Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
New Features and Functionality
Note:
In Version 6.0, you cannot use ISE to automatically quarantine an infected endpoint. This functionality will be added
in a later release.
Improved Threat Defense Against Advanced Persistent Threats
Local Malware Checks
This feature provides the ability to identify popular/common malware directly on the Firepower appliance, and reduces
the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration with AMP Threat
Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition of
the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration with AMP Threat
Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition of
Unknown
will be analyzed
locally on the Firepower appliance to identify common characteristics associated with malware, reducing the need for
dynamic analysis.
dynamic analysis.
File Property Analysis
Because certain file types support nested content that can be used to hide malware, this feature provides local analysis
of files to determine the viability of malware hidden within. For example, a PDF file can contain different types of files
nested inside the file. A file composition report is then run that identifies if nested data exists within the file, what file
types those nested files represent, and how likely each nested file is to contain malware. Based on this information, you
can choose whether or not to send the file on for dynamic analysis.
of files to determine the viability of malware hidden within. For example, a PDF file can contain different types of files
nested inside the file. A file composition report is then run that identifies if nested data exists within the file, what file
types those nested files represent, and how likely each nested file is to contain malware. Based on this information, you
can choose whether or not to send the file on for dynamic analysis.
Integration with AMP Threat Grid
Cisco’s acquisition of ThreatGrid in June 2014 increased our abilities in helping our customers address advanced
persistent threats, and that technology has now been fully integrated in Firepower v6.0. AMP Threat Grid now provides
our sandboxing capabilities in the cloud when using our
persistent threats, and that technology has now been fully integrated in Firepower v6.0. AMP Threat Grid now provides
our sandboxing capabilities in the cloud when using our
AMP for Firepower
option. Files sent to the cloud for dynamic
analysis are securely analyzed and correlated against hundreds of millions of other analyzed malware artifacts to provide
a global view of malware attacks, campaigns, and their distribution. Detailed reports identify key behavioral indicators
and determine threat scores for faster prioritization and recovery from advanced attacks.
a global view of malware attacks, campaigns, and their distribution. Detailed reports identify key behavioral indicators
and determine threat scores for faster prioritization and recovery from advanced attacks.
In addition, we have greatly expanded the file types we support for automatic dynamic analysis from just executable files
to include PDF and Office documents.
to include PDF and Office documents.
Expanded Management Functionality
Multiple Domain Management
To address the service provider market which must manage separate customer environments, as well as enterprises with
acquisitions (resulting in overlapping IP addresses) or geographic business units that need to be managed separately,
the Firepower Management Center now has the ability to create multiple management domains. These domains (up to
50) enable separate management environments and are administered using granular role-based access control (RBAC).
Each domain provides separate event data, reporting, and network maps.
acquisitions (resulting in overlapping IP addresses) or geographic business units that need to be managed separately,
the Firepower Management Center now has the ability to create multiple management domains. These domains (up to
50) enable separate management environments and are administered using granular role-based access control (RBAC).
Each domain provides separate event data, reporting, and network maps.
Policy Hierarchy and Inheritance
To support multiple domain management and make policy administration more efficient, Version 6.0 provides the ability
to create a hierarchy of policies. Global policies (e.g., access control) can be established that will apply to all
management environments. A policy hierarchy can then be constructed underneath the global policy level to represent
different environments, different companies, different business units, or different parts of the organization. Each of these
policy environments will inherit the policies of the hierarchy above it, allowing for more consistent and efficient policy
management.
to create a hierarchy of policies. Global policies (e.g., access control) can be established that will apply to all
management environments. A policy hierarchy can then be constructed underneath the global policy level to represent
different environments, different companies, different business units, or different parts of the organization. Each of these
policy environments will inherit the policies of the hierarchy above it, allowing for more consistent and efficient policy
management.
Expanded ASDM Management Availability
Cisco’s Adaptive Security Device Manager (ASDM) is the local management feature for Cisco ASA with FirePOWER
Services. It was introduced as part of the Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X appliances. With Firepower
v6.0, ASDM is now available on the remaining Cisco ASA with FirePOWER Services appliances (ASA 5512-X / ASA
5515-X / ASA 5525-X / ASA 5545-X / ASA 5555-X / ASA 5585-X).
Services. It was introduced as part of the Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X appliances. With Firepower
v6.0, ASDM is now available on the remaining Cisco ASA with FirePOWER Services appliances (ASA 5512-X / ASA
5515-X / ASA 5525-X / ASA 5545-X / ASA 5555-X / ASA 5585-X).