Friday, May 09, 2008

Cisco announces a Web Application Firewall

Cisco has jumped into the WAF game with their recently announced Cisco ACE Web Application Firewall. A full proxy device with HTTP(s) and XML policy enforcement, web-based/shell management interfaces, solid performance metrics, and support for both black and white list rules. Apparently Cisco sees a sizable market for WAFs and PCI 6.6 as a driver by reading their overview literature (video). So now most big players have a stake in webappsec. This should make things interesting. With Cisco’s brand reputation and reach, people might be willing to get over their initial trust issues with WAFs and do quite well. Should customers demand, perhaps another device we can integrate Sentinel with for virtual patching purposes. The interest has been quite impressive.

3 comments:

rwnin said...

my (limited ;) understanding is that cisco felt behind in the WAF space, and recently acquired a company for this box and rebranded it...

it should be interesting to see how it stacks up vs other established products...

ChrisP. said...

Cisco acquired a company called Reactivity last year in March. Along with the acquisition came a full XML message router and firewall (ACE XML Gateway) and a team of top notch engineers. That team built the WAF on top of the existing platform.

Mestizo said...

Wow. Appears to be a bit on the expensive side. $70K-$75K!?!?!

From the Q&A:

Q. What are the hardware features of the ACE Web Application Firewall?
A. Cisco ACE Web Application Firewall is available in both FIPS and Non-FIPS versions. The Non-FIPS version has a Cavium CN1120-NHB crypto card, versus the FIPS version which has an nCipher 4000 crypto card. The Non-FIPS version has higher SSL throughput (14K TPS vs. 4K TPS) and is priced lower ($70K vs. $75K).