You are previewing Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP.
O'Reilly logo
Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP

Book Description

Network threats are emerging and changing faster than ever before. Cisco Next-Generation Network Security technologies give you all the visibility and control you need to anticipate and meet tomorrow’s threats, wherever they appear. Now, three Cisco network security experts introduce these products and solutions, and offer expert guidance for planning, deploying, and operating them.

The authors present authoritative coverage of Cisco ASA with FirePOWER Services; Cisco Firepower Threat Defense (FTD); Cisco Next-Generation IPS appliances; the Cisco Web Security Appliance (WSA) with integrated Advanced Malware Protection (AMP); Cisco Email Security Appliance (ESA) with integrated Advanced Malware Protection (AMP); Cisco AMP ThreatGrid Malware Analysis and Threat Intelligence, and the
Cisco Firepower Management Center (FMC).

You’ll find everything you need to succeed: easy-to-follow configurations, application case studies, practical triage and troubleshooting methodologies, and much more.

  • Effectively respond to changing threat landscapes and attack continuums

  • Design Cisco ASA with FirePOWER Services and Cisco Firepower Threat Defense (FTD) solutions

  • Set up, configure, and troubleshoot the Cisco ASA FirePOWER Services module and Cisco Firepower Threat Defense

  • Walk through installing AMP Private Clouds

  • Deploy Cisco AMP for Networks, and configure malware and file policies

  • Implement AMP for Content Security, and configure File Reputation and File Analysis Services

  • Master Cisco AMP for Endpoints, including custom detection, application control, and policy management

  • Make the most of the AMP ThreatGrid dynamic malware analysis engine

  • Manage Next-Generation Security Devices with the Firepower Management Center (FMC)

  • Plan, implement, and configure Cisco Next-Generation IPS—including performance and redundancy

