Over the past few months I have completed quite a few Cisco FirePOWER installations. A few hiccups occurred along the way, but overall, it was a pleasant experience. After all of the deployments were wrapped up and the dust had settled, I gathered my notes and sat down to review the product.
Installation and Configuration of Cisco FirePOWER
As with all things Cisco, their product lines are filled with countless features. To get everything working properly takes a bit of configuration and some time. That’s not necessarily a bad thing. It just means that you may want to roll up your sleeves and get more familiar with the CLI interface (vs. using ASDM). Don’t worry. Once you get the sensor configured you can jump back into the FirePOWER GUI and finish the configuration. If you need some help, take a peek at this blog and an AWESOME installation guide here. Overall, I would rate the installation and configuration process to be moderately complex.
Network Visibility and Reporting
The big hype surrounding Cisco’s FirePOWER was its Advanced Visibility and Control. And I feel that this is really where FirePOWER (and the Sourcefire IPS engine) shines. Within a few minutes of setting up the FireSIGHT console you have graphs with traffic flow, different operating systems observed on the network, most frequently used web applications, network traffic by business relevance, and a whole array of other statistics. These “widgets” can be removed/re-arranged/swapped to meet the needs of you and your environment.
What good is an IPS that can’t report on what is happening throughout the network? Not only does the FireSIGHT console do a great job of displaying near real-time data, it can also generate all kinds of reports. You can run reports on user data and application utilization, URL categories, ingress/egress traffic, intrusion events, and much more. See here for an explanation of the available reporting with Cisco FirePOWER: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Reporting.html
Maturity of the Cisco FirePOWER Product
Although Cisco did slip up a bit on the early FirePOWER releases with the 5512-X and 5515-Xs, causing quite a few performance issues, I feel they have moved forward and have put out a really stellar IPS product. The FirePOWER product lines initially launched in September of 2014, so we are closing in on almost two years of product development from the folks at Cisco. The FireSIGHT console (or “Virtual Defense Center”) comes in the form of a virtual appliance. Currently, it is available only in a VMware flavor. It is my understanding that Hyper-V support is on its way and I believe this will be out later this year.
When Cisco acquired Meraki, they soon began marrying the Meraki MX firewalls with the Sourcefire IPS engine. Four or five mouse clicks and you have an IPS policy applied to your MX appliance. And if that wasn’t enough, Cisco is still leading the Gartner ratings for IPS in the Magic Quadrant, ahead of both McAfee and IBM. Pretty impressive, huh!
Takeaways
Cisco finally has a rock solid, feature-rich IPS solution for both SMB and Enterprise spaces alike.
I hope you enjoyed the FirePOWER series (this was part 3; links to parts 1 and 2 are below). Please continue to send any questions my way.
- Cisco FirePOWER part 1: Threat defense: Cisco ASA firewall with FirePOWER services
- Cisco FirePOWER part 2: Install and deploy Cisco ASA FirePOWER
