111427201-CR-vs-Cisco-ASA
-
Upload
vivek-r-koushik -
Category
Documents
-
view
220 -
download
0
Transcript of 111427201-CR-vs-Cisco-ASA
-
8/12/2019 111427201-CR-vs-Cisco-ASA
1/7
Cyberoam vs. Cisco ASA 5500 Series i
Features Comparison
(Based on Datasheets)
CyberoamCR 15i, 15wi, 25i, 25wi 25ia,35ia, 35wi, 50ia, 100ia, 200i,
300i, 500ia, 750ia, 1000ia,1500ia, 2500ia
Cisco ASA 5500 Series5505 Base/ Security Plus,5510 Base/ Security Plus,
5520, 5540, 5550, 5580-20,5580-40, 5585-X with SSP-10,20,40 ,60
Security - Firewall, Intrusion Prevention System, Application Filtering
Cyberoam shield Firewall Decision Parameters- Identity, Group, MAC and IP
Address, Services based Number of IPS signatures 3000+ Application Categories- 11+ e.g. Gaming, IM, P2P, Proxy
Benefits Access to vital resources based on users identity Protection against internal and external intrusion attempts Protection against Denial of Service attacks Provide business friendly environment to critical applications
Stateful Inspection Firewall Yes Yes
Appliance Deployment Modes:Gateway (Route), Transparent(Bridge)
Yes Yes
Application Visibility and ControlYes, IP Address and User based
controlYes
Intrusion Prevention System(Checkmark Certified) Yes
Not Certified, needs AIP SSC and AIP
SSM (Advanced Inspection andPrevention Security Services Module
and Card)
Identity-Based IntrusionPrevention System
Yes, with Multiple IPS Policy Support Yes
DoS and DDoS Prevention Yes Yes
Instant Messaging Control
IP Address and User based individualand Group control over Webcam, File
Transfer, Voice and Text ChatCommunication
YesSecurity - Web Content Filtering
Cyberoam Shield:82+ URL categories covering millions of websites
Benefits URL, keyword, File type block Blocks Malware, Phishing, Pharming URLs, Java Applets, Cookies
and Active X Data leakage control via HTTP, HTTPS upload Provides Schedule-based access control Custom block messages per category
Identity- Based Web ContentFiltering ( Checkmark Certified) Individual user and Group based
Not Certified. Need to purchase PlusLicense of CSC-SSM (Content Security
and Control). CSC SSM offers URLfiltering through Trend Micro
CSC-SSM hardware supports ASA5510, 5520 and 5540 only
-
8/12/2019 111427201-CR-vs-Cisco-ASA
2/7
Cisco ASA 5500 SeriesCyberoam
5505 Base/ Security Plus,CR 15i, 15wi, 25i, 25wi 25ia,Features Comparison
(Based on Datasheets)5510 Base/ Security Plus,
35ia, 35wi, 50ia, 100ia, 200i,5520, 5540, 5550, 5580-20,
300i, 500ia, 750ia, 1000ia,5580-40, 5585-X with SSP-10,
1500ia, 2500ia20,40 ,60
Web and Content FilteringDatabase Strength
Excellent (82+ Categories)80+ categories, Need to purchase
Plus License of CSC-SSM.
Domain Name based HTTPSFiltering
Yes No
Phishing Protection Yes (Blocks emails and Web traffic)Need to purchase Plus License of
CSC-SSM
Pharming Protection Yes Yes
Spyware Sites Protection YesNeed to purchase Plus License of
CSC-SSM
Anonymous Proxy Protection Yes No
Data Leakage Prevention Yes No
Embedded URL Filtering Yes No
Search Engine Safe SearchEnforcement
Yes No
Security - Web Application Firewall
Cyberoam Shield: Positive Protection model Unique "Intuitive Website Flow Detector" technology
Benefits Protection against SQL Injections, Cross-site Scripting (XSS),
Session Hijacking, URL Tampering, Cookie Poisoning
On-Appliance Web ApplicationFirewall
Yes Does not have WAFWAF Management
WAF can be configured and managedfrom UTM interface
Does not have WAF
Positive Protection Model withoutSignatures
Yes Does not have WAF
Intuitive Website Flow Detector Yes Does not have WAF
Security - Anti Spam
Cyberoam Shield: IP Reputation Filters RPD (Recurrent Pattern Detection) Technology Spam Detection Rate 98% False Positive Rate 1 in 1 million
Benefits Blocks 80% spam before downloading to the mail server Zero hour response to email threats
Gateway Anti Spam (Checkmark
Premium Level Certified)Yes
Not certified. Need to purchase Plus
License of CSC-SSM
-
8/12/2019 111427201-CR-vs-Cisco-ASA
3/7
Cisco ASA 5500 SeriesCyberoam
5505 Base/ Security Plus,CR 15i, 15wi, 25i, 25wi 25ia,Features Comparison
(Based on Datasheets)5510 Base/ Security Plus,
35ia, 35wi, 50ia, 100ia, 200i,5520, 5540, 5550, 5580-20,
300i, 500ia, 750ia, 1000ia,5580-40, 5585-X with SSP-10,
1500ia, 2500ia20,40 ,60
IP Reputation Filters Yes Yes
Domain White-listingYes, to customize Cyberoam email
