Cisco Cisco Firepower Management Center 4000
1-2
FireSIGHT System User Guide
Chapter 1 Introduction
FireSIGHT System Appliances
FireSIGHT System Appliances
A FireSIGHT System appliance is either a traffic-sensing managed device or a managing Defense
Center. Both Defense Centers and their managed devices can be deployed as purpose-built network
appliances provided by Cisco; you can also deploy software-based appliances.
Center. Both Defense Centers and their managed devices can be deployed as purpose-built network
appliances provided by Cisco; you can also deploy software-based appliances.
Defense Centers
A Defense Center provides a centralized management point and event database for your FireSIGHT
System deployment. Defense Centers aggregate and correlate intrusion, file, malware, discovery,
connection, and performance data, assessing the impact of events on particular hosts and tagging hosts
with indications of compromise. This allows you to monitor the information that your devices report in
relation to one another, and to assess and control the overall activity that occurs on your network.
System deployment. Defense Centers aggregate and correlate intrusion, file, malware, discovery,
connection, and performance data, assessing the impact of events on particular hosts and tagging hosts
with indications of compromise. This allows you to monitor the information that your devices report in
relation to one another, and to assess and control the overall activity that occurs on your network.
Key features of the Defense Center include:
•
device, license, and policy management
•
event and contextual information displayed in tables, graphs, and charts
•
health and performance monitoring
•
external notification and alerting
•
correlation, indications of compromise, and remediation features for real-time threat response
•
custom and template-based reporting
For many physical Defense Centers, a high availability (redundancy) feature can help you ensure
continuity of operations.
continuity of operations.
Managed Devices
Devices deployed on network segments within your organization monitor traffic for analysis. Devices
deployed passively help you gain insight into your network traffic. Deployed inline, you can use
FirePOWER devices to affect the flow of traffic based on multiple criteria. Depending on model and
license, devices:
deployed passively help you gain insight into your network traffic. Deployed inline, you can use
FirePOWER devices to affect the flow of traffic based on multiple criteria. Depending on model and
license, devices:
•
gather detailed information about your organization’s hosts, operating systems, applications, users,
files, networks, and vulnerabilities
files, networks, and vulnerabilities
•
block or allow network traffic based on various network-based criteria, as well as other criteria
including applications, users, URLs, IP address reputations, and the results of intrusion or malware
inspections
including applications, users, URLs, IP address reputations, and the results of intrusion or malware
inspections
•
have switching, routing, DHCP, NAT, and VPN capabilities, as well as configurable bypass
interfaces, fast-path rules, and strict TCP enforcement
interfaces, fast-path rules, and strict TCP enforcement
•
have clustering (redundancy) to help you ensure continuity of operations, and stacking to combine
resources from multiple devices
resources from multiple devices
You must manage FirePOWER devices with a Defense Center.
Appliance Types
The FireSIGHT System can run on fault-tolerant, purpose-built physical network appliances available
from Cisco. There are several models of each Defense Center and managed device; these models are
further grouped into series and family.
from Cisco. There are several models of each Defense Center and managed device; these models are
further grouped into series and family.
Physical managed devices come in a range of throughputs and have a range of capabilities. Physical
Defense Centers also have a range of device management, event storage, and host and user monitoring
capabilities.
Defense Centers also have a range of device management, event storage, and host and user monitoring
capabilities.