Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
New Features and Functionality
be created using these new intelligence feeds and new dashboards provide visibility and analysis. In addition, both
URL-based and DNS-based Security Intelligence events will also feed in to the Indications of Compromise (IoC)
correlation feature. These new feeds are provided through regular updates from the Cisco Talos Security Intelligence and
Research Group and, like the IP-based Security Intelligence feature, are part of the base product and do not require a
separate license.
URL-based and DNS-based Security Intelligence events will also feed in to the Indications of Compromise (IoC)
correlation feature. These new feeds are provided through regular updates from the Cisco Talos Security Intelligence and
Research Group and, like the IP-based Security Intelligence feature, are part of the base product and do not require a
separate license.
DNS Inspection and Sinkholes
The same way that attackers use the SSL protocol to hide their activity, attackers use the DNS protocol with the same
intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system provides the
ability to intercept DNS traffic requests and take appropriate action based on the policy setting. A DNS policy allows for
requests to known command & control, spam, phishing, etc., sites to be blocked, to return a
intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system provides the
ability to intercept DNS traffic requests and take appropriate action based on the policy setting. A DNS policy allows for
requests to known command & control, spam, phishing, etc., sites to be blocked, to return a
Domain Not Found
message,
or have the traffic directed to a pre-configured sinkhole. This last option routes the traffic directly through the Firepower
managed device and gives information about the endpoint that could result in an IoC alert.
managed device and gives information about the endpoint that could result in an IoC alert.
Enhanced Network Visibility and Control
SSL Decryption for Cisco ASA with FirePOWER Services Managed Via ASDM
Cisco’s next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, now has the ability to locally manage
SSL communications and decrypt the traffic before performing attack, application, and malware detection against it. This
is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS (NGIPS) appliances. SSL
decryption can be deployed in both passive and inline modes, and supports HTTPS and StartTLS-based applications
(e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured to exert granular control over
encrypted traffic logging and handling, such as limiting decryption based on URL categories to enforce privacy concerns.
It also provides the ability to block self-signed encrypted traffic, or on SSL version, specific Cipher Suites, and/or
unapproved mobile devices.
SSL communications and decrypt the traffic before performing attack, application, and malware detection against it. This
is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS (NGIPS) appliances. SSL
decryption can be deployed in both passive and inline modes, and supports HTTPS and StartTLS-based applications
(e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured to exert granular control over
encrypted traffic logging and handling, such as limiting decryption based on URL categories to enforce privacy concerns.
It also provides the ability to block self-signed encrypted traffic, or on SSL version, specific Cipher Suites, and/or
unapproved mobile devices.
Support for OpenAppID-Defined Applications
OpenAppID is Cisco’s open source, application-focused detection language that enables users to create, share and
implement new application detection signatures for custom, localized, and cloud applications, without being dependent
upon a NGFW vendor’s release cycle or roadmap. In Version 6.0, the Firepower application detection engine that
identifies and controls access to over 3,000 applications has been enhanced to recognize OpenAppID-defined
applications. In the same way that Snort was an effort to open source the intrusion detection game, OpenAppID is a way
to open source the application detection game. Support for OpenAppId-defined applications demonstrates Cisco’s
commitment to the open source initiatives and the flexibility that it provides to our customers.
implement new application detection signatures for custom, localized, and cloud applications, without being dependent
upon a NGFW vendor’s release cycle or roadmap. In Version 6.0, the Firepower application detection engine that
identifies and controls access to over 3,000 applications has been enhanced to recognize OpenAppID-defined
applications. In the same way that Snort was an effort to open source the intrusion detection game, OpenAppID is a way
to open source the application detection game. Support for OpenAppId-defined applications demonstrates Cisco’s
commitment to the open source initiatives and the flexibility that it provides to our customers.
Captive Portal and Active Authentication
In order to provide better visibility in mapping users to IP addresses and their associated network events, the Captive
Portal and Active Authentication feature can be configured to require users to enter their credentials when prompted
through a browser window. The mapping also allows policies to be based on a user or group of users. This feature
supplements the existing Sourcefire User Agent (SUA) integration with Active Directory to address non-Windows
environments, BYOD users, and guests.
Portal and Active Authentication feature can be configured to require users to enter their credentials when prompted
through a browser window. The mapping also allows policies to be based on a user or group of users. This feature
supplements the existing Sourcefire User Agent (SUA) integration with Active Directory to address non-Windows
environments, BYOD users, and guests.
Note:
Cisco ASA with FirePOWER Services only supports the Captive Portal and Active Authentication feature when
running ASA version 9.5(2) or later.
Integration with Cisco Identity Services Engine (ISE)
The integration with Cisco ISE enhances the user identity data available to the system to use in analysis and policy
control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to
download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method used
by ISE to provide network access control). Beyond the added visibility into the users on your network, this data is also
actionable intelligence because it extends the control you can provide by creating policies based on SGTs, or on device
type, or any of the other information provided by ISE.
control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to
download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method used
by ISE to provide network access control). Beyond the added visibility into the users on your network, this data is also
actionable intelligence because it extends the control you can provide by creating policies based on SGTs, or on device
type, or any of the other information provided by ISE.