These days, protecting the network perimeter is a foregone conclusion. However, there is no longer a monolithic perimeter—there are often multiple perimeters to protect. Unauthorized attempts to cross perimeters are frequent, and the need to defend against threats is critical to protect your assets.
In any perimeter defense a key component is firewalls—the proverbial guard towers in your fortifications. They are chiefly responsible for controlling and inspecting the traffic coming into, and going out of, the network. And if they encounter unauthorized traffic or threats, they protect the network.
In this Threat Trends release, we’ll be looking atCisco Secure Firewall. In particular, we’ll be talking about itsSecure IPScomponent and theSnortrules it utilizes, examining what is regularly encountered and blocked.
To do this, we’ll look at Snort telemetry coming from Secure Firewalls, examine the most frequently encountered rules, rule categories, and consider these rules through the lens of the MITRE ATT&CK framework. The goal is to highlight the common threats that organizations encounter and block with Secure Firewall.