cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7254
Views
20
Helpful
8
Replies

Sourcefire firepower vs Cisco CX module

hello,

 

I would like to know the difference between these two technologies, (CX vs Firepower)

 

what are the major benefits in Sourcefire ips, which was not present in Cisco old CX module,

 

why someone will deploy sourcefire, if he already has Cisco IPS.

 

I tried to find, but I am not getting any major benefits in Sourcefire.

 

Thanks in Advance.

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

The older Cisco IPS was strictly signature-based and you could customize the signatures extensively - even write your own if you cared to (although few customers did so).

Likewise, the CX had a smaller set of non-customizable signatures among it's optional licensed features (IPS, AVC and WSE). It added Application Visibility and Control and Web Security Essentials, enabling context-based controls and the ability to filter web content.

Both of those are end of sales.

FirePOWER services, based on technology from the former Sourcefire company acquired by Ciscco in late 2013, includes all of the above in a much more capable and scalable platform than either the classic IPS or CX Next Generation Firewall.

It offers not only point in time security but also enables retrospective analysis to aid in remediation. It offers Advanced Malware Protection by analyzing files passing through the sensor in real time by making a SHA-256 hash of the file contents and querying cloud-based resources to detect malware. Those are just a few of its advantages.

@Marvin: can you explain me technical difference between cx and firepower,

 

how both does packet inspection?

The packet inspection process in FirePOWER is explained in great detail in several Cisco Live presentations.

I recommend you refer to "BRKSEC-2028 Deploying Next-Generation Firewall Services on the ASA (2015 San Diego)".

The CX isn't covered in quite as much detail but the older presentation "BRKSEC-2699 - Deploying Next Generation Firewalling with ASA-CX (2013 London) " does a decent job explaining how it works.

hey Marvin,

Cisco live videos are not playing, it shows "attempting to reload please wait" 

The page you requested is not currently available.

 

can you help?

Thanks

I'm just a partner and don't work for Cisco so I can't help you with that one.

For what it's worth, I just checked both sessions' vidoes from my PC and they worked fine.

ok,

I have several queries about Sourcefire,

first I m confused with cisco term:

Cisco Next generation firewall

Cisco Next generation IPS

Cisco AVC+IPS, means AVC and IPS are two different things,

AVC is part of firewall? or but Visibility is considered in IPS, 

ESA and WSA with Sourcefire?

What about signature database in cx and firepower?

Please help me out 

Thanks

 

The terms aren't precise scientific terms but rather a combination of commonly used industry terms combined with product positioning or marketing.

Generally speaking, Cisco most commonly used the term Next Generation Firewall to refer to the ASA firewall with the CX module.

Next Generation IPS refers in Cisco terms generally to anything with the FirePOWER technology from the Sourcefire acquisition built into it. That includes ASA firewalls with FirePOWER service modules as well as dedicated FirePOWER appliances.

AVC is the ability to inspect packet content to determine Application content and behavior in order to assess risk and enforce policy. There is very rudimentary AVC in a base ASA in that we can do things like regex matching on http payload in an inspection. It's generally not considered as a serious way to enforce policy. When we use the more full-featured AVC (CX term) or Control (FirePOWER term) as a source of data for matching Intrusion Prevention System profiles and blocking, warning etc., it's IPS.

ESA and WSA are complimentary products to the FirePOWER set, providing much more granular control over emails and web content filtering respectively. There is some overlap and each of those two has the option to add-on Advanced Malware Protection (AMP) in ways specific to their function. Also, we can do URL filtering with FirePOWER, although the WSA provides additioanl layers of control and scalability in that specific area.

The CX has the concept of signature updates if you have the IPS feature license. It does not allow fine grained selection of the signatures nor customizing the signatures used. There are also updates to the AVC profiles.

The FirePOWER products have a combination of updates - SNORT Rule updates, Vulnerability Database updates and Geolocation updates.

AMP also has dynamic cloud-based lookup of file hashes to determine disposition of files when analyzing for potential malware.

thanks Marvin,

I would like to ask you that how can we reduce false positive in our Network,

I am seeing Firesight Recommendation in Sourcefire, which is I think not present in old CX

and how This whole things works,

 how to stop useless connection events,if my internal user is 100, then my connection events should not be much higher,

firesight recommendation and security intelligence are same,

the total agenda is reduce sensor to unneccessary processing

 

Thanks 

Review Cisco Networking for a $25 gift card