest consumer devices without requiring IT create a manual profile as soon as a new device is introduced commercially available. 3. Mobile and Desktop Browser Support for Guest and BYOD Support for both mobile and desktop on-boarding is now native to ISE. ISE dynamically identifies BYOD and Guest users devices and sends them easy to use on-boarding screens customized for their device. 4. Administrative Tasks Streamlined The new default Bootstrap wizards saves time and helps ensure the deployment is done right the first time. Just type in a username, device type, or mac address and ISE instantly delivers a list of all matching entities. ISE's new reporting service boasts a faster user interface, scheduled reports, and the 5000 record reporting limit has been lift so administrators can slice and dice data across any date range. 5. Double the Scale & Performance ISE 1.2 now supports a maximum of 250K endpoints per deployment with the ability to support more concurrent endpoints than the competition. Release notes : Release Notes for Cisco Identity Services Engine, Release 1.2 ISE 1.2 NFR Software. Cisco has announced its availability and of September, and it is now orderable on marketplace: The bundle provides partners with ISE and Services VMs they can leverage to configure a purpose built lab. The ISE image included with the NFR kit comes with a minimal configuration for simple insertion into a lab environment. There are 20 non-expiring base and advanced licenses and the image supports upgrades. The USB drive from Marketplace includes a configuration file that can be used to restore the base configuration and licenses. The Services image included with the NFR kit is a Linux VM that provides key ISE services such as NTP, DNS, DHCP, LDAP, and CA. The Linux VM is preconfigured, but can be customized to meet specific customer use cases or scenarios. Through this Cisco Partner Community post, Cisco made information available to stand up a pre-configured demo environment that highlights key ISE use cases. Cisco Identity Services Engine (ISE) Extended Special Pricing on Selected SKUs The special pricing on selected SKUs, which has been in effect since January 28, 2013, will be extended beyond the original end of July 27, 2013 indefinitely. Please note that prices may be changed at a future date subject to applicable requirements and notifications. New Cisco ISE Subscription Licenses New Cisco ISE Advanced, Wireless, & Wireless Upgrade subscription licenses are available on the GPL. This new subscription can be identified by the “S” included in the Product ID or SKU (e.g. L-ISE-ADV-S-100= , L-ISE-W-S100=, L-ISE-WU-S-100=) and are recommend for all ISE term license sales. The new subscription licenses are priced the same as the legacy ISE term licenses (no change in pricing), but do offer enhancements for renewal processing and support for co-term operations. The legacy ISE term licenses will be announced for EOS shortly. For more information on ISE Subscription Licenses please review the following documents - New Cisco ISE Subscription License Ordering & New Cisco ISE Subscription License Reference. Both documents are located on the Cisco ATP website: Meraki Now available : MX100 Security Appliance The new MX100 Security Appliance which builds on the popular MX90 platform increases capacity for high-performance branch networks. The MX100 addresses the growing capacity requirements of modern networks, and offers customers looking for a mid-sized branch solution a choice that fits between the Cisco Meraki MX80 and MX400 models. Along with this new model, we are introducing a host of new features for the entire MX line, including: • Integrated IPS with SourceFire SNORT • Facebook login for both wired and wireless clients • Configuration templates for multi-MX environments • MPLS to VPN failover See : MX100 Security Appliance NAC Cisco NAC Agent compliance module The NAC Agent compliance modules for Windows and MacOS-X have been update three times since July time frame. See the latest supported AV/AS versions here : Cisco Identity Services Engine Supported Windows AV/AS Products Version 3.6.7873.2 End-of-Sale and End-of-Life Announcement for the Cisco NAC Appliance 3315, 3355, and 3395 Migration Programs Cisco announces the end-of-sale and end-of life dates for the Cisco NAC Appliance 3315, 3355, and 3395 Migration Programs. The last day to order the affected product(s) is February 5, 2014.
  5. 5. Product Migration Options: Customers are encouraged to migrate to the Cisco Secure Network Server 3415 or 3495. Documentation, Security Programs and Promotions BYOD 2.5 CVD System Release Announcement We are pleased to announce the availability of BYOD System Release 2.5, which continues the foundation for the BYOD Smart Solution. BYOD CVD System Release 2.5 extends the BYOD solution for customers, including: • • • • • • • • Integration with 3rd Party Mobile Device Management (MDM) We are pleased to offer a set of ISE integration guides spanning the ecosystem of MDM vendors including Airwatch, Citrix XenMobile, Cisco MCMS, Fiberlink, Good, MobileIron, and SAP/Afaria. TrustSec Secure Group Access (SGA) TrustSec SGA provides a more scalable and easier to configure method, and is a Cisco differentiator. With WLC 7.4/7.5, this release enables SGA on WLAN. Converged Access Mobile Application Visibility & Control (AVC) Bonjour Application Gateway Application Virtualization Clients Jabber Integration Broadened Handset coverage Resources for CVD System Release 2.5 To support this system release, here are some very important links including the CVD Design Guide itself, technical training, smart solution resources, channel partner resources, and access to demos. Design Guides/CVD • BYOD Design Guide/CVD BYOD CVD Design Guide • 3rd Party MDM Integration Guides MDM Integration Guides • BYOD White Paper BYOD White Paper Technical Training • • • • 3rd Party MDM Integration Demo Videos MDM Integration Demos DesignZone Training - Overview BYOD Overview Webinar DesignZone Training – Deeper Dive BYOD Deeper Dive Webinar Cisco Live Techtorial BYOD Cisco Live Techtorial Demo, Partner, and Other Smart Solution Resources • • • • • BYOD BYOD BYOD BYOD BYOD Smart Solution site BYOD Smart Solution Services BYOD Services Demo Cloud BYOD dCloud Demo Channel Partner Site BYOD Partner Site Partner Community BYOD Partner Community SourceFire Cisco completes the acquisition of SourceFire Initially announced in July 2013, the acquisition has been completed on October 7th. Sourcefire delivers effective, highly automated security, through continuous awareness, detection and protection. Next-Generation Intrusion Prevention (NGIPS) – Advanced threat protection integrating real-time contextual awareness, full-stack visibility and intelligent security automation to deliver leading security effectiveness and performance. Advanced Malware Protection – A malware-defeating solution that provides visibility and control of modern threats – from point of entry, through propagation and post-infection remediation. Next Generation Firewall (NGFW) – Built on the world’s most powerful NGIPS, integrated application control and firewall functionality in a universal, high-performance security appliance. Cisco plans to drive both the ASA and FirePOWER platforms forward and leverage current hardware for future solutions. Cisco’s customers now have immediate access to Sourcefire’s industry-leading NGIPS, NGFW and Advanced Malware Protection (AMP) solutions from their preferred network provider. Cisco is committed to open source innovation and will continue to support Snort, ClamAV and other open source projects. More information regarding product development projects will come later on. Sourcefire acquisition FAQs Unsubscribe to this newsletter by replying to © 1992-2013 Cisco, Inc. All rights reserved. Terms and Conditions , Privacy Statement , Cookie Policy and Trademarks of Cisco.