Cisco NGFW AMP
0 likes989 views
The Cisco Firepower Management Center provides centralized management of Cisco network security solutions such as firewalls, intrusion prevention, and advanced malware protection. It collects extensive network intelligence, analyzes vulnerabilities, and provides policy recommendations. The Management Center offers unified policy management, superior threat intelligence, application visibility and control, and reporting/dashboards. It is available as a physical or virtual appliance and supports various Cisco security products.
Cisco NGFW AMP
- 1. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 9 Data Sheet Cisco Firepower Management Center The Cisco Firepower™ Management Center increases the effectiveness of your Cisco® network security solutions by providing centralized, integrated, and streamlined management. Product Overview The Cisco Firepower Management Center is the administrative nerve center for a number of Cisco security products running on a number of different platforms. It provides complete and unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. The Management Center is the centralized point for event and policy management for the following solutions: ● Cisco Firepower Next-Generation Firewall (NGFW) ● Cisco ASA with FirePOWER Services ● Cisco Firepower Next-Generation IPS (NGIPS) ● Cisco FirePOWER Threat Defense for ISR ● Cisco Advanced Malware Protection (AMP) The Firepower Management Center provides extensive intelligence about the users, applications, devices, threats, and vulnerabilities that exist in your network. It also uses this information to analyze your network’s vulnerabilities and provides tailored recommendations on what security policies to put in place and what security events you should investigate. The Management Center provides easy-to-use policy screens to control access and guard against known attacks. It integrates with advanced malware protection and sandboxing technology, and it provides tools to track malware infections throughout your network. It unifies all these capabilities in a single management interface. You can go from managing a firewall to controlling applications to investigating and remediating malware outbreaks with ease. Figure 1. Centralized Policy, Event, and Device Management
- 2. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 9 Enterprise-Class Management The Cisco Firepower Management Center discovers real-time information about changing network resources and operations to provide you with a full contextual basis for making informed decisions (see Figure 1). In addition to providing a wide breadth of intelligence, the Firepower Management Center delivers a fine level of detail, including: ● Trends and high-level statistics that help managers and executives understand their security posture at a given moment in time as well as how it’s changing, for better or worse ● Event detail, compliance, and forensics that provide an understanding of what happened during a security event to improve defenses, support breach containment efforts, and aid in legal enforcement actions ● Workflow data that can be easily exported to other solutions to improve incident response management Features and Benefits Feature Benefit Unified management of multiple security functions across multiple solutions Facilitates the centralized management of the Cisco security environment, including: ● Cisco Firepower Next-Generation Firewall (NGFW) ● Cisco ASA with FirePOWER Services ● Cisco Firepower NGIPS ● Cisco FirePOWER Threat Defense for ISR ● Cisco AMP Integrated policy management over multiple security functions Configures firewall access, application control, threat prevention, URL filtering, and advanced malware protection settings in a single policy Eases policy administration, reduces errors, and promotes consistency Enables a single policy to be deployed to multiple security solutions Superior threat intelligence Integrates Cisco Talos Group’s security, threat, and vulnerability intelligence for up-to-minute threat protection Addresses new attack methods with both IP-based and URL-based security intelligence Includes Cisco OpenDNS for threat visibility outside the network perimeter Application visibility and control Further reduces threats to your network with precise control of more than 4000 commercial applications Uses the open-source standard OpenAppID for detailed identification and control over custom applications Multitenancy management and policy inheritance Creates up to 50 management domains with separate event data, reporting, and network mapping, enforced through role-based access control Implements consistent and efficient management through its policy hierarchy structure, with each level inheriting policies above it Reporting and dashboards Provides the visibility you need through customizable dashboards with custom and template- based reports Delivers comprehensive alerts and reports for both general and focused information Displays event and contextual information in hyperlinked tables, graphs, and charts for easy-to- use analysis Monitors network behavior and performance to identify anomalies and maintain system health
