Threat Intelligence Feeds or Reputation-Based filtering is a crucial part of the security configuration to prevent the intruders from entering the network. As security administrators, we want to ensure that the intruders do not compromise the network under any circumstances. Reputation-based filtering can be performed based on the following:
- IP Address
- URL
- DNS Domains
TALOS provides the Threat Intelligence Feeds and updates them regularly. Firepower Threat Defense devices ingest these feeds through the management console, which can be either Firepower Management Center or Firepower Device Manager. The user can configure the frequency of updating the feeds.
While TALOS provides a comprehensive list of feeds, the key is to collaborate and integrate with third-party sources for threat intelligence.
Cisco Threat Intelligence Director (TID) provides the capability for third-party integration of security feeds. TID enhances the system’s ability to block connections that are based on Security Intelligence Feeds from third-party sources such as the following:
- TID supports an extra SHA-256 parameter that has values in addition to IP and URL.
- TID supports other ingestion parameters such as STIX and TAXII.
TID configuration does not require policy redeployment.
This feature is available on FMC version 6.2.2 or above with 15GB memory.
To know more about Third-Party Integration of Security Feeds with FMC (Cisco Threat Intelligence Director), read:
Cheers!!
- Raghunath Kulkarni
