cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1618
Views
0
Helpful
1
Replies

Firepower Geo Block and Intrusion Functionality Without Dedicated IPS | IDS

tom.neteng
Level 1
Level 1

Is it possible to utilize any dynamic IPS | IDS functionality of SourceFire for known malicious IPs and geo-blocking of rogue nation states without the purchase of a dedicated IPS | IDS system.

 

Can I, for example, utilize Brightcloud | Talos to filter out all incoming connections from known malicious websites, dynamically learn IPs that are port scanning and block them, and block certain countries, similar to what a dedicated IPS | IDS would do, rather than having the connection allowed all the way?

 

Or does this functionality require an additional IPS module or third party IPS | IDS system?

 

Tom

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

To use the real-time updated security intelligence feeds and geolocation database from Cisco Talo and URL filtering from Brightcloud you need to have a Cisco appliance (NGIPS or NGFW with Firepower module).

 

You can always run Snort in its open source variant, host it on your own middleware box and update everything manually or via scripts. Most enterprises prefer the Cisco-branded approach though since the find the greater ease of use and availability of support to be worth the cost.

Review Cisco Networking for a $25 gift card