- 3. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 9 Figure 2. Single Policy Covering Multiple Security Functions Unparalleled Visibility and Insight Because you can’t protect what you can’t see, the Cisco Firepower Management Center automatically collects, collates, and displays contextual information about everything running in your environment. Table 1 illustrates the breadth of contextual awareness provided into threat vectors that more traditional security technologies do not detect. This critical insight into your network is available for use in your protection policies to provide a level of protection that other solutions cannot. Table 1. Full Stack Visibility Category Cisco Firepower Management Center Typical IPS Typical Next-Generation Firewall Threats Yes Yes Yes Users Yes Yes Yes Web applications Yes No Yes Application protocols Yes No Yes File transfers Yes No Yes Malware Yes No No Command-and-control servers Yes No No Client applications Yes No No Network servers Yes No No Operating systems Yes No No Routers and switches Yes No No Mobile devices Yes No No Printers Yes No No VoIP phones Yes No No Virtual machines Yes No No Vulnerability information Yes No No
- 4. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 9 Management Before, During, and After an Attack The Cisco Firepower Management Center provides unified management across the entire “attack continuum”— before, during, and after an attack. Before ● Provides exceptional visibility into what is running in your network so you can see what needs to be protected ● Creates firewall rules, and controls how more than 4000 commercial and custom applications are used in your environment During ● Defines the intrusion prevention levels, URL reputation rules, and advanced malware protection pieces to be put in place ● Applies policies such as: “When network traffic is coming from this country using this particular application with a file attached, I will apply this level of intrusion inspection and analyze the file for malware, and even send it to the integrated sandbox, if necessary” After ● Generates a graphical representation of all the devices the attack has infected ● Provides ability to easily create a custom rule to stop the attack from advancing ● Gives a detailed analysis of the malware to safely remediate it Automated Security for Dynamic Defense The Cisco Firepower Management Center continually monitors how your network is changing. It streamlines operations and improves your security by: ● Automatically correlating new attack events with your network’s vulnerabilities in order to alert you to attacks that may have been successful. Your security team can focus on those events that matter the most. ● Analyzing your network’s vulnerabilities and automatically recommending the appropriate security policies to put in place. You can adapt your defenses to changing conditions and implement security measures tailored specifically to your network. ● Correlating specific events from network, endpoint, intrusion, and security intelligence sources. You’re alerted if individual hosts show signs of compromise from unknown attacks. ● Applying file policy criteria. If those are met, it automatically analyzes the file to identify known malware and/or sends the file to an integrated sandbox to identify unknown malware.
- 5. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 9 Open APIs for Easy Integration The Cisco Firepower Management Center makes integration with third-party technologies possible through four powerful, feature-rich application programming interfaces. The APIs provide connection points for: ● Moving event data from the Management Center to another platform, such as a security information and event management (SIEM) solution ● Enhancing the information contained in the Cisco Firepower database with third-party data, such as vulnerability management data and operating system information from active scanners ● Kicking off workflows and remediation steps that are activated by user-defined correlation rules, such as integrating with a network access control (NAC) solution to quarantine an infected endpoint, or initiating a digital forensic process ● Supporting third-party reporting and analytics by enabling those solutions to query the Firepower Management Center database These APIs are also used to integrate with a number of Cisco security products and workflows. These include Cisco AMP Threat Grid for sandboxing; the Cisco Identity