8/27/2006 – FOR IMMEDIATE RELEASE:

Austin, TX –  August 27, 2006 – Cisco ASA 5520 Reviews

Editor’s note: Website Source recently purchased and installed two Cisco ASA 5520 network security appliances to protect the web sites of the thousands of clients we serve. Here’s what independent testing house, Miercom, had to say about the ASA 5520.

Well known and respected computer testing facility, Miercom, recently released test results on four popular UTM security appliances. Miercom tested the Cisco® Systems’s ASA 5520 system, Check Point® VPN-1® Pro, Fortinet® Fortigate™ 1000 and Juniper Networks® NetScreen-208™. If you’re a site owner and this means nothing to you, read further. The security of your site is the matter at hand.

Unified Threat Management (UTM)

Unified threat management is part of the continuing improvement in security devices employed across both large and small networks. This next generation of network security plugs the holes used by hackers before hackers can exploit the opening. It is, in essence, proactive security designed to preempt network attacks.

Unified threat management is critical to all data-sensitive networks such as those used by large corporations, government agencies, investment houses and web site hosts that manage and protect thousands of client accounts from malware injections and various forms of security attacks such as cross-site scripting or XSS.

UTM has been in development for several years, but there are currently only a few security appliances employing the technology. In the computer world, an appliance is nothing more than a piece of hardware with attendant software designed for a specific purpose – in this case, preventing network intrusions.

A UTM appliance, therefore, is a piece of hardware with dedicated software that delivers both a unified firewall and IPS, or intrusion prevention system. The intrusions to which IPS refers include things like viruses, worms, backdoors, Trojans and other common forms of network attacks.

Security versus Speed

If you’re a site owner you want (need) both. Your web host must provide the highest levels of network security to protect your investment of time and money in the creation of your online business. But you also need speed – the speed at which connections are made once visitors have entered your site’s URL – its address – and the speed at which interactions between your site and visitors and/or customers takes place. In the past, security and speed were not compatible. In fact, security features tend to slow down connections per second and can make your entire site pokey, which will quickly translate into lost revenues – something that needs to be fixed.

The problem is quite simple. It takes time (nanoseconds, actually) to scan data for dangers before throughput can take place, that is, the data is deemed safe and delivered to the buyer or the site owner. In the past, the throughput rate of security devices has declined in direct proportion to the increased levels of security. You may have noticed this on your own system when emails from unknown senders take a second or two to make it to the inbox.

The reason? They’re being scanned and that takes a moment. Not a problem for a single computer, but a big problem for web sites that see a lot of traffic. Multiply the few seconds it takes to scan incoming information by a few thousand pieces of information a minute and you start to see the scope of the speed vs. security problem.

According to Miercom’s test results, Cisco Systems ASA 5520 outperforms the competition in both security and speed.

Testing Parameters

Miercom employed an identical, test-bed environment for review of the four UTM systems in common use today. The company’s published test results state that, “The Cisco ASA 5520 (Adaptive Security Appliance) was configured with the Cisco AIP SSM-20…” (an advanced inspection and prevention security services module) and was running Cisco System’s ASA 7.0.2 software. The other three UTM systems were similarly configured with their individual, proprietary software. Thus, the company assures consumers that bench tests compared apples to apples as much as feasible given the inherent differences of various security appliances.

Miercom’s techs conducted four sets of tests. The first two were firewall performance tests and “measured connections per second and firewall throughput” with all threat deterrents enabled. Test number three was a VPN (virtual private network) site-to-site termination test and the fourth test was an IPS (intrusion prevention system) test, again, with all threat detection functions set to their highest levels.

A total of 126 test cases, or threats, were presented to the four UTM appliances in sequence. Miercom tested for attacks from both outside and inside a given network, establishing testing parameters that are critical to the ultimate safety of your site.

Test Results

One thing that makes this particular test newsworthy is the degree by which Cisco’s ASA 5520 outperformed the UTM appliances from Juniper, Check Point and Fortinet. Under identical test conditions, Cisco’s ASA 5520 outperformed the other appliances by significant margins.

For example, of the 126 threats presented to the UTM appliances, Cisco’s ASA 5520 was the only appliance to catch all 126 – 100%. The competitors achieved rates ranging from 18% to 80% depending on the nature of the test threat. Thus, even when working at optimum levels under ideal conditions, the Juniper, Check Point and Fortinet products underperformed Cisco’s ASA 5520 by as much as 82%.

Here are some other key results:

• Cisco’s appliance delivered six times the throughput while still providing 100% threat mitigation.
• The ASA 5520 delivered the highest connection rate by more than 400% over the nearest competitor – phenomenal results essential for online businesses.
• The ASA 5520 outperformed the competition by 300% on encrypted VPN throughput.
• Overall, the ASA 5520 delivered 600% more protection and 350% more throughput than any of the other competitors.
• Firewall performance (mbps) of the ASA 5520 outperformed the competition by as much as 1000%! That’s 10x more effective firewall protection.

The Bottom Line

Is your site’s safety important to you? It should be. It’s an investment. It’s also a repository for a great deal of personal information on your customers – including credit card numbers. If your site is hacked, there’s a lot at stake. And this has absolutely nothing to do with how secure your in-office systems are. This is a server-side problem, one that only a web host can address.

Unfortunately, many web hosts can’t justify the capital outlay for Cisco’s ASA 5520. The systems are pricey. A quick search of the web located the best price for the ASA 5520 appliance at just over $11,000. Smaller web hosts simply aren’t able to support such a large expense. The hosting revenues just aren’t there. And even larger hosting companies have stuck with their existing security systems, choosing instead to add layers of security software rather than to make the purchase of an appliance, i.e. hardware and software.

Security is about your business and your customers, whether there are 25 million of them or just 25 of them. If your site isn’t secure, your business is in jeopardy and so is the personal information of those who trusted you to keep it safe.

The bottom line

If your web host doesn’t offer the most up-to-date security software and hardware, consider moving to a web host that has made the commitment to client security with the purchase of a Cisco Systems ASA 5520 UTM appliance. Before you sign a long-term contract with any web host, ask what the host uses to protect its network – the one you’ll be a part of. If the host doesn’t maintain the highest levels of security with Cisco’s ASA 5520, look for a host that does employ this cutting edge network security.

It’s worth the time to shop around.