Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
New Features and Functionality
9
Firepower 4100 Series
Stop more threats with our fully integrated next-generation firewall (NGFW) platform. The Firepower 4100 Series’
1-rack-unit size is ideal at the Internet edge and in high-performance environments. It shows you what is
happening on your network, detects attacks earlier so you can act faster, and reduces management complexity.
1-rack-unit size is ideal at the Internet edge and in high-performance environments. It shows you what is
happening on your network, detects attacks earlier so you can act faster, and reduces management complexity.
Firepower 9300 Series
This carrier-grade platform is ideal for data centers and other high-performance settings that require low latency
and high throughput. Deliver scalable, consistent security to workloads and data flows across physical, virtual, and
cloud environments. With tightly integrated services, the Firepower 9300 lowers costs and supports open,
programmable networks. The Firepower 9300 Series offers up to 1.2 Tbps clustered throughput, 10/40/100 Gb
network interfaces, up to 57 million concurrent connections with application control, and 500,000 new
connections per second. Available features and services include a stateful firewall, application visibility and
control, NGIPS, advanced malware protection, reputation-based URL filtering, and DDoS mitigation.
and high throughput. Deliver scalable, consistent security to workloads and data flows across physical, virtual, and
cloud environments. With tightly integrated services, the Firepower 9300 lowers costs and supports open,
programmable networks. The Firepower 9300 Series offers up to 1.2 Tbps clustered throughput, 10/40/100 Gb
network interfaces, up to 57 million concurrent connections with application control, and 500,000 new
connections per second. Available features and services include a stateful firewall, application visibility and
control, NGIPS, advanced malware protection, reputation-based URL filtering, and DDoS mitigation.
Version 6.0
Expanded Threat Protection
URL and DNS-based Security Intelligence
New Security Intelligence feeds based on URLs and Domain Name System (DNS) servers are provided to enhance
the existing IP-based Security Intelligence capability. Currently, IP-based intelligence is used to control access to
known malware, phishing, command & control, and Bot sites. New attack methods designed to defeat IP-based
intelligence (e.g., fast flux) abuse DNS load balancing features in an effort to hide the actual IP address of a
malicious server. While the IP addresses associated with the attack are frequently swapped in and out, the domain
name will rarely change. The URL-based intelligence will supplement the IP-based intelligence in addressing this
kind of attack, and the DNS-based intelligence will help identify known DNS servers that are complicit in these
kinds of attacks. Access control policies can be created using these new intelligence feeds and new dashboards
provide visibility and analysis. In addition, both URL-based and DNS-based Security Intelligence events will also
feed in to the Indications of Compromise (IoC) correlation feature. These new feeds are provided through regular
updates from the Cisco Talos Security Intelligence and Research Group and, like the IP-based Security Intelligence
feature, are part of the base product and do not require a separate license.
the existing IP-based Security Intelligence capability. Currently, IP-based intelligence is used to control access to
known malware, phishing, command & control, and Bot sites. New attack methods designed to defeat IP-based
intelligence (e.g., fast flux) abuse DNS load balancing features in an effort to hide the actual IP address of a
malicious server. While the IP addresses associated with the attack are frequently swapped in and out, the domain
name will rarely change. The URL-based intelligence will supplement the IP-based intelligence in addressing this
kind of attack, and the DNS-based intelligence will help identify known DNS servers that are complicit in these
kinds of attacks. Access control policies can be created using these new intelligence feeds and new dashboards
provide visibility and analysis. In addition, both URL-based and DNS-based Security Intelligence events will also
feed in to the Indications of Compromise (IoC) correlation feature. These new feeds are provided through regular
updates from the Cisco Talos Security Intelligence and Research Group and, like the IP-based Security Intelligence
feature, are part of the base product and do not require a separate license.
DNS Inspection and Sinkholes
The same way that attackers use the SSL protocol to hide their activity, attackers use the DNS protocol with the
same intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system
provides the ability to intercept DNS traffic requests and take appropriate action based on the policy setting. A
DNS policy allows for requests to known command & control, spam, phishing, etc., sites to be blocked, to return
a
same intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system
provides the ability to intercept DNS traffic requests and take appropriate action based on the policy setting. A
DNS policy allows for requests to known command & control, spam, phishing, etc., sites to be blocked, to return
a
Domain Not Found
message, or have the traffic directed to a pre-configured sinkhole. This last option routes the
traffic directly through the Firepower managed device and gives information about the endpoint that could result
in an IoC alert.
in an IoC alert.
Enhanced Network Visibility and Control
SSL Decryption for Cisco ASA with FirePOWER Services Managed Via ASDM
Cisco’s next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, now has the ability to locally
manage SSL communications and decrypt the traffic before performing attack, application, and malware detection
against it. This is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS
(NGIPS) appliances. SSL decryption can be deployed in both passive and inline modes, and supports HTTPS and
StartTLS-based applications (e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured
manage SSL communications and decrypt the traffic before performing attack, application, and malware detection
against it. This is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS
(NGIPS) appliances. SSL decryption can be deployed in both passive and inline modes, and supports HTTPS and
StartTLS-based applications (e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured