Cisco Cisco FirePOWER Appliance 7020
33-9
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Understanding and Creating File Policies
Understanding and Creating File Policies
License:
Protection or Malware
Supported Devices:
feature dependent
Supported Defense Centers:
feature dependent
A file policy is a set of configurations that the system uses to perform advanced malware protection and
file control, as part of your overall access control configuration. Consider the following diagram of a
simple access control policy in an inline deployment.
file control, as part of your overall access control configuration. Consider the following diagram of a
simple access control policy in an inline deployment.
malware detection
robustness
robustness
limited file types
all file types
malware analysis choices
Defense Center-based, plus analysis in the
cloud
cloud
Defense Center-based, plus additional options
on the FireAMP portal
on the FireAMP portal
malware mitigation
malware blocking in network traffic, Defense
Center-initiated remediations
Center-initiated remediations
FireAMP-based quarantine and outbreak
control options, Defense Center-initiated
remediations
control options, Defense Center-initiated
remediations
events generated
file events, captured files, malware events, and
retrospective malware events
retrospective malware events
malware events
information in malware
events
events
basic malware event information, plus
connection data (IP address, port, and
application protocol)
connection data (IP address, port, and
application protocol)
in-depth malware event information; no
connection data
connection data
network file trajectory
Defense Center-based
Defense Center-based, plus additional options
on the FireAMP portal
on the FireAMP portal
required licenses or
subscriptions
subscriptions
Protection license to perform file control;
Malware license to perform malware
protection
Malware license to perform malware
protection
FireAMP subscription (not license-based)
Table 33-3
Network vs Endpoint-Based Malware Protection Strategies (continued)
Feature
Network-Based
Endpoint-Based (FireAMP)