In today’s network data center environment, it’s not simply enough to have a traditional firewall in place protecting the network’s edge. With more sophisticated network intrusions occurring daily, a Next Generation Firewall (NGFW) is required to help fight against these intrusions.
Cisco’s FirePOWER services provides a Next Generation Firewall (NGFW) and IPS (NGIPS) along with Application Visibility and Control (AVC), Advanced Malware Protection (AMP), and reputation based URL filtering. These features can be integrated with Cisco ASA 5500-X series security appliances, Cisco Meraki security appliances, or with standalone appliances. Not only does FirePOWER solutions give IT staff more network visibility and security policy controls, it provides real-time contextual awareness to accurately detect and defend against network intrusions. Contextual awareness correlates information based on network traffic monitored as it transverses FirePOWER sensors while utilizing continual vulnerability updates from Cisco’s Talos threat intelligence organization to detect and defend against threats as they occur. This allows FirePOWER to better suit each organization’s security needs as it adapts to changing environments.
Cisco FirePOWER services is a great solution for protecting the edge of your network, but consider providing more depth in the network security posture with lateral protection between networks. For example, traffic between end-user networks and server networks. The lateral design can help stop an intrusion coming from a workstation that was transported off net from a user’s device.
Here’s an example of how TALOS (a member Cisco’s Collective Security Intelligence ecosystem and organization responsible for update threat signatures) breaks down threats and where FirePOWER services can fit.
There are many features of FirePOWER services that you can dive into. Outside of the apparent benefit of my experience with deploying FirePOWER with a NGFW, here are some more features of FirePOWER:
- Real-time data of your network
- Detection and alerting of changes in the network environment
- Preprocessors to help with deep packet inspection and IPS/IDS evasion
- Firepower recommended tuning of IPS rules
- Impact flags for intrusion events to assist with determining the impact an intrusion has on your network by correlating data the sensor has collected to include intrusion data, network discovery data, and vulnerability information
- Host Profiles offer an ample view of what data the sensor has collected on a specific host. This can include the operating system, applications, services, IOCs, and possible vulnerabilities that the host may have.
- File trajectory: tracing a file’s movement throughout the network
- Retrospective Malware Events: file that was thought to be cleaned is deemed malware or the reverse
- SSL Decryption
- Easy to read reporting graphs to present information to various business units and detailed reporting for your IT staff
- Documentation on IPS signatures
There are many other avenues to contemplate when deciding on how to secure your data center, but having FirePOWER services at the edge of your network and lateral in the data center are great first steps to consider when protecting your data center. Contact eGroup and we’ll be happy to discuss your data center security needs with you!
