cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

228
Views
5
Helpful
5
Replies
Enthusiast

Firepower -  file trajectory

Hello!

 

Network file trajectory: 

"Cisco maps how hosts transfer files, including malware files, across your network. It can see if a file transfer was blocked or the file was quarantined. This provides a means to scope, provide outbreak controls, and identify patient zero." - https://www.cisco.com/c/m/en_us/products/security/firewalls/competitive-comparison.html#~competitive=0

 

What products do customers need to offer to implement the "Network file trajectory" features?

 

If we don't put Firepower  into the east-west path of the traffic than we can not see file trajectory across customer network without additional products such as, for example, AMP for Endpoint ?!

 

So, in design (case 1 in attach) without  AMP for Endpoint do I not see file trajectory between host B and C ?

Or do I need additional Firepower between host B and C (case 2 in attach) or AMP for Endpoint on both hosts ?

 

Could you correct me if I am wrong?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Firepower -  file trajectory

You need ISE to quarantine. When quarantined ISE would send a DACL down to the switchport an infected device is connected to, which would restrict lateral movement within the VLAN for that device. Thus preventing the spread of malware/virus etc to other devices on the network.

View solution in original post

5 REPLIES 5
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Firepower -  file trajectory

Hi,

It probably wouldn't be feasible or scalable to put a Firepower appliance in between host B and C in order to filter intra VLAN traffic. You should implement AMP for Endpoints.

 

HTH

Enthusiast

Re: Firepower -  file trajectory

Definitely :)

So, does AMP for Endpoint is mandatory element in file trajectory functionality?

VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Firepower -  file trajectory

Yes you use AMP4E to get that information you require. You can also integrate with ISE in order to quarantine the device in infected.
Enthusiast

Re: Firepower -  file trajectory

does Firepower can  to quarantine the device if infected without ISE ?

Highlighted
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: Firepower -  file trajectory

You need ISE to quarantine. When quarantined ISE would send a DACL down to the switchport an infected device is connected to, which would restrict lateral movement within the VLAN for that device. Thus preventing the spread of malware/virus etc to other devices on the network.

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here