Cisco FTDv License

Cisco FTDv License

Currently, organizations use a combination of physical and virtual control points to fulfill their network security requirements. They require the ability to deploy various physical and virtual firewalls in a variety of settings while still upholding uniform policy across branch offices, corporate data centers, and everything in between. With the convenience of unified policy and the freedom to deploy anywhere, Cisco’s virtual firewall portfolio helps you streamline security management during data center consolidation, office relocations, mergers and acquisitions, as well as seasonal peaks in demand for your applications.

Product Overview

Cisco Firepower Threat Defense is an integrative software image that combines Firepower and ASA functionality into a single hardware- and software-inclusive system.

The next generation intrusion prevention system is called Cisco Firepower NGIPS. The Firepower Management Center serves as its common management interface with Cisco’s firewall products.

When EventTracker is integrated with Cisco Firepower NGIPS, it collects logs from Cisco FTDv and generates in-depth reports, alerts, dashboards, and saved searches. With the aid of these EventTracker features, users can view all pertinent information on a single platform.

Information about events like IDS will be included in reports. Which describes the intended victim and attack vector. Reports also include events of activities like user command execution, system activities, and access to SSL VPN, VPN, and WebVPN.

In addition to many others, IPS events include Blocked connections, File and Malware detection summary, and Allowed URL’s summary. It contains details like the date, time, the type of exploit, and background information on the attack’s origin and target.

Any time Cisco FTDv detects a critical event, alerts are sent immediately. Users will be able to receive alerts in real time for events like potential attacks, successful and unsuccessful SSL VPN, VPN, and WebVPN login attempts, and logouts.

Alerts are sent directly to their email services for IPS events where a connection is blocked because a malicious entity has been found by the NGIPS engine.

On the EventTracker “dashboard,” you can view visual/graphical representations of events like blocked/allowed connections, security event summary count, and geo-location data.

The dashboard also shows IDS-related events like the potential time of attacks from unknown or suspicious sources, details about suspicious URLs, Files, SSL Flow Status, threat name, SHA Disposition, source IP address, and Protocol/service used to connect with FTDv, etc.

Benefits of using licensed Cisco FTDv

Automated threat correlation and unified management

With Cisco`s IPS license, Malware Defense license, and URL Filtering license, you can contain more threats by containing known and unknown malware. Through unified management of integrated tools, the complexity of managing multiple security products can be reduced.

Transferable licenses between clouds

With the portability of one license, deploy appliances anywhere, from your data center to your branch office, to support virtual and physical solutions across public or private clouds (VMware, KVM, OpenStack, Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud Infrastructure (OCI), government clouds, and hyperconverged infrastructure (Cisco HyperFlex, Nutanix AHV), as well as VMware, KVM, OpenStack, and Cisco HyperFlex and Nutanix. With a single license, you can expand, contract, and move workloads across physical, virtual, and public cloud infrastructures over time.

Automated risk ranking and impact flags

Establish a threat priority list by gaining complete visibility into your environment. Focus on high-impact alerts that demand quick action by reducing the noise and volume of events. Utilizing the best-of-breed Snort 3 IPS, set rule recommendations that link host profiles with a degree of vulnerability to automate impact analysis and contextualize the data.

Cisco FTDv key features

• URL filtering: Number of categories: Over 80
• Cisco Secure Malware Analytics Sandboxing: Available
• URL Filtering: Number of Categorized URLs: Over 280 million
• Active/standby high availability and clustering (ESXi and KVM only)
• Cisco Security Intelligence: Standard, with IP, URL, and DNS threat intelligence
• AVC: OpenAppID support for custom open source application detectors: Default
• AWS, Azure, GCP, and OCI: only routed mode; deployment modes: transparent (inline set — IPS-only), routed, and passive.
• Application Visibility and Control (AVC): Standard, supports over 4000 applications, as well as geolocation, users and websites
• Third-party and open-source ecosystem: Open API for third-party product integrations; Snort and OpenAppID community resources for fresh and particular threats.
• Cisco Secure Firewall IPS License: Available; Snort 3 IPS can passively discover endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC).
• Cisco Firewall Device Manager (local management): ESXi, KVM and Openstack: version 7.0 and later; Azure: version 6.5 and higher; AWS: 6.6 and later, Cisco Hyperflex: version 7.0 and later; Nutanix AHV: Version 7.0 and later.

• Cisco Secure Firewall Malware Defense License: Available; enables the detection, blocking, tracking, analysis and containment of targeted and persistent malware and addresses the attack continuum during and after attacks. Optional built-in threat correlation with Cisco Secure Endpoint is also available.
• Centralized Management: Centralized configuration, logging, monitoring, and reporting is performed from Cisco Firewall Management Center (all platforms, including on-premises and in AWS, Azure, GCP, and OCI (6.7 and later)) or alternatively in the cloud with Cisco Defense Orchestrator (ESXi and KVM; Azure: version 6.5 and higher, Cisco Hyperflex: version 7.0 and higher; Nutanix AHV: version 7.0 and higher).