Cisco has enhanced its ASA firewalls with Cisco FirePower which considers as next-generation firewalls. Basically, FirePower is a software module that takes care of main functions like application provisioning, intrusion protection, malware detection and URL filtering. It supports vast range of commercial applications in its layer 7 firewalling.
These devices have powered from unified management which can offer multiple security functions across multiple solutions also are able to Facilitates the centralized management of the Cisco security environment. By using Integrated policy management over multiple security functions admins will be able to Configures firewall access, application control, threat prevention, URL filtering, and advanced malware protection settings in a single policy, more over it Eases policy administration, reduces errors, and promotes consistency Enables a single policy to be deployed to multiple security solutions.
Integration with Cisco Identify Services Engine (ISE) allows Controls access based on Cisco ISE security group tag, device type and location IP, and rapid threat containment and Helps enforce compliance, enhance infrastructure security, and streamline service operation. Superior threat intelligence can Integrates Cisco Talos ® Group’s security, threat, and vulnerability intelligence for up-to-minute threat protection, additionally Addresses new attack methods with both IP-based and URL-based security and intelligence Includes Cisco Umbrella for threat visibility outside the network perimeter.
Cisco FirePower Application visibility and control uses the open-source standard Open App ID for detailed identification and control over custom applications. Providing up to 100 management domains with separate event data, reporting, and network mapping, enforced through role-based access control is one of Cisco FirePower magnificent features. Network admins can benefit from Reporting and dashboards in order to get alerts and reports for both general and focused information and contextual information in hyperlinked tables, graphs, and charts for easy-to-use analysis also Monitor network behavior and performance to identify anomalies and maintain system health.
FirePower Secure boot is a mechanism to validate the integrity of Cisco software running on the FMC hardware as your system boots. If a signature is missing or software is invalid, it will not load and boot will fail. (FMC 1600, FMC 2600, FMC 4600 only).
Cisco FirePower firewall benefits from Threat Defense Manager which provides unified management before, during, and after an attack.
Provides visibility into what is running in your network so you can see what needs to be protected also Creates firewall rules, and controls how more than 4000 commercial and custom applications are used in your environment
States the intrusion prevention levels, URL rules, and innovative malware protection and Applies essential policies.
Creates a graphical representation of all the devices the attack has infected, furthermore Offers the ability to create a custom rule to stop the attack from advancing and finally Gives a detailed analysis of the malware to safely remediate it.
Threat Defense Manager constantly monitors network changes. It simplifies operations and improves your security by Automatically correlating and prioritizing new attack events with your network’s vulnerabilities to aware you to attacks that may have been successful. Your security team can focus on those events that are important. Then by Analyzing your network’s vulnerabilities and automatically recommending the appropriate security policies to apply.
You can adapt your defenses to changing conditions and implement security measures personalized exactly to your network. Another feature is Correlating specific events from network, endpoint, intrusion, and security intelligence sources. You’re warned if any hosts show signs of being compromised. Eventually with Applying file policy criteria, if those are met, it automatically evaluates the file to identify known malware and sends the file to an integrated sandbox to identify unknown malware.
Cisco FirePower Threat Defense Manager makes integration with third-party technologies possible through strong programming interfaces. The APIs provide connection points for Moving event data from Threat Defense Manager to another platform, such as a Security Information and Event Management (SIEM) solution, Secondly Enhances the information contained in the Cisco IPS database with third-party data. Such data might include vulnerability management, third kicks off workflows and remediation steps that are activated by user-defined correlation rules. You could, for example, integrate your workflow with a Network Access Control (NAC) solution to quarantine an infected endpoint or initiate a digital forensic process and finally supporting third-party reporting and analytics by enabling those solutions to query the Threat Defense Manager database.These APIs are also used to integrate with a various number of Cisco security products and workflows
The Threat Intelligence Director is an integrated module within Threat Defense Manager. Using open APIs, the director simplifies the ingestion of third-party threat intelligence from different sources. The director supports the ingestion of Structured Threat Information Expression (STIX) and the Trusted Automated Exchange of Indicator Information (TAXII) or select, flat (unformatted) file formats. The Threat Intelligence Director deconstructs the ingested intelligence into observables (IoCs), including IP (IPv4, IPv6), domain, URL, and SHA-256. These are published to Cisco security appliances, which can automatically block malicious activity inline or monitor the network for rapid response.
The Threat Intelligence Director operationalizes available threat intelligence with the following Cisco security appliances:
– Cisco Firepower NGFW (Cisco Secure Firewall)
– Cisco Firepower NGIPS (Cisco Secure IPS)
Cisco Firepower products (Firepower Management Center and managed devices) include licenses for basic operation, but some features require separate licensing or service subscriptions.
A “right-to-use” license does not expire, but service subscriptions require periodic renewal.
The type of license your products require depends on the software you use, not on the hardware it runs on.
Cisco Firepower Management Center allows you to assign licenses to managed devices and manage licenses for the system.
A hardware Firepower Management Center does not require purchase of additional licenses or service subscriptions in order to manage devices.
Cisco Firepower License for Management Center Virtual is required additional licensing. Contact your authorized representative for details.
Not all functionality is available with an evaluation license, functionality under an evaluation license may be partial, and transition from evaluation licensing to standard licensing may not be seamless.
Review information about evaluation license caveats in information about particular features in this Licensing chapter and in the chapters related to deploying each feature.
7000 and 8000 Series devices, NGIPSv devices, and ASA Firepower modules require Classic licenses. These devices are frequently referred to in this documentation as Classic devices.