Avatar

On October 7, 2013 Cisco completed the acquisition of Sourcefire. At that time, I recognized this via Twitter and checked out the products on their website. I was excited to see the FirePOWER in action together with a Cisco ASA.

I had a good possibility to join the “ASA with FirePower Services” Workshop in Munich directly at Cisco. A big part of this Training was a Hands-on Lab, where the FirePOWER “Virus” infected me. I was thrilled, about the Cisco ASA with FirePOWER Services and the FireSIGHT Management Center.

This intelligent cyber security solution covers gaps in traditional security solutions. The threat-focused next-generation firewall provides next-generation security capabilities:

Application Visibility and Control (AVC)

Over 3000 Application-Layer and Riskbased controls, that works closely with the IPS to optimize the security.

Next-Generation IPS (NGIPS)

Visibility to detect multivector threats to streamline and automate defense response, Superior threat prevention and mitigation for both known and unknown threats

URL Filtering, and Advanced Malware Protection (AMP)

The comprehensive malware-defeating solution can enable malware detection and blocking, continuous analysis, and retrospective alerting.

Cisco ASA1

It was so interesting to see, what huge amount of information’s the Cisco FireSIGHT Management Center provides. Now the security team gets visibility and control over: users, devices, communication events, threats, vulnerabilities (on their hosts), web applications and identify the way and source of malware infections.

After the Workshop, it is only natural that Technician want more Hands-on and I found a great possibility to get more, with the Cisco dCloud. This next generation demonstration platform provides self-service demonstration capabilities for Cisco Employees and Partners. (How you could access the Cisco dCloud) With this platform, you get a strategic advantage and you can easily demonstrate any scenario at our or customer offices, events, or WebEx Sessions.

The next Step on the path to the Cisco ASA with FirePOWER Services and the FireSIGHT Management Center was the LAB Environment to get a real feeling. The Installation of the ASA FirePOWER Module is quite simple, also the set-up of the FireSIGHT Management Center and the Integration. Great help was again the Cisco dCloud Lab Guide. There were explained how to set up the first Initial and Discovery Policy. Also the Cisco ASA FirePOWER Module Quick Start Guide and the FireSIGHT System User Guide v5.3.1 is a great Resource to get started.

Cisco ASA2

Next Step is to get certified and learn the theoretical background of the FirePOWER and FireSIGHT systems. A great possibility is to join a Cisco Course like:

Securing Cisco Networks with Sourcefire Intrusion Prevention System (SSFIPS),

Securing Cisco Networks with Sourcefire FireAMP Endpoints (SSFAMP)

Securing Cisco Networks with Snort Rule Writing Best Practices (SSFRULES)

Securing Cisco Networks with Open Source Snort (SSFSNORT)

I will start with the SSFIPS course in March 2015 at Cisco Germany (Frankfurt) and I am excited about it.



Authors

Sven Kutzer

Technical Solutions Architect

Global Security (GSSO) – EMEAR – Advanced Threat