Solved: OpenDNS vs URL filtering

miras · ‎09-18-2016

If you had OpenDNS setup in your environment, would you still have URL filtering on your Sourcefire network device or not?

Oliver Kaiser · ‎10-15-2016

Depending on the company size you may want to combine multiple solutions. If we are talking about a SMB customer ASA w/ Firepower Services using Security Intelligence (IP Reputation) and Web Filtering (Domain/URL Reputation) might be just enough.

In a larger deployment where the customer wants to break SSL and have a wider range of options considering web filtering, WSA would be the logical choice for web traffic. If this would not scale or the customer is not interested in a on-premise solution you may want to use CWS to complement the on-site Firepower solution which is used for NGFW features like AVC, IPS and AMP.

Which one would do a better job?

Firepower / OpenDNS / WSA are used for different purposes. Depending on the customer requirements you may have to combine these solutions.

View solution in original post

miras · ‎09-21-2016

Anybody!!!???

keglass · ‎09-22-2016

eduardxhako,

I am moving your post to the NGFW/Firewalls space in the Security community for better visibility and feedback.

Since you are a Cisco Partner, you may want to also post to the Cisco Partner Security Community for additional information.

Security

Kelli Glass

Moderator for Cisco Customer Communities

Oliver Kaiser · ‎10-15-2016

As always in IT it really depends. What are you trying to achieve by using URL filtering? Do you only want to block malicious traffic or have granular control on which content users can access?

OpenDNS is great to filter out malicious domains before they are even accessed but keep in mind that OpenDNS and FirePOWER do not use the same feeds in regards to domain reputation, since Firepower uses Talos Feeds for Security Intelligence (IP/DNS Reputation) and Brightcloud feeds for URL filtering.

TCO will be higher if you use both solutions, but you will end up with a better security solution.

Let me know if this answers your question.

miras · ‎10-15-2016

Thank you for your input Oliver.

I just wanted to know how different these services are from one another, or how similar.

Now, what if i wanted to use both of them for Granular Control and Block Malicious traffic? Which one would do a better job?

The other thing is, what about WSA (or CWS) for web filtering if we add that to the mix?

I know that more is better in this case, but our customer's company sizes differ. We have small ones, medium, and big ones.

What would be a good solution for each one of them? Small companies can't afford to have all of them.

Oliver Kaiser · ‎10-15-2016

Depending on the company size you may want to combine multiple solutions. If we are talking about a SMB customer ASA w/ Firepower Services using Security Intelligence (IP Reputation) and Web Filtering (Domain/URL Reputation) might be just enough.

In a larger deployment where the customer wants to break SSL and have a wider range of options considering web filtering, WSA would be the logical choice for web traffic. If this would not scale or the customer is not interested in a on-premise solution you may want to use CWS to complement the on-site Firepower solution which is used for NGFW features like AVC, IPS and AMP.

Which one would do a better job?

Firepower / OpenDNS / WSA are used for different purposes. Depending on the customer requirements you may have to combine these solutions.