Cisco Cisco Firepower Management Center 2000 Notas de publicación
Firepower System Release Notes
New Features and Functionality
10
Note:
Cisco ASA with FirePOWER Services running ASA version 9.5(2) do not support the Captive Portal and
Active Authentication feature.
Integration with Cisco Identity Services Engine (ISE)
The integration with Cisco ISE enhances the user identity data available to the system to use in analysis and policy
control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to
download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method
used by ISE to provide network access control). Beyond the added visibility into the users on your network, this
data is also actionable intelligence because it extends the control you can provide by creating policies based on
SGTs, or on device type, or any of the other information provided by ISE.
control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to
download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method
used by ISE to provide network access control). Beyond the added visibility into the users on your network, this
data is also actionable intelligence because it extends the control you can provide by creating policies based on
SGTs, or on device type, or any of the other information provided by ISE.
Note:
In Version 6.0, you cannot use ISE to automatically quarantine an infected endpoint. This functionality will
be added in a later release.
Improved Threat Defense Against Advanced Persistent Threats
Local Malware Checks
This feature provides the ability to identify popular/common malware directly on the Firepower appliance, and
reduces the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration
with AMP Threat Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition
of
reduces the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration
with AMP Threat Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition
of
Unknown
will be analyzed locally on the Firepower appliance to identify common characteristics associated with
malware, reducing the need for dynamic analysis.
File Property Analysis
Because certain file types support nested content that can be used to hide malware, this feature provides local
analysis of files to determine the viability of malware hidden within. For example, a PDF file can contain different
types of files nested inside the file. A file composition report is then run that identifies if nested data exists within
the file, what file types those nested files represent, and how likely each nested file is to contain malware. Based
on this information, you can choose whether or not to send the file on for dynamic analysis.
analysis of files to determine the viability of malware hidden within. For example, a PDF file can contain different
types of files nested inside the file. A file composition report is then run that identifies if nested data exists within
the file, what file types those nested files represent, and how likely each nested file is to contain malware. Based
on this information, you can choose whether or not to send the file on for dynamic analysis.
Integration with AMP Threat Grid
Cisco’s acquisition of ThreatGrid in June 2014 increased our abilities in helping our customers address advanced
persistent threats, and that technology has now been fully integrated in Firepower v6.0. AMP Threat Grid now
provides our sandboxing capabilities in the cloud when using our AMP for Firepower option. Files sent to the cloud
for dynamic analysis are securely analyzed and correlated against hundreds of millions of other analyzed malware
artifacts to provide a global view of malware attacks, campaigns, and their distribution. Detailed reports identify
key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks.
persistent threats, and that technology has now been fully integrated in Firepower v6.0. AMP Threat Grid now
provides our sandboxing capabilities in the cloud when using our AMP for Firepower option. Files sent to the cloud
for dynamic analysis are securely analyzed and correlated against hundreds of millions of other analyzed malware
artifacts to provide a global view of malware attacks, campaigns, and their distribution. Detailed reports identify
key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks.
In addition, we have greatly expanded the file types we support for automatic dynamic analysis from just
executable files to include PDF and Office documents.
executable files to include PDF and Office documents.
Expanded Management Functionality
Multiple Domain Management
To address the service provider market which must manage separate customer environments, as well as
enterprises with acquisitions (resulting in overlapping IP addresses) or geographic business units that need to be
managed separately, the Firepower Management Center now has the ability to create multiple management
domains. These domains (up to 50) enable separate management environments and are administered using
granular role-based access control (RBAC). Each domain provides separate event data, reporting, and network
maps.
enterprises with acquisitions (resulting in overlapping IP addresses) or geographic business units that need to be
managed separately, the Firepower Management Center now has the ability to create multiple management
domains. These domains (up to 50) enable separate management environments and are administered using
granular role-based access control (RBAC). Each domain provides separate event data, reporting, and network
maps.