Services Engine for identity data and network segmentation; and Cisco OpenDNS for Internet-wide domain visibility. Choice of Deployment Modes The Cisco Firepower Management Center can be deployed as a physical or virtual appliance, so you can choose what options work best for your environment. The physical appliances generally manage a higher number of sensors and provide greater event storage capabilities than their virtual counterparts. The virtual appliances provide the convenience of being able to use your existing VM infrastructure. They can be easily deployed using VMware vSphere provisioning and can manage assets in a physical network. Version 5.x and version 6.x virtual appliances can be hosted on VMware ESX and ESXi hypervisors and can manage up to 25 physical or virtual sensors. Platform Specifications There are a number of Cisco Firepower Management Center models. Choose the one that’s right for your organization based on the number of sensor appliances to be monitored (both physical and virtual), the number of hosts in your environment, and the anticipated security events rate (see Table 2). All models provide the same management capabilities, including: ● Centralized device, license, event, and policy management ● Role-based management (segmented and isolated views and duties based on administrator role or group) ● Customizable dashboard with custom and template-based reports ● Comprehensive reporting and alerts for both general and focused information ● Event and contextual information displayed in hyperlinked tables, graphs, and charts ● Network behavior and performance monitoring ● Robust high-availability options to help ensure there’s no single point of failure ● Correlation and remediation features for real-time threat response ● Open APIs for integration with third-party solutions and customer work streams, such as firewalls, network infrastructure, log management, SIEM, trouble ticketing, and patch management
- 6. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 9 Table 2 compares the capacities and throughputs of available Cisco Firepower Management Center appliances, both physical and virtual. Table 2. Cisco Firepower Management Center Models Feature FS 750 FS 2000 FS 4000 FS -VMW-SW Maximum number of sensors managed 10 70 300 25 10 2 Maximum number of IPS events 20 million 60 million 300 million 10 million Event storage 100 GB 1.8 TB 3.2 TB 250 GB Maximum network map (hosts/users) 2,000/2,000 150,000/150,000 600,000/600,000 50,000/50,000 Maximum flow rate (flows per second) 2,000 fps 12,000 fps 20,000 fps Varies* Network interfaces 2 x 1 Gbps 2 x 1 Gbps 2 x 10 Gbps (optional SFPs available in Cisco Commerce) 2 x 1 Gbps 2 x 10 Gbps (optional SFPs available in Cisco Commerce) 1 x 1 Gbps High availability Lights-out management (LOM) RAID 5, LOM, high- availability pairing RAID 5, LOM, high- availability pairing No * Virtual Cisco Firepower Management Center performance is highly dependent on the virtual environment chosen: CPUs, memory, storage, etc. Additionally, the virtual Firepower Management Centers listed in the “FS-VMW-SW” column that manage 2 and 10 devices are part of a promotional offer to manage FirePOWER Services on ASA. They should not be used for managing independent FirePOWER sensors. Note: A Cisco Firepower Management Center appliance must be present for a sensor to function. All sensor licensing and management is handled by the Management Center. Additionally, when dealing with Cisco ASA with FirePOWER Services products, all Cisco Firepower Management Centers manage only the FirePOWER portion of the deployment. Table 3 lists the supported versions of Firepower products the Cisco Firepower Management Center is able to manage, along with associated hardware platforms. Table 3. Supported Firepower Versions and their Associated Platforms Management Product Managed Platforms Hardware Platform Cisco Firepower Management Center Firepower v6.x Firepower 4100 Series Firepower 9300 FirePOWER 7000 Series FirePOWER 8000 Series ISR 4000 Series (Threat Defense only) ISR G2 Series (Threat Defense only) Cisco Firepower Management Center Firepower v5.4 ASA 5500-X (FirePOWER Services only) FirePOWER 7000 Series FirePOWER 8000 Series
