Cisco’s new 6.0.1 code for Firepower is out and it’s powerful! 6.1 will be available late fall and will add HA, which is sorely needed!
Take my Cisco Firepower course Live Online found only at www.lammle.com/firepower covering the following features and more!
URL and DNS-based Security Intelligence: Instead of having to create numerous rules in your ACP, the new Security Intelligence feeds based on URLs and Domain Name System (DNS) servers are used to enhance the existing IP-based Security Intelligence objects.
DNS Inspection and Sinkholes: To stop attackers from using the DNS protocol to hide their activity the Firepower system provides the ability to intercept DNS traffic requests and take appropriate action based on the policy setting.
On-box SSL Decryption for ASA Servers: Cisco’s next-generation firewall (NGFW), Cisco ASA with FirePOWER Services, now has the ability to locally manage SSL communications and decrypt the traffic through FTD before performing attack, application, and malware detection against it.
Support for OpenAppID-Defined Applications: The Firepower application detection engine that identifies and controls access to over 3,000 applications has been enhanced to recognize OpenAppID-defined applications. In the same way that Snort was an effort to open source intrusion detection, OpenAppID is a way to open source application detection. Support for OpenAppId-defined applications demonstrates Cisco’s commitment to the open source initiatives.
Captive Portal and Active Authentication: The Captive Portal and Active Authentication feature can be configured to require users to enter their credentials when prompted through a browser window. This allows policies to be based on a user or group of users. The Sourcefire User Agent (SFUA) was used to provide AD information to Firesight, however, this only provided AD user/group information. Captive Portal and Active Authentication works with the SFUA integration with Active Directory to address non-Windows environments, BYOD users, and guests
Integration with Cisco Identity Services Engine (ISE): The integration with Cisco ISE enhances the user identity data available to the system to use in analysis and policy control. By subscribing to Cisco’s Platform Exchange Grid (PxGrid), the Firepower Management Center is able to download additional user data, device type data, device location data, and Security Group Tags (SGTs —a method used by ISE to provide network access control). Beyond the added visibility into the users on your network, this data is also actionable intelligence because it extends the control you can provide by creating policies based on SGTs, or on device type, or any of the other information provided by ISE.
Local Malware Checks: This feature provides the ability to identify popular/common malware directly on the Firepower appliance, and reduces the need to send files for dynamic analysis (sandboxing), either in the cloud or on-prem (see Intergration with AMP Threat Grid). Using high-fidelity ClamAV signatures, files whose SHA-256 lookup return a disposition of Unknown will be analyzed locally on the Firepower appliance to identify common characteristics associated with malware, reducing the need for dynamic analysis.
File Property Analysis: Because certain file types support nested content that can be used to hide malware, this feature provides local analysis of files to determine the viability of malware hidden within. For example, a PDF file can contain different types of files nested inside the file. A file composition report is then run that identifies if nested data exists within the file, what file types those nested files represent, and how likely each nested file is to contain malware. Based on this in formation, you can choose whether or not to send the file on for dynamic analysis
Integration with AMP Threat Grid: Cisco’s acquisition of ThreatGrid in June 2014 increased our abilities in helping our customers address advanced persistent threats, and that technology has now been fully integrated in Firepower v6.0. AMP Threat Grid now provides our sandboxing capabilities in the cloud when using our AMP for Firepower option. Files sent to the cloud for dynamic analysis are securely analyzed and correlated against hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Detailed reports identify key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks.
In addition, Cisco has greatly expanded the file types we support for automatic dynamic analysis from just executable files to include PDF and Office documents.
Multiple Domain Management: To address the service provider market which must manage separate customer environments, as well as enterprises with acquisitions (resulting in overlapping IP addresses) or geographic business units that need to be managed separately, the Firepower Management Center now has the ability to create multiple
Policy Hierarchy and Inheritance: To support multiple domain management and make policy administration more efficient, Version 6.0 provides the ability to create a hierarchy of policies. Global policies (e.g., access control) can be established that will apply to all management environments. A policy hierarchy can then be constructed underneath the global policy level to represent different environments, different companies, different business units, or different parts of the organization. Each of these policy environments will inherit the policies of the hierarchy above it, allowing for more consistent and efficient policy management.
Okay! Have a great one!