Cisco Firepower Correlation Policy is to take an action against threats in real time when threats are not detected by IPS signatures since it a zero day attack and there is no signature for it or the behaviour is not normal in our network.
DetailsCisco Firepower Port Scan Detection, as the name suggests, detects and filters all port scan activity from unauthorized sources.
DetailsFirepower Sensitive Data Detection, or Data Loss Prevention (DLP), detects and generates events where intentionally or accidentally sensitive data such as social security numbers, credit card numbers, driver’s license numbers, etc. are leaked.
DetailsCisco Firepower Network Analysis Policy determines how deep a traffic must be pre-processed and decoded before traffic is inspected by access control and IPS policy. Some features like data loss detection or port scan detection require deep traffic pre-processing.
DetailsCisco Firepower Event Suppression is a feature to reduce or suppress intrusion event notification when a specific or range of IP address or number of event thresholds triggers a specific rule.
DetailsCisco Firepower deployment modes are the methods to insert a Firepower into the network as a Firewall/IPS device or as a IPS-only device. In Firewall/IPS mode, you have the option to choose routed or transparent mode and as a IPS-only device you can choose between inline and passive mode.
We discussed routing mode and transparent mode in the previous sections. In this section, we will discuss IPS-only inline and passive modes.
Cisco FTD Network Discovery gives the capability to collects data on your organization’s network.
Which hosts exists on your network? IP address and MAC address of hosts on your network, operating system running on each host and also clients and web applications running on each host are the most important information retrieved by network discovery feature.
Network Discovery is not just for monitoring network traffic, but we can later predefine a host profile and then compare if any hosts on the network are violating the profile.
Cisco FTD Transparent Mode is another way of inserting a firewall in any network. In transparent mode, FTD is mostly like a switch and does not need an IP address in each interface and does not take part in network routing.
Details