Implementation of the Next Generation Firewall on the network perimeter

Project objective:

Construction of modern network perimeter protection. Protect the network from known attacks and from constant or targeted attacks, installation of firewalls in the WAN segment.

Solution:

Firewalls were outdated and could not protect against modern attacks. Their bandwidth was low, which limited the speed of Internet access of all employees and services. There were no firewalls on the WAN segment and the traffic was not checked, there was no way to filter it.

The Cisco Firepower NGFW solution was chosen to solve the problem. Cisco Firepower NGFW is the industry’s first fully integrated next-generation firewall focusing on threat protection with unified management. Provides advanced threat protection before, during and after attacks.

The solution combines several stages of filtering: a regular firewall, a next-generation firewall with protection against known attacks, a system of protection against constant or targeted attacks. In addition, the solution integrates well with the existing Cisco ISE policy access system and the TrustSec traffic segmentation solution.

The following functions are provided:

  • application monitoring and control (AVC);
  • additional next-generation intrusion prevention system Firepower next-gen IPS (NGIPS);
  • Cisco Advanced Malware Protection (AMP) and URL filtering.

Project results:

  • Neutralisation of even more attacks.
  • Better monitoring of the entire environment using an intrusion prevention system.
  • Earlier detection of attacks, rapid response.
  • Unified management and automatic correlation of threats with all integrated security features, including application monitoring and control, NGIPS and AMP.
  • Increase in security and making best use of all existing security investments with the opportunity for further integration of solutions and network technologies from both Cisco and other vendors.