- 7. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 9 Hypervisor Compatibility The Cisco Firepower Management Center virtual appliance supports the hypervisor versions listed in Table 4. Table 4. Virtual Appliance Hypervisor Support Hypervisor Version and Details Virtual Cisco Firepower Management Center Version VMware vSphere 5.1, 5.5: ● ESXi Server ● vCenter Server (optional) ● vSphere Web Client, vSphere Client, or OVF Tool for Windows or Linux 5.4, 6.0 Licensing Cisco licensing mechanisms make it easy to turn on functionality and scale your solution. Software features are generally enabled by license key and have update subscriptions available in multiyear terms (1, 3, and 5 years). For larger organizations, Enterprise License Agreements (ELAs) are available as part of Cisco ONE. ELAs allow the purchase of basic and advanced security features (from differing product or solution areas) at a fixed price to encourage rapid deployment and the adoption of holistic solutions. Lastly, Cisco Smart Licensing eases license key burdens and enables the reuse of virtual licenses to better support dynamic cloud and virtual implementations. Ordering Information Cisco Smart Licensing The Cisco Firepower Management Center is sold with Cisco Smart Licensing. Cisco understands that purchasing, deploying, managing, and tracking software licenses can be extremely complex. Cisco Smart Software Licensing is a standardized licensing platform that helps customers understand how Cisco software is used across their network. It is designed to reduce administrative overhead and save operating expenses. With Smart Licensing, you have a complete view of software, licenses, and devices from one portal. Licenses are easily registered and activated and can be shifted between similar hardware platforms. Additional information is available at: http://www.cisco.com/web/ordering/smart-software-licensing/index.html. Related information on Smart Accounts is available at: http://www.cisco.com/web/ordering/smart-software-manager/smart-accounts.html. Cisco Smart Net Total Care Support Cisco Smart Net Total Care ™ is an award-winning technical support service that gives your IT staff direct, anytime access to Cisco Technical Assistance Center (TAC) engineers and Cisco.com resources. You receive the fast, expert response and the dedicated accountability you need to resolve critical network issues. Smart Net Total Care provides the following device-level support: ● Global access 24 hours a day, 365 days a year to specialized engineers in the Cisco TAC ● Anytime access to the extensive Cisco.com online knowledge base, resources, and tools ● Hardware replacement options that include 2-hour, 4-hour, next-business-day (NDB) advance replacement, as well as return for repair (RFR) ● Ongoing operating system software updates, including both minor and major releases within your licensed feature set ● Proactive diagnostics and real-time alerts on select devices with Cisco Smart Call Home
- 8. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 9 In addition, the Cisco Smart Net Total Care Onsite Service is an option that provides a field engineer who will install replacement parts at your location and help ensure that your network operates at the highest levels. For more information on Smart Net Total Care please visit: http://www.cisco.com/c/en/us/services/portfolio/product- technical-support/smart-net-total-care.html. How to Order Table 5 provides ordering information for virtual and physical Cisco Firepower Management Center appliances and spare hardware. Please consult the ordering guide for additional configuration options and accessories. Table 5. Ordering Information Cisco Firepower Management Center (Hardware) Appliances Part Number Product Description FS750-K9 Cisco Firepower Management Center 750 Chassis, 1 rack unit (RU) FS2000-K9 Cisco Firepower Management Center 2000 Chassis, 1RU FS4000-K9 Cisco Firepower Management Center 4000 Chassis, 1RU Cisco Firepower Management Center (Hardware) Spare FS-PWR-AC-650W= Cisco Firepower 650W AC Power Supply Cisco Firepower Management Center (Software) Virtual Appliance FS-VMW-SW-K9 Cisco Firepower Management Center, Virtual (VMware) Firepower License FS-VMW-10-SW-K9 Cisco Firepower Management Center, Virtual (VMware) Firepower License, for 10 devices FS-VMW-2-SW-K9 Cisco Firepower Management Center, Virtual (VMware) Firepower License, for 2 devices To place an order, visit the Cisco ordering homepage. Warranty Information Find warranty information on Cisco.com at the Product Warranties page. Cisco Services Cisco offers a wide range of service programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services for security, visit http://www.cisco.com/go/services/security. Cisco Capital Financing to Help You Achieve Your Objectives Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
- 9. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 9 For More Information For more information, please visit the following links: ● Cisco Firepower Management Center ● Cisco Firepower Next-Generation Firewalls ● Cisco Firepower Next-Generation IPS (NGIPS) ● Cisco Advanced Malware Protection (AMP) ● Cisco FirePOWER Threat Defense for ISR ● Cisco Security Services For information about Cisco Firepower in service provider environments, please visit: http://www.cisco.com/c/en/us/solutions/enterprise-networks/service-provider-security-solutions/ Printed in USA C78-736775-00 02/16