We (like anyone) get a ton of malware via SMTP. It gets blocked but I have no way to report to management what the malware was, what the business risk is, etc.
Cisco support said to turn on capture so it can get the file on Firesight, but still there is no way I can see to give me a full "This was a Locky variant that has a CVE of xxx.x, you can read more on this here"
Surely there is a place to go in Talos or via the actual SHA value to see what the malware was' no?
If it is a black listed IP (aka "Security Intelligence") it will get blocked before you can even pull it. As a result, there is no way to tell which malware it even was.
If you turn off a lot of the protective measures, like security intelligence, you'll get prettier reports, since you are then relying on your last level of defence to detect the malware - but I wouldn't do it.
Same doesn't hold true for retrospective events.... The issue is we need to understand what the threats are;' they are getting the hash or looking at it retrospectively, so you can't tell me they don't know what the malware/vulnerability is.
There is a naming convention site that helps but doesn't help me describe to management what the threat vector is, how we can plan an incident response (if one gets through), or anything other IPS types systems provide.
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE.
Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm...