Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
9412
Views
7
Helpful
5
Replies

OpenDNS vs URL filtering

Go to solution
miras
Level 5
Level 5

‎09-18-2016 08:24 AM

If you had OpenDNS setup in your environment, would you still have URL filtering on your Sourcefire network device or not?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to miras

‎10-15-2016 03:13 PM

Depending on the company size you may want to combine multiple solutions. If we are talking about a SMB customer ASA w/ Firepower Services using Security Intelligence (IP Reputation) and Web Filtering (Domain/URL Reputation) might be just enough.

In a larger deployment where the customer wants to break SSL and have a wider range of options considering web filtering, WSA would be the logical choice for web traffic. If this would not scale or the customer is not interested in a on-premise solution you may want to use CWS to complement the on-site Firepower solution which is used for NGFW features like AVC, IPS and AMP.

Which one would do a better job?

Firepower / OpenDNS / WSA are used for different purposes. Depending on the customer requirements you may have to combine these solutions.


View solution in original post

0 Helpful
5 Replies 5

Go to solution
miras
Level 5
Level 5

‎09-21-2016 06:25 PM

Anybody!!!???

0 Helpful

Go to solution
keglass
Level 7
Level 7
In response to miras

‎09-22-2016 09:29 AM

eduardxhako,

I am moving your post to the NGFW/Firewalls space in the Security community for better visibility and feedback.

Since you are a Cisco Partner, you may want to also post to the Cisco Partner Security Community for additional information.

Security

Kelli Glass

Moderator for Cisco Customer Communities

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7

‎10-15-2016 04:42 AM

As always in IT it really depends. What are you trying to achieve by using URL filtering? Do you only want to block malicious traffic or have granular control on which content users can access?

OpenDNS is great to filter out malicious domains before they are even accessed but keep in mind that OpenDNS and FirePOWER do not use the same feeds in regards to domain reputation, since Firepower uses Talos Feeds for Security Intelligence (IP/DNS Reputation) and Brightcloud feeds for URL filtering.

TCO will be higher if you use both solutions, but you will end up with a better security solution.

Let me know if this answers your question.

Go to solution
miras
Level 5
Level 5
In response to Oliver Kaiser

‎10-15-2016 02:37 PM

Thank you for your input Oliver.

I just wanted to know how different these services are from one another, or how similar.

Now, what if i wanted to use both of them for Granular Control and Block Malicious traffic? Which one would do a better job?

The other thing is, what about WSA (or CWS) for web filtering if we add that to the mix?

I know that more is better in this case, but our customer's company sizes differ. We have small ones, medium, and big ones.

What would be a good solution for each one of them? Small companies can't afford to have all of them.

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to miras

‎10-15-2016 03:13 PM

Depending on the company size you may want to combine multiple solutions. If we are talking about a SMB customer ASA w/ Firepower Services using Security Intelligence (IP Reputation) and Web Filtering (Domain/URL Reputation) might be just enough.

In a larger deployment where the customer wants to break SSL and have a wider range of options considering web filtering, WSA would be the logical choice for web traffic. If this would not scale or the customer is not interested in a on-premise solution you may want to use CWS to complement the on-site Firepower solution which is used for NGFW features like AVC, IPS and AMP.

Which one would do a better job?

Firepower / OpenDNS / WSA are used for different purposes. Depending on the customer requirements you may have to combine these solutions.


0 Helpful
Review Cisco Networking for a $25 gift card
li.common.scroll-to.top