Staying ahead of threats requires constant innovation and rigorous standards. Cisco's Cisco Secure Firewall has long been a cornerstone in network security, and the release of version 7.4 marks a significant milestone. Not only does this version introduce a suite of new features, but it has also earned a coveted spot on the Department of Defense Information Network (DoDIN) Approved Products List (APL). This blog will explore the new features of Cisco Firewall Threat Defense 7.4.
Cisco Firewall Threat Defense 7.4 brings a host of enhancements designed to bolster security, improve performance, and streamline management. Here are some of the standout features:
Encrypted Visibility Engine: The encrypted visibility engine (EVE) uses machine learning to provide insights into the encrypted sessions without having to decrypt. To use this feature all you need is a valid IPS license and SNORT 3. EVE analyzes traffic and gives a score based on the probability that the process is malware. Organizations can now opt to block traffic based on this threat score. If the threat score is above the configured threshold, the traffic is blocked. This is supplemental to decryption and not meant to replace it.
Note: The Default threshold score is set very high, administrators can modify this in advanced mode.
Snort 3.0 can detect HTTP/3 and Server Message Block (SMB) over QUIC using EVE, and generate indications of compromise (IOC) based on unsafe client applications detected by EVE.
Enhanced Analytics: Organizations can now get detailed TLS fingerprint information from connection events. This involves computing fingerprint strings from packet fields, considering DNS top-level domains, and continuously training data-driven models. It allows the NGFW to provide threat confidence and score, indicating the likelihood of a flow being sourced by malware, and to enforce centralized TLS policies for high-performance encrypted traffic inspection.
Snort 3.0 allows the creation of custom intrusion policies, enabling more tailored and robust security features. Snort 3.0 also improves JavaScript inspection by normalizing the JavaScript and matching rules against the normalized content, which helps in detecting more complex threats.
Enhanced Malware Protection: Leveraging machine learning and AI, the new version offers improved detection and mitigation of sophisticated malware threats. Learn more.
Behavioral Analytics: The firewall now includes advanced behavioral analytics to identify and respond to anomalous activities in real-time.
Optimized Throughput: Version 7.4 has been fine-tuned to deliver higher throughput, ensuring that security measures do not compromise network performance.
Scalable Architecture: The new release supports a more scalable architecture, making it suitable for both small enterprises and large organizations. Cisco can scale up to meet the throughput requirements your mission requires. This can be done with a virtual or physical device.
Snort 3.0 offers better detecting capabilities and performance improvements. This is crucial for handling sophisticated and high-volume traffic. This is critical for public sector customers handling sophisticated and high-volume traffic. In addition, with Snort 3.0 administrators have the ability to nest rule groups in an intrusion policy allowing for more granular traffic handling, which is beneficial for detailed threat analysis and response.
Snort 3.0 can now consume NetFlow records, generating NetFlow connection events and adding host and application protocol information to the database based on NetFlow data.
Unified Management Consol:A revamped management console provides a more intuitive interface, simplifying the configuration and monitoring of security policies.
Automated Policy Management: Automation features have been enhanced to reduce the administrative burden and minimize human error.
API Enhancements: Improved APIs facilitate better integration with third-party security tools and platforms, allowing for a more cohesive security ecosystem.
Cloud Security Enhancements: The new version offers better integration with cloud environments, providing consistent security across on-premises and cloud infrastructures.
Cisco Secure Firewall inclusion on the Department of Defense Information Network (DoDIN) Approved Products List (APL) means it meets the DoD standards. The purpose of Department of Defense Information Network Approved Products List (DODIN APL) is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification. Use of the DODIN APL allows DOD Components to purchase and operate systems over all DOD network infrastructures. Here are the key benefits of Cisco Firewall Threat Defense 7.4 being on the DoDIN APL:
Rigorous Testing: Products on the DoDIN APL undergo extensive testing to ensure they meet the highest security and performance standards.
DoD Endorsement: Being on the APL means that the DoD permits the product for use within its networks, which can significantly boost its credibility in both public and private sectors.
Additionally, it should be noted that the National Security Agency (NSA) has recently developed and released the Cisco Firepower Threat Defense (FTD) Hardening Guide, a comprehensive resource designed to fortify Cisco Firepower Threat Defense customers' cyber defense capabilities. This hardening guide reflects how collaboration between a variety of groups across both the public and private sectors can increase everyone's success in securing infrastructure. For more on the NSA FTD Hardening Guide, check out Norm St. Laurent's Blog.
Simplified Acquisition: Government agencies can procure Cisco Firewall Threat Defense 7.4 more easily, knowing it meets DoD requirements. This can expedite the acquisition process and reduce administrative overhead.
Interoperability: Products on the APL are tested for interoperability within the DoDIN environment.
Advanced Protection: With its advanced threat detection and prevention capabilities, Cisco Firewall Threat Defense 7.4 provides robust protection against evolving cyber threats, enhancing the overall security posture of networks.
Commercial Sector Confidence: Inclusion on the DoDIN APL can also reassure commercial enterprises of the product's quality and security, potentially broadening its market appeal.
Cisco Firewall Threat Defense 7.4 represents a significant advancement in network security, offering enhanced threat detection, improved performance, and streamlined management. Its inclusion on the DoDIN APL underscores its reliability and compliance with stringent security standards. As cyber threats continue to evolve, Cisco Firewall Threat Defense 7.4 stands ready to protect networks with cutting-edge technology and trusted performance.