Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
New Features and Functionality
10
to exert granular control over encrypted traffic logging and handling, such as limiting decryption based on URL
categories to enforce privacy concerns. It also provides the ability to block self-signed encrypted traffic, or on SSL
version, specific Cipher Suites, and/or unapproved mobile devices.
categories to enforce privacy concerns. It also provides the ability to block self-signed encrypted traffic, or on SSL
version, specific Cipher Suites, and/or unapproved mobile devices.
Support for OpenAppID-Defined Applications
OpenAppID is Cisco’s open source, application-focused detection language that enables users to create, share
and implement new application detection signatures for custom, localized, and cloud applications, without being
dependent upon a NGFW vendor’s release cycle or roadmap. In Version 6.0, the Firepower application detection
engine that identifies and controls access to over 3,000 applications has been enhanced to recognize
OpenAppID-defined applications. In the same way that Snort was an effort to open source the intrusion detection
game, OpenAppID is a way to open source the application detection game. Support for OpenAppId-defined
applications demonstrates Cisco’s commitment to the open source initiatives and the flexibility that it provides to
our customers.
and implement new application detection signatures for custom, localized, and cloud applications, without being
dependent upon a NGFW vendor’s release cycle or roadmap. In Version 6.0, the Firepower application detection
engine that identifies and controls access to over 3,000 applications has been enhanced to recognize
OpenAppID-defined applications. In the same way that Snort was an effort to open source the intrusion detection
game, OpenAppID is a way to open source the application detection game. Support for OpenAppId-defined
applications demonstrates Cisco’s commitment to the open source initiatives and the flexibility that it provides to
our customers.
Captive Portal and Active Authentication
In order to provide better visibility in mapping users to IP addresses and their associated network events, the
Captive Portal and Active Authentication feature can be configured to require users to enter their credentials when
prompted through a browser window. The mapping also allows policies to be based on a user or group of users.
This feature supplements the existing Sourcefire User Agent (SUA) integration with Active Directory to address
non-Windows environments, BYOD users, and guests.
Captive Portal and Active Authentication feature can be configured to require users to enter their credentials when
prompted through a browser window. The mapping also allows policies to be based on a user or group of users.
This feature supplements the existing Sourcefire User Agent (SUA) integration with Active Directory to address
non-Windows environments, BYOD users, and guests.
Note:
Cisco ASA with FirePOWER Services running ASA version 9.5(2) does not support the Captive Portal and
Active Authentication feature.
Integration with Cisco Identity Services Engine (ISE)
The integration with Cisco ISE enhances the user identity data available to the system to use in analysis and policy
control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to
download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method
used by ISE to provide network access control). Beyond the added visibility into the users on your network, this
data is also actionable intelligence because it extends the control you can provide by creating policies based on
SGTs, or on device type, or any of the other information provided by ISE.
control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to
download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method
used by ISE to provide network access control). Beyond the added visibility into the users on your network, this
data is also actionable intelligence because it extends the control you can provide by creating policies based on
SGTs, or on device type, or any of the other information provided by ISE.
Note:
In Version 6.0, you cannot use ISE to automatically quarantine an infected endpoint. This functionality will
be added in a later release.
Improved Threat Defense Against Advanced Persistent Threats
Local Malware Checks
This feature provides the ability to identify popular/common malware directly on the Firepower appliance, and
reduces the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration
with AMP Threat Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition
of
reduces the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration
with AMP Threat Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition
of
Unknown
will be analyzed locally on the Firepower appliance to identify common characteristics associated with
malware, reducing the need for dynamic analysis.
File Property Analysis
Because certain file types support nested content that can be used to hide malware, this feature provides local
analysis of files to determine the viability of malware hidden within. For example, a PDF file can contain different
types of files nested inside the file. A file composition report is then run that identifies if nested data exists within
the file, what file types those nested files represent, and how likely each nested file is to contain malware. Based
on this information, you can choose whether or not to send the file on for dynamic analysis.
analysis of files to determine the viability of malware hidden within. For example, a PDF file can contain different
types of files nested inside the file. A file composition report is then run that identifies if nested data exists within
the file, what file types those nested files represent, and how likely each nested file is to contain malware. Based
on this information, you can choose whether or not to send the file on for dynamic analysis.