1. Cisco ONE Software Simplifying Security
Cisco promoted its ONE software a year ago. The Cisco ONE Software was
designed to simplify the way you purchase software licenses within these
technology platforms.
Cisco ONE Software is a new portfolio of software products that span the
technology categories of data center and cloud, WAN, access, and security.
Instead of selling point software products and features, Cisco released the
software solutions that address the most relevant IT and business outcomes.
Cisco ONE Software simplifies the buying process for customers who need to
deliver a specific business outcome. It also provides access to updates,
upgrades, new capabilities and software license portability, similar to the
benefits offered by modern application software.
Cisco ONE Software also simplified Security. That is Cisco ONE Advanced
Security.
Cisco ONE Advanced Security is a software subscription for domain-specific
advanced security for data center, WAN, and access. It is the advanced
security layer in Cisco ONE Software framework and has benefits such as
simplicity, better together pricing, portability of unused subscription term, and
access to ongoing innovation.
With Cisco ONE Advanced Security, it is easier than ever to fortify your
organization’s data center, WAN and access. Minimize the time you spend
figuring out what security solutions to purchase, deploy and integrate. Cisco
ONE advanced security suites provide predefined set of key security products
and services for your data center, WAN and access in a single offer each.
Cisco ONE Advanced Security suites Data Center, Access, WAN and Edge:
All 3 suites are offered as 1,3, or 5 year software subscriptions
Cisco ONE Advanced Security for Data Center: The subscription is
supported on the Cisco ASA 5585-X Adaptive Security Appliance, the
Cisco Firepower 9300 Security Appliance, and the Cisco Firepower 4100
Series.
Cisco ONE Advanced Security for WAN and Edge: The
subscription is supported on the Cisco ASA 5506, 5508, 5516, 5525,
5545, and 5555 appliances.
Cisco ONE Advanced Security for Access: Cisco ISE is supported
on physical and virtual ISE appliance
3. For Data Center and Cloud, WAN and Edge and Access, what benefits
can we get from the Cisco ONE Threat Defense?
Benefits of Cisco ONE Threat Defense for Data Center and Cloud
4. Threat Defense for Data Center and Cloud supports the following ASA
firewalls and Cisco Firepower platforms:
● ASA platforms
◦ All ASA 5585-X platforms
● Cisco Firepower platforms
◦ All Cisco Firepower 4100 Series platforms with Cisco Firepower Threat
Defense
◦ All Cisco Firepower 9300 Security Appliance platforms with Cisco Firepower
Threat Defense
Cisco ASA Licensing for Cisco ONE Threat Defense for Data Center and Cloud
Cisco
ASA
5585-10
Cisco
ASA
5585-20
Cisco
ASA
5585-40
Cisco
ASA
5585-60
Cisco ASA with
Firepower Services (IPS,
URL, and AMP): Threat,
applications, and
Yes Yes Yes Yes
5. malware (TAMC)
Security contexts
Yes
(20
contexts)
Yes
(50
contexts)
Yes
(100
contexts)
Yes
(250
contexts)
Cisco Firepower 4100 Series Licensing for Cisco ONE Threat Defense
for Data Center and Cloud
Cisco
Firepower
4110
Cisco
Firepower
4120
Cisco
Firepower
4140
Cisco
Firepower
4150
Cisco Firepower
Threat Defense
services (IPS,
URL, and AMP):
Smart license Yes Yes Yes Yes
Cisco Firepower 9300 Licensing for Cisco ONE Threat Defense for
Data Center and Cloud
Cisco
Firepower
9300 Security
Module 24
Cisco
Firepower
9300 Security
Module 36
Cisco
Firepower
9300 Security
Module 44
Cisco Firepower
Threat Defense
services (IPS, URL,
and AMP): Smart
license Yes Yes Yes
Reference from
http://www.cisco.com/c/en/us/products/collateral/software/one-advanced-
security/datasheet-c78-737167.html
Benefits of Cisco ONE Threat Defense for WAN and Edge
6. Cisco ONE Threat Defense for WAN and Edge is a complete software
solution that helps ensure the highest level of security for your WAN
environment. It helps enhance and strengthen security offered by the best-
in-class Cisco ASA 5500 Series Adaptive Security Appliances by using the
power of Cisco Firepower Services. In addition, you’ll have a client-side VPN
to provide remote access for roaming users. Threat Defense for WAN and
Edge is available as Threat Defense for WAN and Edge on ASA
Threat Defense for WAN and Edge has the following software components:
● Threat Defense for WAN and Edge provides licenses for ASA with
Firepower Services.
● Cisco ASA with Firepower Services combines the world’s most deployed
firewall with the industry’s most effective NGIPS and AMP solutions.
7. ● Cisco AnyConnect Secure Mobility Plus Client increases visibility and
control across the extended network, preventing compromised endpoints
from gaining access to critical resources.
Cisco ASA Firewall Platforms Supported
Threat Defense for WAN and Edge supports the following ASA firewall
platforms:
● ASA 5506-X, 5506-H, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X,
and 5555-X
Cisco ASA Licensing for Cisco ONE Threat Defense for WAN and Edge.
Cisco
ASA
5506-
X
Cisco
ASA
5506-
H
Cisco
ASA
5508-
X
Cisco
ASA
5516-
X
Cisco
ASA
5525-
X
Cisco
ASA
5545-
X
Cisco
ASA
5555-
X
Cisco ASA with
Firepower
Services (IPS,
URL, and AMP):
Threat,
applications, and
malware (TAMC) Yes Yes Yes Yes Yes Yes Yes
Cisco
AnyConnect Plus
Yes
(50
users)
Yes
(100
users)
Yes
(250
users)
Yes
(500
users)
Yes
(1000
users)
Yes
(2500
users)
Yes
(5000
users)
The primary features and capabilities of Threat Defense for WAN and Edge
for ASA with Firepower Services
Main Features
Feature Benefits
Market-leading
NGIPS
Superior threat prevention and mitigation for both
known and unknown threats
AMP Detection, blocking, tracking, analysis, and remediation
to protect the enterprise against targeted and persistent
8. malware attacks
Full contextual
awareness
Policy enforcement based on complete visibility of users,
mobile devices, client-side applications, communication
between virtual machines, vulnerabilities, threats, and
URLs
Application
control and URL
filtering
Application-layer control (over applications, geographical
locations, users, and websites) and the capability to
enforce use and tailor detection policies based on
custom applications and URLs
For a full list of features and capacities for ASA 5500-X with Firepower
Services platforms, view the data sheet here.
Reference from
http://www.cisco.com/c/en/us/products/collateral/software/one-advanced-
security/datasheet-c78-737170.html
Benefits of Cisco ONE Policy and Threat Defense for Access
9. Licensing for Cisco ONE Policy and Threat Defense for Access
Cisco Catalyst
2000 and 3000
Series
Switches
Cisco Catalyst
4000 and 6000
Series
Switches
Wireless (All
Controllers and
Access Points Are
Supported)
ISE Plus Yes
(50 endpoints)
Yes
(150 endpoints)
Yes
(25 endpoints)
ISE Apex Yes Yes Yes
10. (50 endpoints) (150 endpoints) (25 endpoints)
Cisco
AnyConnect
Apex
Yes
(50 users)
Yes
(150 users)
Yes
(25 users)
Reference from
http://www.cisco.com/c/en/us/products/collateral/software/one-advanced-
security/datasheet-c78-737168.html
More Related:
Cisco ONE Software Overview
Cisco ONE Software Licensing Program
Cisco ONE for WAN-Benefits