Categories
CCNP Enterprise Core (350-401) Cisco Security

Next-Generation Intrusion Prevention System

The Instruction Detection System monitors and analyses traffic for protentional network intrusions, logging any possible threats to the network for analysis.

A system that does all of this and also blocks the attack is known as an Instruction Prevention System.

According to Garner, an Intrusion Prevention System should include the following capabilities:

  • Real time contextual awareness
  • Advanced threat protection
  • Intelligence security automation
  • Unparalleled performance and security
  • Application visibility and control
  • URL Filtering

Cisco acquired Sourcefire in 2013, and renamed it the Firepower next-generation intrusion prevention system when adding to their portfolio of products.

Firepower can be deployed as a physical appliance, as part of Firepower Threat Defence on an ISR, or virtually with NGIPS Virtual.

Firepower is claimed to exceed the requirements that were set by Gartner with the following capabilities:

Real-time Contextual Awareness

Firepower can discover and provide contextual information such as applications, users, endpoints, operating systems, vulnerabilities, services, processes, network behaviours, files and threats

Advanced Threat Protection and Remediation

Firepower can detect, block, contain, and remediate advanced threats through the integrated AMP for networks and threat grid for sandboxing solutions

Intelligent Security Automation

Firepower can automatically correlate threat events, contextual information, and network vulnerability data to perform the following:

  • Optimise defences by automating protection policy updates
  • Quickly identify users affected by a client side attack
  • Receive alerts when a host violates a configuration policy
  • Detect the spread of malware by baselining normal network traffic and detect network anomalies
  • Detect and tag hosts that might potentially be compromised by malicious means

Unparalleled Performance and Scalability

Purpose built Firepower and ASA appliances can incorporate a low latency, single pass design for unprecedented performance and scalability

AVC

Firepower reduces threats through application detection of more than 4000 commercial applications, with support for custom applications too

URL Filtering

Firepower can provide access control to more than 80 categories of websites and provides cover for more than 280 million URLs

Centralised Management

Firepower is managed centrally by the Cisco Firepower management centre, a single pane of class for event collection and policy management

Global Threat Intelligence from Cisco Talos

Firepower integrates with Cisco Talos for the latest IPS signature updates as well as URL filtering information to block connections to URLs, IPs, or domain names

Snort IPS Detection Engine

Firepowers detection engine is Snort, a powerful open-source IPS engine

High Availability and Clustering

Firepower can be deployed as active/standby. Intra-chassis clustering is supported by the Firepower 9300 series platform

Integration with Cisco ISE

The firepower management console can use Cisco ISE to apply remediation on compromised hosts. It can quarantine a host on the network, or even shut down the port the host is connected too.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.