security shield as and when requiredNo
Identity-Based Anti Spam Yes Yes
Language and Content
Independent Anti Spam EngineYes No
Mail Virus Outbreak Detection Yes No
Gateway Anti Spam ProtocolsProtected
SMTP, POP3, IMAP Does not support IMAP
HTTPS Traffic Scanned formalware
Yes No
Self Service User BasedQuarantine for Spam Mails
Yes No
Security - Anti Virus
Cyberoam Shield : Number of Anti Virus Signatures 4 Millions Virus Catch Rate 99.5% Signature Update frequency 30 minutes Malware scanning upto 7 compression levels Scans more than 40 types of compressed files
Benefits Scanning of Web, Email, VPN and IM traffic Protection against Virus, Worm and Trojan Protection against Spyware, Malware and Phishing Customizable individual user scanning Scan and deliver by file size Block content by file types
Gateway Anti Virus (CheckmarkCertified)
YesNot certified, uses TrendMicro
InterScan
Identity Based Anti Virus Yes Yes
Self Service User BasedQuarantine for Virus Mails
Yes No
Gateway Anti Spyware
(Checkmark Certified) Yes
Not certified, uses TrendMicro
InterScan
Gateway Anti Virus ProtocolsProtected
HTTP, HTTPS, SMTP, POP3, IMAP, FTP Does not support IMAP
-
8/12/2019 111427201-CR-vs-Cisco-ASA
4/7
Cisco ASA 5500 SeriesCyberoam
5505 Base/ Security Plus,CR 15i, 15wi, 25i, 25wi 25ia,Features Comparison
(Based on Datasheets)5510 Base/ Security Plus,
35ia, 35wi, 50ia, 100ia, 200i,5520, 5540, 5550, 5580-20,
300i, 500ia, 750ia, 1000ia,5580-40, 5585-X with SSP-10,
1500ia, 2500ia20,40 ,60
Appliance Management
Cyberoam Shield : Plug n play UTM Interactive customizable GUI Multi-lingual GUI Role based access control Centralized management and upgrade support
Benefits: Reduced Opex and Capex Ease of use
Available Formats Appliance Appliance
Ease of Use Click here for demo Online Demo not available
Web 2.0 GUI Click here for demo Online Demo not available
Management Interface Web and CLI (TELNET, SSH) Web and CLI
Automated Windows Single SignOn
Yes Yes
Authentication, Authorization,Accounting
Local, Windows PDC, AD, LDAP, RSASecurID and Radius
Local, Windows PDC, AD, LDAP, RSASecurID and Radius
Central Management and UpgradeSupport
Cyberoam Central Console Yes
Secure Remote Access- Virtual Private Network
Cyberoam Shield: VPN IPSec, L2TP, PPTP and SSL* VPN Connection Redundancy
Benefits: Secure and clean VPN Connectivity any time, anywhere
Identity Based VPN Yes Yes
Checkmark Certified VPN Yes No
XAUTH Support For VPNLocal, Windows PDC, AD, LDAP, RSA
SecurID and RadiusYes
VPNC Basic and AES Certified VPNGateway Yes Information not published
VPN Connection Fail-Over Yes Yes
http://livedemo.cyberoam.com/corporate/webpages/login.jsphttp://livedemo.cyberoam.com/corporate/webpages/login.jsphttp://livedemo.cyberoam.com/corporate/webpages/login.jsphttp://livedemo.cyberoam.com/corporate/webpages/login.jsphttp://livedemo.cyberoam.com/corporate/webpages/login.jsphttp://livedemo.cyberoam.com/corporate/webpages/login.jsp -
8/12/2019 111427201-CR-vs-Cisco-ASA
5/7
Cisco ASA 5500 SeriesCyberoam
5505 Base/ Security Plus,CR 15i, 15wi, 25i, 25wi 25ia,Features Comparison
(Based on Datasheets)5510 Base/ Security Plus,
35ia, 35wi, 50ia, 100ia, 200i,5520, 5540, 5550, 5580-20,
300i, 500ia, 750ia, 1000ia,5580-40, 5585-X with SSP-10,
1500ia, 2500ia20,40 ,60
Resource Monitoring and Management Bandwidth Management
Cyberoam Shield: Application, Web Category and User Identity based Bandwidth
Management Guaranteed & Burst-able bandwidth policy Application & User Identity based Traffic Discovery
Benefits: Increased productivity Monitoring and controlling of bandwidth usage
Granular Bandwidth ManagementIP Address, User, Web Category,Application, Application Category
based
Supports QoS
Bandwidth (Data Transfer) Quota Yes No
Connectivity Load Balancing, High Availability and Networking
Cyberoam Shield: Failover - Automated Failover/Failback, Multi-WAN failover 3GModem failover WRR based Load balancing IPv6 Ready Gold Logo
Benefits: Uninterrupted business connectivity Load balancing for n number of links, based on ports availability Ready to handle next generation network traffic
Server Load Balancing Yes No
Multiple ISP Load BalancingYes, number of links depends on
number of ports available onappliance
Supports Network Load balancing
Rule based ISP Gateway Fail-Over Multiple rules and protocol supported Yes
