Cisco Cisco Firepower Management Center 2000 發佈版本通知
Firepower System Release Notes
New Features and Functionality
7
You cannot compare policies on the following pages: the NAT Policy page, the Platform Settings page, and
the SSL Policy page.
the SSL Policy page.
Version 6.0 does not support AMP for Firepower signature lookups with the private AMP cloud. In Version 6.0,
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP
cloud and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue
to receive those events without any additional changes to your configuration.
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP
cloud and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue
to receive those events without any additional changes to your configuration.
Syslog messages for connection events now populate information for the following fields: HTTP Referrer, User
Agent, and Referenced Host.
Agent, and Referenced Host.
Version 6.0 does not support Discovery Event Health Monitoring.)
You can now edit Automatic Application Bypass (AAB) settings on ASA modules running FirePOWER services.
Expanded Threat Protection
URL and DNS-based Security Intelligence
New Security Intelligence feeds based on URLs and Domain Name System (DNS) servers are provided to enhance
the existing IP-based Security Intelligence capability. Currently, IP-based intelligence is used to control access to
known malware, phishing, command & control, and Bot sites. New attack methods designed to defeat IP-based
intelligence (e.g., fast flux) abuse DNS load balancing features in an effort to hide the actual IP address of a
malicious server. While the IP addresses associated with the attack are frequently swapped in and out, the domain
name will rarely change. The URL-based intelligence will supplement the IP-based intelligence in addressing this
kind of attack, and the DNS-based intelligence will help identify known DNS servers that are complicit in these
kinds of attacks. Access control policies can be created using these new intelligence feeds and new dashboards
provide visibility and analysis. In addition, both URL-based and DNS-based Security Intelligence events will also
feed in to the Indications of Compromise (IoC) correlation feature. These new feeds are provided through regular
updates from the Cisco Talos Security Intelligence and Research Group and, like the IP-based Security Intelligence
feature, are part of the base product and do not require a separate license.
the existing IP-based Security Intelligence capability. Currently, IP-based intelligence is used to control access to
known malware, phishing, command & control, and Bot sites. New attack methods designed to defeat IP-based
intelligence (e.g., fast flux) abuse DNS load balancing features in an effort to hide the actual IP address of a
malicious server. While the IP addresses associated with the attack are frequently swapped in and out, the domain
name will rarely change. The URL-based intelligence will supplement the IP-based intelligence in addressing this
kind of attack, and the DNS-based intelligence will help identify known DNS servers that are complicit in these
kinds of attacks. Access control policies can be created using these new intelligence feeds and new dashboards
provide visibility and analysis. In addition, both URL-based and DNS-based Security Intelligence events will also
feed in to the Indications of Compromise (IoC) correlation feature. These new feeds are provided through regular
updates from the Cisco Talos Security Intelligence and Research Group and, like the IP-based Security Intelligence
feature, are part of the base product and do not require a separate license.
DNS Inspection and Sinkholes
The same way that attackers use the SSL protocol to hide their activity, attackers use the DNS protocol with the
same intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system
provides the ability to intercept DNS traffic requests and take appropriate action based on the policy setting. A
DNS policy allows for requests to known command & control, spam, phishing, etc., sites to be blocked, to return
a
same intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system
provides the ability to intercept DNS traffic requests and take appropriate action based on the policy setting. A
DNS policy allows for requests to known command & control, spam, phishing, etc., sites to be blocked, to return
a
Domain Not Found
message, or have the traffic directed to a pre-configured sinkhole. This last option routes the
traffic directly through the Firepower managed device and gives information about the endpoint that could result
in an IoC alert.
in an IoC alert.
Enhanced Network Visibility and Control
SSL Decryption for Cisco ASA with FirePOWER Services Managed Via ASDM
Cisco’s next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, now has the ability to locally
manage SSL communications and decrypt the traffic before performing attack, application, and malware detection
against it. This is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS
(NGIPS) appliances. SSL decryption can be deployed in both passive and inline modes, and supports HTTPS and
StartTLS-based applications (e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured
to exert granular control over encrypted traffic logging and handling, such as limiting decryption based on URL
categories to enforce privacy concerns. It also provides the ability to block self-signed encrypted traffic, or on SSL
version, specific Cipher Suites, and/or unapproved mobile devices.
manage SSL communications and decrypt the traffic before performing attack, application, and malware detection
against it. This is the same capability we introduced in Version 5.4 for Cisco’s Firepower next-generation IPS
(NGIPS) appliances. SSL decryption can be deployed in both passive and inline modes, and supports HTTPS and
StartTLS-based applications (e.g., SMTPS, POP3S, FTPS, IMAPS, TelnetS). Decryption policies can be configured
to exert granular control over encrypted traffic logging and handling, such as limiting decryption based on URL
categories to enforce privacy concerns. It also provides the ability to block self-signed encrypted traffic, or on SSL
version, specific Cipher Suites, and/or unapproved mobile devices.