Cisco FirePOWER 8000

next-generation intrusion prevention system (NGIPS)

The NGIPS threat protection solution is centrally managed through the Cisco FireSIGHT Management
Center and can be further expanded with optional subscription licenses to add:

Advanced malware protection

Application visibility and control

URL filtering

Benefits
The Cisco FirePOWER 8000 Series Appliances provide purpose-built breakthrough acceleration technology
with market-leading performance and greater space and energy efficiency. The series includes 11 different
models that provide:

High-throughput Up to an industry-leading 60 Gbps of inspected throughput

Modularity Choose NetMods per throughput, port density, and media needs

Expandability Pay for network interfaces as you grow

Scalability Add additional processing power through appliance stacking

All Cisco FirePOWER 8000 Series Appliances include:

LCD management interfaces

Serial over Ethernet console access for remote configurations

Solid state disk drives for increased reliability

Redundant, hot-swappable power supplies

Specifications

IPS throughput range: 2 Gbps through 60 Gbps (11 models)

Modular interfaces: From 3 to 7 NetMod slots

Maximum concurrent connections: From 3 million to 68 million

Management interfaces: 10/100/1000 RJ45

Typical latency: Less than 150 microseconds

Memory (RAM): From 24 GB to 512 GB

http://www.cisco.com/c/en/us/products/security/firepower-8000-seriesappliances/index.html#

SRX5400

next-generation security platform ideally suited for service provider

Features

Comprehensive protection includes multi-gigabit firewall, security intelligence via Spotlight Secure, policy
enforcement based on GeoIP data, UTM which includes IPS, application security (AppSecure), user role-based
firewall controls, antivirus, antispam, and Web filtering, NAT, DoS, and QoS.
Scalable performance enables additional services without degradation.
System and Network Resiliency ensures carrier-class reliability from redundant hardware and components,
and Junos OS software.

Interface flexibility meets the needs of any network.

Network segmentation allows administrators to tailor security and policies.

Robust Routing Engine separates data and control planes to allow deployment of consolidated routing and
security devices.

http://www.juniper.net/us/en/products-services/security/srx-series/srx5400/

JSA7500

JSA Series Secure Analytics combines, analyzes, and manages an

unparalleled set of surveillance datanetwork behavior, security events,
vulnerability profiles, and threat informationto empower companies to
efficiently manage business operations on their networks from a single
console.
The integrated approach of JSA Series Secure Analytics, used in
conjunction with unparalleled data collection, analysis, correlation, and
auditing capabilities, enables organizations to quickly and easily
implement a corporate-wide security management program that delivers
security best practices.

Features

Collects all event and flow data in one place, and supports a large set of vendors for reduced OpEx

Provides graph and dashboard reporting on event data

Enables taking proactive action(s) against security threats with flow detection

Uses analytics engine to detect violations and anomalies

Provides built-in support for Geo IP and reputation feeds

Supports up to 30,000 events per second (EPS) per event processor

Supports up to 250 event processors per console

IC6500 FIPS

Overview
The IC6500 FIPS Unified Access Control Appliance is for the most
demanding and complex government agencies and secure enterprise
environments. It has the same performance and functionality of the
IC6500, and adds a dedicated Federal Information Processing Standards
(FIPS) 140-2 Level 3 certified hardware security module to handle all
cryptographic operations, as well as tamper evident labels which can
deter physical security breaches on the network and provide a visual
indication of device integrity.
UAC (in agent or agentless mode) gathers user authentication, endpoint
security state, and network device location, data which is used to
implement dynamic access and network security policies distributed to
network enforcement points.
User sessions can be shared with SA Series SSL/VPN Appliances for
seamless provisioning of SSL/VPN user sessions into UAC, or UAC user
sessions into SSL/VPN.

Features

Vendor-Agnostic access control works with any 802.1X-enabled switch and access point.

Open, Standards-Based enables integration with third-party network, endpoint, and security devices.

Simple Guest Access enhances the ability to provide differentiated guest user access to network, cloud,
and resources, including one-time guest accounts.

Session Federation enables seamless provisioning of remote access into LAN or LAN access into remote.

Identity-Enabled Firewalls enable SRX Series Services Gateways to serve as policy enforcement points.

Role-Based Application Policy enables granular enforcement for all applications and data.

Coordinated Threat Control isolates threats at the user and device level, then employs specific actions.

User- and Role-Based AppSecure policies allow role-based application-aware firewall policies to work with
SRX Series devices.

Dynamic Addresses for Unmanageable Devicesallow role and resource-based access to printers and
transaction devices.

http://www.juniper.net/us/en/products-services/security/ic-series/ic6500-fips/