08-15-2019 08:50 AM - edited 02-21-2020 09:24 AM
Hi everyone,
We have deployed a pair of 2100 in place managed by FMC back in 6 months ago. We also have some subscription to Cisco for malware and antivirus..etc.
My boss just mentioned one CDN provider...which they introduced some of the security or protections they can offer us to secure better our web servers, and even our network infrastructure. They claim that their service can protect from DDoS mitigation, SQL injections, reflection attacks, SMURF attacks, and some other attacks like ACK and layver 7...firepower
Do you think the Cisco Firepower with the annual subscriptions already provides the protections against those attacks mentioned? Or it is good/necessary to have it as "extra protection"? The vendor claims that no extra software/hardware needed...
May you tell me your opinions on this?
Thank you for your help in advance.
Takami Chiro
Solved! Go to Solution.
08-17-2019 04:28 AM
I can't determine your risk profile. If it makes sense for your business then have at it. I'd only advise you to take marketing (from Cisco or anybody) with a grain of salt - be skeptical and don't fall for the hype.
Speaking of marketing (haha) you might consider Cisco Umbrella with the Secure Internet Gateway (SIG) Essentials (that's the new top tier subscription plan).
Also with Umbrella you get the added benefit of Cisco's Cyber Threat Response (CTR) that integrates threat intelligence with your context from Umbrella, AMP for Endpoints, Firepower, ESA etc. into one visibility console.
08-15-2019 09:13 PM
A Content Delivery Network or CDN might be able to provide those protections for web servers whose content they host.
I cannot see how they could possibly provide those protections for your internal network though. Your traffic does not flow through their systems.
08-16-2019 10:27 AM
Hi Marvin,
Good morning! I hate to do free advertise :) but the company name is called Cloudflar_
I think what they do is to "intercept" all the web/dns queries by their own dns server before passing the traffic to us.
So do you think my Firepower also provide a same task or protection...or is this service a good add-on?
Thank you!
Takami Chiro
08-17-2019 04:28 AM
I can't determine your risk profile. If it makes sense for your business then have at it. I'd only advise you to take marketing (from Cisco or anybody) with a grain of salt - be skeptical and don't fall for the hype.
Speaking of marketing (haha) you might consider Cisco Umbrella with the Secure Internet Gateway (SIG) Essentials (that's the new top tier subscription plan).
Also with Umbrella you get the added benefit of Cisco's Cyber Threat Response (CTR) that integrates threat intelligence with your context from Umbrella, AMP for Endpoints, Firepower, ESA etc. into one visibility console.
08-19-2019 07:22 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide