Cisco Cisco Firepower Management Center 2000
Version 5.3.0.6
Sourcefire 3D System Release Notes
40
Features Introduced in Previous Versions
Spero Engine
L
ICENSE
: Malware
S
UPPORTED
D
EVICES
: Series 3, Virtual, X-Series
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
The Spero engine feature provided another cloud-based method for detecting
suspicious and potentially new malware in executable files using big data. Spero
creates a signature of an executable file based on the structural information of
that file, the dynamic-link libraries (DLL) that are referenced, and the metadata
from the Portable Executable (PE) header. This feature print then runs through the
machine learned data trees for analysis and determines whether the file contains
malware. The Spero analysis result is considered jointly with the file disposition to
generate a final disposition for the executable file.
SMB File Detection
L
ICENSE
: Protection
S
UPPORTED
D
EVICES
: Feature dependent
S
UPPORTED
D
EFENSE
C
ENTERS
: Feature dependent
As of Version 5.3, you can now detect, inspect, and block files transferred in
NetBIOS-ssn traffic, including files transferred over Server Message Block (SMB).
AMP Cloud Connectivity
L
ICENSE
: Malware, URL Filtering
S
UPPORTED
D
EFENSE
C
ENTERS
: Any except DC500
Prior to Version 5.3, to connect to the Sourcefire cloud you had to use TCP Port
32137 and a direct connection from the Defense Center to the cloud.
Version 5.3 introduced proxy support for connecting to the Sourcefire cloud to do
Version 5.3 introduced proxy support for connecting to the Sourcefire cloud to do
malware detection and dynamic analysis. Previously, you had to use TCP port
32137, but now the default connection is made over TCP port 443 to allow more
organizations to connect and use Sourcefire’s advanced malware intelligence.
Use of port 32137 is still supported, but is no longer the default.
Note that if you are updating to Version 5.3 from a previous version of the
Note that if you are updating to Version 5.3 from a previous version of the
Sourcefire 3D System, use of legacy port 32137 is enabled by default. If you want
to connect via port 443 after updating, deselect the checkbox on the Cloud
Services page (System > Local > Configuration > Cloud Services).
Host and Event Correlation IOC Style (Indications of Compromise)
L
ICENSE
: FireSIGHT + Protection or FireAMP subscription
S
UPPORTED
D
EVICES
: Feature dependent
S
UPPORTED
D
EFENSE
C
ENTERS
: Feature dependent
Host and event correlation introduced the ability to pinpoint the hosts on your
network that may have been compromised by an attack. Host and event
correlation aggregates data from intrusion events, connection events, Security
Intelligence events, and FireAMP events to help you quickly diagnose and contain
security breaches on your network.