Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1465
Views
5
Helpful
5
Replies

Firepower -  file trajectory

Go to solution
cadet
Level 4
Level 4

‎11-28-2019 10:34 AM - edited ‎02-21-2020 09:44 AM

Hello!

 

Network file trajectory: 

"Cisco maps how hosts transfer files, including malware files, across your network. It can see if a file transfer was blocked or the file was quarantined. This provides a means to scope, provide outbreak controls, and identify patient zero." - https://www.cisco.com/c/m/en_us/products/security/firewalls/competitive-comparison.html#~competitive=0

 

What products do customers need to offer to implement the "Network file trajectory" features?

 

If we don't put Firepower  into the east-west path of the traffic than we can not see file trajectory across customer network without additional products such as, for example, AMP for Endpoint ?!

 

So, in design (case 1 in attach) without  AMP for Endpoint do I not see file trajectory between host B and C ?

Or do I need additional Firepower between host B and C (case 2 in attach) or AMP for Endpoint on both hosts ?

 

Could you correct me if I am wrong?

Labels:
Preview file
242 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to cadet

‎11-28-2019 01:27 PM

You need ISE to quarantine. When quarantined ISE would send a DACL down to the switchport an infected device is connected to, which would restrict lateral movement within the VLAN for that device. Thus preventing the spread of malware/virus etc to other devices on the network.

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎11-28-2019 12:09 PM

Hi,

It probably wouldn't be feasible or scalable to put a Firepower appliance in between host B and C in order to filter intra VLAN traffic. You should implement AMP for Endpoints.

 

HTH

0 Helpful

Go to solution
cadet
Level 4
Level 4
In response to Rob Ingram

‎11-28-2019 12:49 PM

Definitely :)

So, does AMP for Endpoint is mandatory element in file trajectory functionality?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to cadet

‎11-28-2019 01:00 PM

Yes you use AMP4E to get that information you require. You can also integrate with ISE in order to quarantine the device in infected.
0 Helpful

Go to solution
cadet
Level 4
Level 4
In response to Rob Ingram

‎11-28-2019 01:18 PM

does Firepower can  to quarantine the device if infected without ISE ?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to cadet

‎11-28-2019 01:27 PM

You need ISE to quarantine. When quarantined ISE would send a DACL down to the switchport an infected device is connected to, which would restrict lateral movement within the VLAN for that device. Thus preventing the spread of malware/virus etc to other devices on the network.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card