Cisco Cisco Firepower Management Center 2000
5
FireSIGHT System Release Notes
New Features and Functionality
LACP Support
FirePOWER (Series 3) devices are now able to take part in Link Aggregation Control Protocol (LACP) (IEEE 802.3ad) negotiation to
aggregate multiple links together into one. This allows both link redundancy and bandwidth sharing.
aggregate multiple links together into one. This allows both link redundancy and bandwidth sharing.
Defense Center 2000 (DC2000)
The DC2000 is a new Defense Center appliance platform that offers double the performance and capacity of the DC1500.
Defense Center 4000 (DC4000)
The DC4000 is a new Defense Center appliance platform that offers double the performance and capacity of the DC3500.
International Compatibility Enhancements
Unicode Support
The system now displays the names of files detected through file detection, malware detection, and FireAMP file events. This allows the
display of non-Western characters, including those that are double-byte encoded.
display of non-Western characters, including those that are double-byte encoded.
Geolocation and Security Intelligence Data in Correlation Rules
The correlation rules engine has been updated to make connection, geolocation, and Security Intelligence data available. This allows you
to generate correlated events or take correlated actions based on these two new constraints. For example, if an Impact 1 intrusion event
is detected from a specific country, you can set up an alert to log that information to an external syslog server.
to generate correlated events or take correlated actions based on these two new constraints. For example, if an Impact 1 intrusion event
is detected from a specific country, you can set up an alert to log that information to an external syslog server.
Support for Private FireAMP Cloud
With Version 5.4, you can use a private FireAMP cloud rather than the Cisco public cloud. This requires installation of a private cloud virtual
appliance. The private cloud mediates interactions with the public cloud so you can gather collected threat information from the public cloud
without exposing information from your network.
appliance. The private cloud mediates interactions with the public cloud so you can gather collected threat information from the public cloud
without exposing information from your network.
The following features and functionality were updated in Version 5.4:
Detection and Security Enhancements
Integrated SSL Decryption
FirePOWER (Series 3) devices can now identify SSL communications and decrypt the traffic before applying attack, application, and
malware detection. You can use SSL decryption in any of the supported Series 3 device deployment modes, including inline and passive.
SSL policies control characteristics of SSL in use within the enterprise, with SSL rules to exert granular control over encrypted traffic
logging and handling.
malware detection. You can use SSL decryption in any of the supported Series 3 device deployment modes, including inline and passive.
SSL policies control characteristics of SSL in use within the enterprise, with SSL rules to exert granular control over encrypted traffic
logging and handling.
Simplified Normalization and Preprocessor Configuration
You now configure traffic normalization and preprocessing in the access control policy, rather than the intrusion policy. This simplifies
configuration, especially for new users. The sensitive data preprocessor, rule states, alerting, and event thresholds can still be configured at
an individual intrusion policy level.
configuration, especially for new users. The sensitive data preprocessor, rule states, alerting, and event thresholds can still be configured at
an individual intrusion policy level.
New file_type Keyword in the Snort Rule Language
A new file_type keyword is available in the Snort rules language that enables the specification of a file type for detection. This is a
streamlined alternative to the existing flowbits-driven method.
streamlined alternative to the existing flowbits-driven method.
Expanded IoC support from FireAMP Connectors
The list of Indicators of Compromise (IoC) provided by FireAMP is now dynamic and data-driven. As new IoCs become available, they
are automatically supported by the Defense Center. This enhances the IoC correlation capability in any deployment where FireAMP is used.
are automatically supported by the Defense Center. This enhances the IoC correlation capability in any deployment where FireAMP is used.
Protected Rule Content
A new capability of the Snort rule language is available for use in high-security environments. You can now create a Snort content match
using hashed data. This allows the rule writer to specify what content to search for, but never exposes the content in plain text.
using hashed data. This allows the rule writer to specify what content to search for, but never exposes the content in plain text.