Should I Upgrade to Cisco FirePower?
If you are still using Cisco Adaptive Security Appliance (ASA), you might be thinking about whether upgrading to Cisco Firepower will be a good decision for your business or not. So, in this blog, we will discuss Cisco Firepower in detail to help you better understand what this firewall offers, licensing conventions, and more.
What is Cisco Firepower?
Often written as Cisco FirePOWER, it is an advanced firewall developed by Cisco. It was launched as the heir apparent and replacement for the Cisco ASA firewall line. Cisco Firepower runs on two different codes:
- The ASA (Adaptive Security Appliance) Code
- The FTD (Firepower Threat Defense) Code
The ASA is basic software but it doesn’t have the advanced next-gen and IPS functionality. The next-gen ASA software has a Firepower module that runs inline on top of the existing architecture of the ASA. In that case, ASA provides IPS, Malware, and URL filtering capabilities through Firepower.
However, now, the Cisco Firepower appliance integrates the firewall capabilities into Firepower capabilities together and offers one single solution – which is branded by Cisco as Cisco Secure Firewall.
The Secure Firewall assortment offers various vital capabilities, including:
- Unified Management of Firewalls
- Application Control
- URL Filtering and IPS
- Malware Defense
What is the use of Cisco Firepower?
Cisco Firepower line is designed to help businesses handle their network traffic while complying with network security policies – the guidelines for protecting the business network.
The Cisco Firepower Module runs on ASA devices installed in different network segments and monitors network traffic for analysis. When it is deployed inline, it can influence the flow of the traffic using access control features that allow you to specify how to handle the incoming traffic, outgoing traffic, and the traffic traversing the network.
The data collected about network traffic and all the information you get from Cisco Firepower can be used to better filter and control traffic depending on:
- Simple transport and network layer characteristics such as source, destination, port, protocol, etc.
- Latest contextual information about network traffic and characteristics, such as reputation, risk, business relevance, applications used, URL visited, etc.
- The users of Microsoft Active Directory LDAP in your organization
Each type of traffic inspection and control is carried out where it makes the most sense for higher flexibility and performance. For instance, reputation-based blacklisting because it simply uses data of source and destination and can block prohibited traffic quickly while detecting and blocking intrusions and exploits.
What are the key capabilities of Cisco Firepower?
The main capabilities of Cisco Firepower are as follows:
- Access Control Policies
- Identifying and Preventing Intrusions
- Advanced Malware Protection and File Control
Access Control Policies
It is a policy-based feature that helps you specify, inspect, and log the traffic that is allowed to traverse your network. It determines how the traffic is handled on your network.
The easiest and simplest access control policy handles the entire traffic through default action. You can set this policy to block or trust all traffic without any further inspection for intrusions.
However, you can use a complex access control policy called blacklist traffic based on Security Intelligence data. It also includes the use of access control rules to implement control at a granular level over network logging and handling. By using this policy, you can handle traffic by security zone, network, geographic location, port, requested URL, application, or user.
Each access rule also includes an action that determines whether you monitor, trust, block, or allow matching traffic.
Identifying and Preventing Intrusions
Intrusion detection and prevention is called the last line of defense before traffic is allowed to enter the network. You can also set and configure intrusion policies that include intrusion rules and settings for traffic inspection to check against security violations. In inline deployments, intrusion policies block or alter malicious traffic.
In case the system-provided policies don’t provide full protection against intrusion, you can create custom policies to improve the performance of the system in your business environment. It can provide you with a focused view of the malicious traffic and policy violations occurring on a network.
Advanced Malware Protection and File Control
The ASA Firepower module’s advanced malware and file control protection components can identify, track, capture, analyze, and optionally block the file transmission over the network.
File control features allow devices to detect and block users from uploading or downloading files of specific types over specific application protocols.
On the other hand, advanced malware protection helps your system to inspect network traffic for malware. Even if you store a detected file, you can submit it to the CSI Cloud for a simple known-disposition lookup.
What are the license conventions for Cisco Firepower?
A Protection License is needed for devices to perform intrusion detection and prevention, file control, and Security Intelligence Filtering. This license corresponds to the Protection subscription that automatically comes with the purchase of an ASA Firepower module.
A Control License is needed for devices to control users and applications. This license requires you to hold a Protection license and is included automatically with the purchase of an ASA Firepower module.
A URL Filtering License is needed for devices to utilize updated cloud-based category and reputation data to see which traffic can traverse your network based on the URLs requested. It requires Protection License and can be purchased as an add-on subscription.
A Malware License is needed for devices to provide advanced malware protection over your network. It also requires having a Protection License. You can purchase it separately as an add-on or as a service subscription combined with Protection License.