Cisco is updating its security portfolio Tuesday as part of an overall expansion of its Borderless Networking strategy, an upgrade that includes new switching, routing and network management gear. The new security technologies include a high-end ASA security appliance and an updated AnyConnect VPN client.

The central goal for Cisco (NASDAQ: CSCO) with the new security technologies is to continue to build out the scale and the span of its portfolio as both threats and new deployment methods accelerate. Along with the new technology is a focus from the company on trying to make security technology more usable by enterprise IT administrators.

"The language that we have used to describe security and policy enforcement was very coupled to physical infrastructure and it had a lot to do with IP addresses, ports and protocols," Tom Gillis, vice president and general manager of Cisco's security technology business unit, said during a press conference announcing the new security gear. "It needs to move up to more simple and intuitive concepts like, who are you? What applications are you using and what content are you trying to access?"


The new language of security policy is being baked into multiple Cisco technologies both old and new. On the new products side, Cisco is now launching its ASA 5585-X Adaptive Security Appliance, a two-rack-unit form factor device. The ASA 5585-X is an evolution of Cisco's high-end ASA 5580 firewall that debuted in 2008.

"The ASA 5580-X is an extension of our existing ASA product line at the high-end," said Shalabh Mohan, director of product management at Cisco's security technology business unit. "What's new here is multi-scale security."

Mohan noted that the traditional throughput metric alone isn't enough for modern security needs, and that modern security appliances need to sustain connections at a higher bit-rate, which is what Cisco is aiming to deliver with the ASA 5580-X.

According to Cisco officials, the ASA 5585-X can deliver up to 35 Gbps of large packet throughput for firewall performance and up to 350,000 connections per second. The ASA 5585-X also includes IPS and VPN functionality. On the VPN side, the ASA 5585-X will scale up to 10,000 remote connections.

Cisco's VPN technology is also getting a boost with improved AnyConnect 3.0 technology. AnyConnect has supported both IPsec and SSL-VPN connections for several years, and is now being expanded with new policy and cloud features.

Mohan noted that AnyConnect now supports Cisco's TrustSec security policy framework. With support for TrustSec, Mohan said that AnyConnect now provides context-level enforcement, identifying who the users are, what their access permissions are and what applications they are using.

AnyConnect is also expanding to the cloud with the integration of Cisco's ScanSafe cloud security services. Cisco acquired ScanSafe for $183 million in October 2009.

To further ensure the integrity and security of the VPN connections, AnyConnect is now being bolstered with MACsec 802.1AE Ethernet security standard.

"So from the end-point all the way to the data center, you now have a secure application link that provides end-to-end hop encryption," Mohan said.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Follow eSecurityPlanet on Twitter @eSecurityP.