Cisco Cisco Firepower Management Center 2000
C H A P T E R
33-1
FireSIGHT System User Guide
33
Blocking Malware and Prohibited Files
Malicious software, or malware, can enter your organization’s network via multiple routes. To help you
identify and mitigate the effects of malware, the FireSIGHT System’s file control, network file
trajectory, and advanced malware protection components can detect, track, store, analyze, and optionally
block the transmission of malware and other types of files in network traffic.
identify and mitigate the effects of malware, the FireSIGHT System’s file control, network file
trajectory, and advanced malware protection components can detect, track, store, analyze, and optionally
block the transmission of malware and other types of files in network traffic.
You configure the system to perform malware protection and file control as part of your overall access
control configuration. File policies that you create and associate with access control rules handle
network traffic that matches the rules. You can download files detected in that traffic, then submit them
to Cisco’s malware awareness network (called the Collective Security Intelligence Cloud) for dynamic
analysis of the file’s signatures to determine whether they contain malware.
control configuration. File policies that you create and associate with access control rules handle
network traffic that matches the rules. You can download files detected in that traffic, then submit them
to Cisco’s malware awareness network (called the Collective Security Intelligence Cloud) for dynamic
analysis of the file’s signatures to determine whether they contain malware.
If your organization has a FireAMP subscription, the Defense Center can also receive endpoint-based
malware detection data from the Cisco cloud. The Defense Center presents this data alongside the
network-based file and malware data generated by the system.
malware detection data from the Cisco cloud. The Defense Center presents this data alongside the
network-based file and malware data generated by the system.
The Context Explorer and the dashboard provide you with different types of high-level views of the files
(including malware files) detected in your organization. To further target your analysis, you can use a
malware file’s network file trajectory page to track the spread of an individual threat across hosts over
time, allowing you to concentrate outbreak control and prevention efforts where most useful.
(including malware files) detected in your organization. To further target your analysis, you can use a
malware file’s network file trajectory page to track the spread of an individual threat across hosts over
time, allowing you to concentrate outbreak control and prevention efforts where most useful.
Although you can create file policies with any license, certain aspects of malware protection and file
control require that you enable specific licensed capabilities on target devices, as described in the
following table.
control require that you enable specific licensed capabilities on target devices, as described in the
following table.
Table 33-1
License Requirements for File and Malware Detection
Feature
Description
License
file control
detect and optionally block the transmission of file types
in network traffic
in network traffic
Protection
advanced malware
protection
protection
detect, store, track, and optionally block the
transmission of malware files and specified files in
network traffic; submit captured files to the Cisco cloud
to analyze for malware
transmission of malware files and specified files in
network traffic; submit captured files to the Cisco cloud
to analyze for malware
Malware