High AvailabilityActive-Passive / Active-Activewith stateful failover support
Not supported in 5505Active-Standby / Active-Active
Does not support stateful failover
Dynamic Routing RIPv1, RIPv2, OSPF, BGP Yes
802.1q VLAN Tagging Yes Yes
VLAN over WAN Yes No3G and Wimax (WWAN) Support Yes No
Security over WiFi (WLAN) Yes No
Visibility Logging and Reporting
Cyberoam Shield:
1000+ Reports, 45+ Compliance Reports Multiple format support Graphical and Tabular Exportable Formats - PDF and MS Excel Multiple Dashboards Report Scheduling
Benefits Complete visibility of network, resources and users
On-Appliance Reporting**Yes, Web Based Report Engine, No
extra costNo
-
8/12/2019 111427201-CR-vs-Cisco-ASA
6/7
Features Comparison
(Based on Datasheets)
CyberoamCR 15i, 15wi, 25i, 25wi 25ia,35ia, 35wi, 50ia, 100ia, 200i,300i, 500ia, 750ia, 1000ia,
1500ia, 2500ia
Cisco ASA 5500 Series5505 Base/ Security Plus,5510 Base/ Security Plus,
5520, 5540, 5550, 5580-20,5580-40, 5585-X with SSP-10,
20,40 ,60
Compliance Reports HIPAA, GLBA, SOX, PCI, FISMA NoSyslog Support Yes up to 5 syslogs Yes
External Reporting
Indigenously Designed Logging andReporting Solution - Cyberoam iViewwhich provides In-depth logging andreporting for multiple devicesapartfrom Cyberoam
Open Source CyberoamiView
Cyberoam iView Appliance
Cyberoam-iView provides reports forCisco ASA
Comprehensive user wise blendedreporting
Yes Not Comprehensive
Instant Messenger Logging andReporting
IP Address and User based individualand Group Logging and Reporting ofWebcam usage, File Transfer, Voiceusage and Text Chat Communication
No
Multi WAN bandwidth reporting Yes No
HTTP Upload Report Yes No
Extensive Logging and Log Viewer Yes No
Data transfer reporting Yes No
Application Traffic Discovery IP Address and User based No
Transparent Mail activity reporting
Sends one copy of the email on apreconfigured email address forarchiving and forensic analysis
purpose
No
Version 1.2-10.01.2158-4/04/2012
http://www.cyberoam-iview.org/http://www.cyberoam-iview.org/http://www.cyberoam-iview.org/http://www.cyberoam-iview.com/http://www.cyberoam-iview.com/http://www.cyberoam-iview.com/http://www.cyberoam-iview.org/http://www.cyberoam-iview.org/ -
8/12/2019 111427201-CR-vs-Cisco-ASA
7/7
Cyberoam Certifications and Awards
iSource of information
http://www.cyberoam.com
http://www.cisco.com/en/US/products/ps6120/index.html
Disclaimer1. * Available only in CR 25ia, CR50ia, CR100ia, CR200i, CR300i, CR 500ia, CR 750ia, CR1000ia, CR1500ia and 2500ia Appliances2. **Only for the previous day for CR15i Appliances3. This comparison is based on our interpretation of the publicly available information as on date of preparing this comparison. The features /
characteristics of the subject product under comparison, which may have direct impact on the accuracy and / or validity of this comparison, arelikely to change without prior notice. The information contained in this comparison is and intended to provide broad consumer understanding andknowledge of factual information of various products. This comparison is merely our opinion / interpretation, which may be subject to furthermodification / rectification in future in case of receipt of any fact / information regarding the subject products under comparison. People usinginformation should also research original sources of information and should not rely only upon this comparison while selecting any product. Thiscomparison is not exhaustive and may not be accurate. Elitecore makes no warranty as to the reliability, accuracy, usefulness, or completeness ofthe comparison. The materials / information in this comparison are provided "as is" and without warranties of any kind either expressed or implied.To the fullest extent permissible pursuant to applicable law, Elitecore disclaims all warranties of accuracy or otherwise in respect of the comparison.Elitecore does not warrant or make no representations regarding the use of or the result of the use of the comparison in terms of their correctness,accuracy, reliability, or otherwise. Elitecore retains the right to revise these rules / conditions at any time. This document is confidential andintended for private circulation only.
http://www.cyberoam.com/http://www.cisco.com/en/US/products/ps6120/index.htmlhttp://www.cisco.com/en/US/products/ps6120/index.htmlhttp://www.cyberoam.com/