Solved: David,

DOMJAHN DAVID · ‎06-27-2016

Hi there,

can you please give a hint if OpenDNS functionality is included in Cisco FirePOWER software? Or in other words: does it make sense to have traffic to and from the internet being inspected with SourceFire functionality and also OpenDNS configured?

Thank you in advance!

Kind regards,

David

Pujita Patni · ‎06-28-2016

Hello David,

OpenDNS will definitely help us in our environment. OpenDNS will block any CnC, Malcious, bad reputation, known bad lookups. This intelligence is based on OpenDNS intelligence and intelligence added via Cisco TALOS, AMP ThreatGrid, etc.

This helps us in 2 ways,

block any traffic, any port, any protocol , north-south and east-west (not all traffic will be inspected by Firepower, we would need devices in IPS/IDS mode to span all network).
if traffic is getting inspected by Firepower, OpenDNS can mitigate a known threat even before Firepower get traffic for inspection

Hope this helps.

Regards,

Pujita

View solution in original post

Pujita Patni · ‎06-27-2016

Hello David,

In my opinion, OpenDNS and Cisco Firepower are two separate solutions. OpenDNS works at DNS layer and compliments the inspection Firepower would offer.

Typically, domain lookup will be the first operation for any network traffic (north-south/east-west) and Firepower will inspect all traffic configured to inspected. In this scenario, we can mitigate threats even before they hit our edge firewalls, IPS, web gateways, etc (Cisco Firepower).

OpenDNS now has integration with AnyConnect and has a roaming client, thus can protect all users at al times.

In Firepower 6.0, we released a new feature :

URL and DNS-based Security Intelligence: New Security Intelligence feeds based on URLs and Domain Name System (DNS) servers are provided to enhance the existing IP-based Security Intelligence capability.

DNS Inspection and Sinkholes: The same way that attackers use the SSL protocol to hide their activity, attackers use the DNS protocol with the same intentions. For that reason, and as another way to address fast flux-type attacks, the Firepower system provides the ability to intercept DNS traffic requests and take appropriate action based on the policy setting.

To answer your question, OpenDNS is not included but DNS based intelligence (via Cisco TALOS Global Threat Intelligence) and DNS inspection is included.

Hope this helps.

Thanks,

Pujita

DOMJAHN DAVID · ‎06-28-2016

Hello Pujita,

thanks for your helpful information.

Regarding "To answer your question, OpenDNS is not included but DNS based intelligence (via Cisco TALOS Global Threat Intelligence) and DNS inspection is included." - does this mean, that OpenDNS usage wouldn't add more security when FirePOWER is already in use?

Thanks,

David

Pujita Patni · ‎06-28-2016

Hello David,

OpenDNS will definitely help us in our environment. OpenDNS will block any CnC, Malcious, bad reputation, known bad lookups. This intelligence is based on OpenDNS intelligence and intelligence added via Cisco TALOS, AMP ThreatGrid, etc.

This helps us in 2 ways,

block any traffic, any port, any protocol , north-south and east-west (not all traffic will be inspected by Firepower, we would need devices in IPS/IDS mode to span all network).
if traffic is getting inspected by Firepower, OpenDNS can mitigate a known threat even before Firepower get traffic for inspection

Hope this helps.

Regards,

Pujita

Ed Padilla Jr · ‎07-15-2016

David,

I incorporated this feature in my network, and works great, in addition to the Security Intel, and your URI filtering. It reduces the amount of malware or malicious or suspicious traffic that analysts have to juggle, and focus on the real danger.

OpenDNS in FirePOWER included?