Cisco Cisco Firepower Management Center 2000 Guía De Instalación
1-5
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 1 Introduction to Cisco NGIPS for Blue Coat X-Series
Understanding Cisco NGIPS for Blue Coat X-Series Capabilities
Intrusion prevention is integrated into access control, where you can associate an intrusion policy with
specific access control rules. If network traffic meets the conditions in a rule, you can analyze the
matching traffic with an intrusion policy. You can also associate an intrusion policy with the default
action of an access control policy.
specific access control rules. If network traffic meets the conditions in a rule, you can analyze the
matching traffic with an intrusion policy. You can also associate an intrusion policy with the default
action of an access control policy.
An intrusion policy contains a variety of components, including:
•
rules that inspect the protocol header values, payload content, and certain packet size characteristics
•
rule state configuration based on FireSIGHT recommendations
•
advanced settings, such as preprocessors and other detection and performance features
•
preprocessor rules that allow you to generate events for associated preprocessors and preprocessor
options
options
File Tracking, Control, and Malware Protection
To help you identify and mitigate the effects of malware, the FireSIGHT System’s file control, network
file trajectory, and advanced malware protection components can detect, track, capture, analyze, and
optionally block the transmission of files (including malware files) in network traffic.
file trajectory, and advanced malware protection components can detect, track, capture, analyze, and
optionally block the transmission of files (including malware files) in network traffic.
File Control
File control allows managed devices to detect and block your users from uploading (sending) or
downloading (receiving) files of specific types over specific application protocols. You configure file
control as part of your overall access control configuration; file policies associated with access control
rules inspect network traffic that meets rule conditions.
downloading (receiving) files of specific types over specific application protocols. You configure file
control as part of your overall access control configuration; file policies associated with access control
rules inspect network traffic that meets rule conditions.
Network-Based Advanced Malware Protection (AMP)
Network-based advanced malware protection (AMP) allows the system to inspect network traffic for
malware in several types of files. Note that advanced malware protection is not supported on Cisco
NGIPS for Blue Coat X-Series.
malware in several types of files. Note that advanced malware protection is not supported on Cisco
NGIPS for Blue Coat X-Series.
Network File Trajectory
The network file trajectory feature allows you to track a file’s transmission path across a network. The
system uses SHA-256 hash values to track files; so, to track a file, the system must either:
system uses SHA-256 hash values to track files; so, to track a file, the system must either:
•
calculate the file’s SHA-256 hash value and perform a malware cloud lookup using that value
•
receive endpoint-based threat and quarantine data about that file, using the Defense Center’s
integration with your organization’s FireAMP subscription
integration with your organization’s FireAMP subscription
Each file has an associated trajectory map, which contains a visual display of the file’s transfers over
time as well as additional information about the file.
time as well as additional information about the file.
Understanding Cisco NGIPS for Blue Coat X-Series Capabilities
Cisco NGIPS for Blue Coat X-Series supports most of the capabilities of the FireSIGHT System.
However, regardless of the licenses installed and applied, Cisco NGIPS for Blue Coat X-Series does not
support any of the following features:
However, regardless of the licenses installed and applied, Cisco NGIPS for Blue Coat X-Series does not
support any of the following features:
•
Cisco NGIPS for Blue Coat X-Series does not support any of the system’s hardware-based or
advanced device management features, including the following features:
advanced device management features, including the following features:
– clustering