Cyber threats come from a wide range of sources, and addressing and mitigating cyber risk requires many layers of protection from different types of technology. Two powerful layers of cybersecurity defense come from Cisco Fire and Ice — Firepower and ISE, two Cisco products.
Cisco Firepower Threat Defense (FTD) is a unified software image which includes Cisco Adaptive Security Appliance (ASA) features and Cisco Firepower Services on one platform. FTD combines the lower layer firewall, antivirus, intrusion prevention, and VPN capabilities of ASA with Firepower Services, a next-generation firewall (NGFW) that can detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level. FTD features and services include:
- Stateful Firewall: FTD monitors traffic streams from end to end. It is aware of communication paths and implements IPsec functions such as tunnels and encryption.
- Static and Dynamic Routing: FTD enables routers to be statically configured to send traffic for a specific destination in a preconfigured direction, or use routing protocol such as OSPF and BGP to determine the best route the traffic should take.
- Next-Generation Intrusion Prevention: FTD goes beyond identifying attacks from known vulnerabilities, it flags suspicious files and analyzes them for zero-day exploits.\
- URL (Web) Filtering: FTD checks the origin or content of Web pages against a set of rules.
- Application Visibility and Control: FTD provides stateful deep packet inspection. Instead of processing packets as individual events, it reconstructs flows and the Layer 7 state of each application flow for application- and session-based classification and management of IP traffic.
- Advanced Malware Protection: FTD protects endpoints by scanning files using a variety of antimalware technologies, including the Cisco antivirus engine.
- SSL Decryption: FTD inspects encrypted traffic sent through SSL/TLS connections for malware threats.
- ISE Integration: FTD enables secure access and guest access, supports BYOD initiatives, and enforces usage policies in conjunction with Cisco TrustSec.
By combining the benefits of an integrated firewall and intrusion prevention system into one platform, FTD provides a unified threat defense across your network’s attack surface.
Cisco Identity Services Engine (ISE) is a policy management and control platform that provides a holistic view of network activity, such as who is connected, which applications are installed and running, and much more. ISE also shares vital contextual data, such as user and device identities, threats, and vulnerabilities with integrated solutions from Cisco technology partners, so you can identify, contain, and remediate threats faster. ISE features and benefits include:
- Access Control: ISE offers a range of access control options, including downloadable and named ACLs, VLAN assignments, URL redirections, and Security Groups with Cisco TrustSec technology.
- Guest Lifecycle Management: ISE streamlines the implementation and customization of guest network access with branded experiences and promotions. ISE has built-in support for hotspots, sponsored, self-service, and other access workflows.
- Streamlined Device Onboarding: ISE automates supplicant provision and certificate enrollment for PC and mobile platforms.
- Built-in AAA Services: ISE uses standard RADIUS protocol for Authentication, Authorization, and Accounting. ISE supports a wide range of authentication protocols and is the only RADIUS server that supports EAP chaining of machine and user credentials.
- Device Administration Access Control and Auditing: ISE Supports the TACACS+ protocol and grants users access based on credentials, group, location, and commands.
- Internal Certificate Authority: Deploy internal certificate authority with a single console to manage endpoints and certificates with ISE. It facilitates the manual creation of bulk or single certificates and key pairs to connect devices to the network with a high degree of security.
- Device Profiling: ISE is populated with predefined device templates for a variety of endpoints, with additional device templates available for specialized devices such as medical, manufacturing, and building automation.
- Device-Profile Feed Service: ISE delivers automatic updates of Cisco’s validated device profiles for various IP-enabled devices from multiple vendors.
- Endpoint Posture Service: Perform endpoint posture assessments and enforce appropriate compliance policies for endpoints through ISE’s persistent client-based agent, a temporal agent, or a query to an external MDM/EMM.
- Extensive Multiforest Active Directory Support: ISE provides comprehensive authentication and authorization against multiforest Microsoft Active Directory domains and groups multiple, disjointed domains into logical groups.
- Monitoring and Troubleshooting: ISE’s built-in help desk web console for monitoring, reporting, and troubleshooting, provides robust historical and real-time reporting for all services.
Fire and Ice
The security landscape is constantly evolving, and cybercriminals innovate at a rapid pace. Firepower Threat Defense working in concert with ISE provides the visibility, contextual awareness, mobile device compliance, cyber threat defense, threat remediation, and network troubleshooting you need to keep pace with attackers. When you combine fire and ice, threats are quickly identified and contained, and efficiently remediated.
Cerium Networks is a Cisco Gold and Master Security Partner. Our Cisco expertise combined with our value-added services portfolio uniquely positions us to be your trusted security advisor. Our integrated, intelligence-driven approach to cyber threat management enables Cerium to integrate technologies that deliver the sophisticated security solutions your business demands.