Cisco Cisco Firepower Management Center 2000
33-2
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding Malware Protection and File Control
Because you cannot use a Malware license with a DC500, nor enable a Malware license on a Series 2
device, you cannot use those appliances to capture, store, or block individual files, submit files for
dynamic analysis, or view file trajectories for files for which you conduct a malware cloud lookup.
device, you cannot use those appliances to capture, store, or block individual files, submit files for
dynamic analysis, or view file trajectories for files for which you conduct a malware cloud lookup.
For file and malware cloud-based features, you can use a FireAMP Private Cloud instead of the standard
cloud connection if your organization requires additional security or wishes to limit outside connections.
All file and malware cloud lookups, as well as collection and relaying of event data from FireAMP
endpoints, are handled through the private cloud; when the private cloud contacts the standard Cisco
cloud, it does so through an anonymized proxy connection.
cloud connection if your organization requires additional security or wishes to limit outside connections.
All file and malware cloud lookups, as well as collection and relaying of event data from FireAMP
endpoints, are handled through the private cloud; when the private cloud contacts the standard Cisco
cloud, it does so through an anonymized proxy connection.
For more information, see:
•
•
•
For more information on evaluating event data related to malware protection and file control, see
Understanding Malware Protection and File Control
License:
Protection, Malware, or Any
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
Using the advanced malware protection feature, you can configure the FireSIGHT System to detect,
store, track, analyze, and optionally block malware files being transmitted on your network, as shown in
the following diagram.
store, track, analyze, and optionally block malware files being transmitted on your network, as shown in
the following diagram.
FireAMP integration
receive endpoint-based malware information from the
Cisco cloud, using your organization’s FireAMP
subscription; track the transmission of malware files
using that information
Cisco cloud, using your organization’s FireAMP
subscription; track the transmission of malware files
using that information
Any
geolocation
detect source and destination countries and other
geographical information associated with file and
malware events
geographical information associated with file and
malware events
FireSIGHT (with
GeoDB update for
detailed
information)
GeoDB update for
detailed
information)
Table 33-1
License Requirements for File and Malware Detection (continued)
Feature
Description
License