  • Create Cisco Next-Generation IPS custom reports and analyses

  • Quickly identify the root causes of security problems

  • Table of Contents

    1. About This E-Book
    2. Title Page
    3. Copyright Page
    4. About the Authors
    5. About the Technical Reviewers
    6. Dedications
    7. Acknowledgments
    8. Contents at a Glance
    9. Contents
    10. Introduction
      1. Who Should Read This Book?
      2. How This Book Is Organized
      3. Command Syntax Conventions
    11. Chapter 1. Fundamentals of Cisco Next-Generation Security
      1. The New Threat Landscape and Attack Continuum
        1. The Attack Continuum
      2. Cisco ASA 5500-X Series Next-Generation Firewalls and the Cisco ASA with FirePOWER Services
      3. Cisco Firepower Threat Defense (FTD)
        1. Cisco Firepower 4100 Series
        2. Cisco Firepower 9300 Series
        3. Cisco FTD for Cisco Integrated Services Routers (ISRs)
      4. Next-Generation Intrusion Prevention Systems (NGIPS)
      5. Firepower Management Center
      6. AMP for Endpoints
      7. AMP for Networks
      8. AMP Threat Grid
      9. Email Security Overview
        1. Email Security Appliance
        2. Cloud Email Security
        3. Cisco Hybrid Email Security
      10. Web Security Overview
        1. Web Security Appliance
        2. Cisco Security Management Appliance
        3. Cisco Cloud Web Security (CWS)
      11. Cisco Identity Services Engine (ISE)
      12. Cisco Meraki Cloud-Managed MDM
      13. Cisco Meraki Cloud-Managed Security Appliances
      14. Cisco VPN Solutions
      15. Summary
    12. Chapter 2. Introduction to and Design of Cisco ASA with FirePOWER Services
      1. Introduction to Cisco ASA FirePOWER Services
      2. Inline versus Promiscuous Mode
        1. Inline Mode
        2. Promiscuous Monitor-Only Mode
      3. Cisco ASA FirePOWER Management Options
        1. Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5585-X Appliances
        2. Accessing the Cisco ASA FirePOWER Module Management Interface in Cisco ASA 5500-X Appliances
      4. Cisco ASA FirePOWER Services Sizing
      5. Cisco ASA FirePOWER Services Licensing
        1. The Protection License
        2. The Control License
        3. The URL Filtering License
        4. The Malware License
        5. Viewing the Installed Cisco ASA FirePOWER Module Licenses
        6. Adding a License to the Cisco ASA FirePOWER Module
      6. Cisco ASA FirePOWER Compatibility with Other Cisco ASA Features
      7. Cisco ASA FirePOWER Packet Processing Order of Operations
      8. Cisco ASA FirePOWER Services and Failover
        1. What Happens When the Cisco ASA FirePOWER Module Fails?
      9. Cisco ASA FirePOWER Services and Clustering
        1. Cluster Member Election
        2. How Connections Are Established and Tracked in a Cluster
      10. Deploying the Cisco ASA FirePOWER Services in the Internet Edge
      11. Deploying the Cisco ASA FirePOWER Services in VPN Scenarios
      12. Deploying Cisco ASA FirePOWER Services in the Data Center
      13. Firepower Threat Defense (FTD)
      14. Summary
    13. Chapter 3. Configuring Cisco ASA with FirePOWER Services
      1. Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5585-X Appliances
        1. Installing the Boot Image and Firepower System Software in the Cisco ASA 5585-X SSP
      2. Setting Up the Cisco ASA FirePOWER Module in Cisco ASA 5500-X Appliances
        1. Installing the Boot Image and Firepower System Software in the SSD of Cisco ASA 5500-X Appliances
        2. Configuring of Cisco ASA 5506-X, 5508-X, and 5516-X Appliances
        3. Uploading ASDM
        4. Setting Up the Cisco ASA to Allow ASDM Access
        5. Accessing the ASDM
        6. Setting Up a Device Name and Passwords
        7. Configuring an Interface
      3. Configuring the Cisco ASA to Redirect Traffic to the Cisco ASA FirePOWER Module
      4. Configuring the Cisco ASA FirePOWER Module for the FMC
      5. Configuring the Cisco ASA FirePOWER Module Using the ASDM
        1. Configuring Access Control Policies
        2. Configuring Intrusion Policies
        3. Configuring File Policies
        4. Reusable Object Management
        5. Keeping the Cisco FirePOWER Module Up-to-Date
      6. Firepower Threat Defense
        1. Installing FTD Boot Image and Software
        2. FTD Firewall Mode
        3. FTD Interface Types
        4. FTD Security Zones
        5. Static and Dynamic Routing in FTD
      7. Summary
    14. Chapter 4. Troubleshooting Cisco ASA with FirePOWER Services and Firepower Threat Defense (FTD)
      1. Useful show Commands
        1. Displaying the Access Control Policy Details
        2. Displaying the Network Configuration
        3. Monitoring Storage Usage
        4. Analyzing Running Processes
        5. Using the System Log (Syslog)
        6. Monitoring and Troubleshooting System Tasks
        7. Generating Advanced Troubleshooting Logs
      2. Useful ASA Debugging Commands
      3. Summary
    15. Chapter 5. Introduction to and Architecture of Cisco AMP
      1. Introduction to Advanced Malware Protection (AMP)
      2. Role of the AMP Cloud
      3. Doing Security Differently
        1. The Prevention Framework
        2. The Retrospective Framework
      4. The Cloud
      5. Private Cloud
        1. Cloud Proxy Mode
        2. Air Gap Mode
      6. Installing the Cisco AMP Private Cloud
      7. Summary
    16. Chapter 6. Cisco AMP for Networks
      1. Introduction to Advanced Malware Protection (AMP) for Networks
        1. What Is That Manager Called, Anyway?
        2. Form Factors
        3. What Does AMP for Networks Do?
        4. Where Are the AMP Policies?
      2. Summary
    17. Chapter 7. Cisco AMP for Content Security
      1. Introduction to AMP for Content Security
      2. Content Security Connectors
      3. Configuring Cisco AMP for Content Security
        1. Configuring the Web Security Appliance (WSA) for AMP
        2. Configuring the Email Security Appliance (ESA) for AMP
      4. AMP Reports
      5. Summary
    18. Chapter 8. Cisco AMP for Endpoints
      1. Introduction to AMP for Endpoints
      2. What Is AMP for Endpoints?
      3. Connections to the AMP Cloud
        1. Firewalls, Destinations, and Ports, Oh My!
      4. Outbreak Control
        1. Custom Detections
        2. Application Control
        3. Exclusion Sets
      5. The Many Faces of AMP for Endpoints
      6. AMP for Windows
        1. Windows Policies
        2. Known Incompatible Software
      7. AMP for Mac
        1. MAC Policies
      8. AMP for Linux
        1. Linux Policies
      9. AMP for Android
      10. Installing AMP for Endpoints
        1. Groups, Groups, and More Groups
        2. Download Connector
        3. Distributing via Cisco AnyConnect
        4. Installing AMP for Windows
        5. Installing AMP for Mac
        6. Installing AMP for Linux
        7. Installing AMP for Android
      11. Proxy Complications
        1. Proxy Server Autodetection
        2. Incompatible Proxy Security Configurations
      12. Using the Cloud Console
      13. Summary
    19. Chapter 9. AMP Threat Grid: Malware Analysis and Threat Intelligence
      1. Cisco AMP Threat Grid
      2. Cisco AMP Threat Grid Cloud Solution
      3. Cisco AMP Threat Grid On-Premises Appliance
        1. Default Users
        2. Network Segment Configuration
      4. Summary
    20. Chapter 10. Introduction to and Deployment of Cisco Next-Generation IPS
      1. NGIPS Basics
        1. Legacy IPS Versus NGIPS
        2. Cisco NGIPS Capabilities
        3. NGIPS Modes
        4. NGIPS Deployment Locations and Scenarios
      2. NGIPS Deployment Design Considerations
        1. Threat Management and System Capabilities
        2. Flow Handling
        3. Scale and Availability
        4. Management Platform Integration
        5. Licensing and Cost
      3. NGIPS Deployment Lifecycle
        1. Policy Definition
        2. Product Selection and Planning
        3. Implementation and Operation
        4. Evaluation and Control
      4. Summary
    21. Chapter 11. Configuring Cisco Next-Generation IPS
      1. Policy
        1. Policy Layers
        2. Variables
        3. Configuring a Cisco Firepower Intrusion Policy
        4. Committing a Policy
      2. Snort Rules
        1. Rule Anatomy
        2. Writing a Rule
        3. Managing Snort Rules in FMC
        4. Cisco NGIPS Preprocessors
        5. Firepower Recommendations
      3. Performance Settings
      4. Stack/Cluster
      5. Summary
    22. Chapter 12. Reporting and Troubleshooting with Cisco Next-Generation IPS
      1. Analysis
        1. Intrusion Events
        2. Reports
        3. Incidents
        4. Alerts
        5. Correlation Policies
      2. Troubleshooting
        1. Audit
        2. Health Monitoring
        3. Syslogs
      3. Summary
    23. Index
    24. Code Snippets