The Cisco Adaptive Security Appliance (ASA) device is not just a hardware Firewall as many people think. Of course the Firewall mechanism is the main functionality of the device, but the extension hardware modules that you can add on, can transform the appliance into content security, intrusion prevention, ssl/ipsec device etc.
This is the main functionality, which is based on the proven PIX appliance technology. Cisco ASA 5500 provides advanced application-aware firewall services with identity-based access control, denial of service (DoS) attack protection, and much more.
Unified Communications Security
The Cisco ASA 5500 delivers unified communication security services with intelligent application inspection for voice/video over IP and IP Telephony traffic protecting against denial of service (DoS), rogue phone callers, and much more.
This is a built in functionality of the appliance without extra hardware modules. Cisco VPN solution on the ASA appliance offers clientless SSL VPN or IPSEC VPN (lan-to-lan and remote access)
This is a signature based full-featured Intrusion Prevention module that can be added in one of the device’s SSM slots (AIP-SSM = Advanced Inspection and Prevention – Security Services Module), thus transforming the device into an integrated firewall and IPS appliance. The IPS module incorporates powerful, high-performance zero-day protection against threats including application and operating system vulnerabilities, directed attacks, worms, and other forms of malware.
Again this is an add-on module (CSC-SSM = Content Security and Control – Security Services Module) which delivers powerful content security services including URL filtering, anti-phishing, anti-spam, antivirus, anti-spyware, and content filtering.