Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1508
Views
0
Helpful
1
Replies

Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS

tom.neteng
Level 1
Level 1

‎05-21-2018 11:37 AM - edited ‎02-21-2020 07:47 AM

Is it possible to utilize any dynamic IPS | IDS functionality of SourceFire for known malicious IPs and geo-blocking of rogue nation states without the purchase of a dedicated IPS | IDS system.

 

Can I, for example, utilize Brightcloud | Talos to filter out all incoming connections from known malicious websites, dynamically learn IPs that are port scanning and block them, and block certain countries, similar to what a dedicated IPS | IDS would do, rather than having the connection allowed all the way?

 

Or does this functionality require an additional IPS module or third party IPS | IDS system?

 

Tom

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-21-2018 09:24 PM

To use the real-time updated security intelligence feeds and geolocation database from Cisco Talo and URL filtering from Brightcloud you need to have a Cisco appliance (NGIPS or NGFW with Firepower module).

 

You can always run Snort in its open source variant, host it on your own middleware box and update everything manually or via scripts. Most enterprises prefer the Cisco-branded approach though since the find the greater ease of use and availability of support to be worth the cost.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card