Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS

tom.neteng — Fri, 21 Feb 2020 15:47:40 GMT

Is it possible to utilize any dynamic IPS | IDS functionality of SourceFire for known malicious IPs and geo-blocking of rogue nation states without the purchase of a dedicated IPS | IDS system.

Can I, for example, utilize Brightcloud | Talos to filter out all incoming connections from known malicious websites, dynamically learn IPs that are port scanning and block them, and block certain countries, similar to what a dedicated IPS | IDS would do, rather than having the connection allowed all the way?

Or does this functionality require an additional IPS module or third party IPS | IDS system?

Tom

Re: Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS

Marvin Rhoads — Tue, 22 May 2018 04:24:52 GMT

To use the real-time updated security intelligence feeds and geolocation database from Cisco Talo and URL filtering from Brightcloud you need to have a Cisco appliance (NGIPS or NGFW with Firepower module).

You can always run Snort in its open source variant, host it on your own middleware box and update everything manually or via scripts. Most enterprises prefer the Cisco-branded approach though since the find the greater ease of use and availability of support to be worth the cost.

topic Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS in Network Security

Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS

Re: Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS