Porównanie systemów firewall

Cisco Firepower employs continuous analysis, beyond the event horizon (point-in-time) and can retrospectively detect, alert, track, analyze, and remediate advanced malware that may at first appear clean or that evades initial defenses and is later identified as malicious.

 

Cisco

Palo Alto Networks

Fortinet

Check Point Software Technologies

Security Features

Continuous analysis and retrospective detection

 

ü

 

Cisco Firepower employs continuous analysis, beyond the event horizon (point-in-time) and can retrospectively detect, alert, track, analyze, and remediate advanced malware that may at first appear clean or that evades initial defenses and is later identified as malicious.

Limited

 

Point-in-time only. (Point-in-time analysis indicates that a verdict is made on the disposition of a file at the moment it is first seen. If a file morphs or begins acting maliciously later, there are no controls in place to keep track of what happened or where the malware ended up.)

Network file trajectory

 

Continuous

 

Cisco maps how hosts transfer files, including malware files, across your network. It can see if a file transfer was blocked or the file was quarantined. This provides a means to scope, provide outbreak controls, and identify patient zero.

X

 

Trajectory dependent on continuous analysis.

 

Impact assessment

 

ü

Cisco Firepower correlates all intrusion events to an impact of the attack, telling the operator what needs immediate attention. The assessment relies on information from passive device discovery, including OS, client and server applications, vulnerabilites, file processing, and connection events, etc.

Limited

Impact is measured only against threat severity. No host profile information to determine if host is actually vulnerable to threat.

Security automation and adaptive threat management

 

ü

 

Cisco automatically adapts defenses to dynamic changes in the network, in files, or with hosts. The automation covers key defense elements such as NGIPS rule tuning and network firewall policy.

Limited

 

All policies require administrator interaction. Policies are limited to basic tuning. False positives are manually identified and mitigated.

Limited

 

Policies require administrator interaction.

 

Behavioral indicators of compromise (IoCs)

 

ü

 

Cisco Firepower considers file behavior and the reputation of sites, and correlates network and endpoint activity using 595 behavioral indicators. It provides billions of malware artifacts for unmatched scale and coverage from global threats.

Limited

 

Standard, nonbehavioral IoCs are available in separate product.

Limited

 

IoCs are based upon threat severity, not behavior.

User, network, and endpoint awareness

 

ü

 

Limited

User awareness only.

Limited

User awareness only unless separate endpoint software is used.

NGIPS

 

Next-gen

 

Next-generation IPS with real-time contextual awareness and network mapping.

Signature-based

Integrated advanced threat protection

 

ü

 

Built-in, dynamic sandboxing capabilities (AMP-ThreatGrid), detects evasive and sandbox-aware malware, actionable event correlations, 595 behavioral IoCs, billions of malware artifacts, and easy-to-understand threat scores.

Limited

 

Sandbox available as cloud subscription or on-premises appliance.

Malware remediation

ü

 

Intelligent automation from Cisco AMP for Networks allows you to quickly understand, scope, and contain an active attack even after it happens.

Limited

 

No root cause or trajectory results in an unknown threat scope. Remediation is a manual process during post-breach incident response.

Threat Intelligence (Talos)

Unique malware samples per day

1.5 million

10s of thousands

Threats blocked per day

 

19.7 billion*

* Excludes email

Not reported

Email messages scanned per day

600 billion

Of the 600B scanned, more than 85% are spam.

Not reported

6 million

Not reported

Web requests monitored per day

16 billion

Web requests monitored by WSA/CWS per day. For perspective, Google processes 3.5 billion searches per day.

Not reported

35 million

Not reported

Automated intelligence feeds

ü

Security intelligence feeds are updated every 2 hours, adjustable to 5-minute intervals.

ü

 

Operational Capabilities

Scanning architecture

Single pass

Single pass

ASIC

Multipass

Software-defined segmentation

ü

Cisco TrustSec and ACI provision security services separated from workload and deployment (physical, virtual, cloud). Security group tags (SGTs) segment software in the network.

X

 

Automatic threat containment

ü

Cisco Rapid Threat Containment automates quarantine actions by the Cisco Identity Services Engine.

X

 

Operations and management

Excellent

Combined security and network operations. One console or HA pair of consoles provides all updates, patching, reporting, and threat information.

Limited

Single UI for NGFW management. Additional UIs for malware, endpoint, or any other platform features.

Limited

Single UI for NGFW management. Additional product and UI for logging and events. Additional product and UI for sandboxing.

Excellent

Single manager of managers for each individual function of NGFW, ATP, etc.

Deployment models

Typical

Appliance, virtual instance (VMware), and public cloud (AWS and Azure)

Typical

Appliance, virtual instance (VMware), and public cloud (AWS and Azure)

eStreamer API

ü

Cisco Firepower can stream event data and host-profile information to client applications, SIEM and SOC platforms, enhancing your actionable intelligence.

X

 

Remediation API

ü

Cisco Firepower can work in conjunction with third-party products. It can change an asset’s VLAN or access controls, or even open a ticket with the help desk.

X

 

host API

ü

Other systems such as inventory, vulnerability & asset management, and Nmap can feed data into the Cisco Firepower platform.

X

 

Critical Infrastructure (ICS/SCADA)

Hardened and ruggedized versions available

ü

 

X

Must run VM version of NGFW on a separate server; includes loading and managing a supported hypervisor.

ü

 

ü

 

Base feature set

NGFW, AMP, NGIPS, threat intelligence

NGFW includes application visibility, URL filtering, IPS, antivirus, user identity. Firepower also includes all key security enhancements mentioned above, such as NGIPS, Advanced Malware Protection (AMP), retrospection, impact analysis, etc.

NGFW only

SCADA rules

 

~250

~250 rules based on Snort. Talos provides rules geared toward ICS industry. Third-party rules can be imported. Customers can build rules.

~100

~300

~180

Modbus, DNP, CIP pre-processors

ü

Modbus, DNP3, and BACnet. SCADA protocols are available through the Firepower system.

ü

Modbus, DNP3, OPC, ICCP, IEC 61850

ü

Modbus, DNP3, BACNet, MMS, OPC, Profinet, ICCP, IEC.60870.5.104, IEC.61850

ü

Modbus, DNP3, BACNet, MMS, OPC, Profinet, ICCP, IEC.60870.5.104, IEC.61850

Service Provider

Carrier-class certification

ü

NEBS Level 3

X

 

ü

NEBS Level 3

ü

NEBS Level 3

Carrier-class features

 

ü

sSmallScreen GTP v2, CG-NAT, Diameter, SCTP, SIP-signaling firewall

X

 

ü

GTP v2, CG-NAT, Diameter, SCTP, SIP-signaling firewall

ü

GTP v2, CG-NAT, Diameter, SCTP, SIP-signaling firewall

Third-party services stitching

ü

Third-party and native containers can be seamlessly stitched together to run with Firepower Threat Defense.

X

 

True DDoS

ü

Radware DefensePro vDOS container is integrated directly into the NGFW system (Cisco Firepower 9300).

 

X

 

Limited

Requires separate product.

Limited

Requires separate product.

Od samego początku naszej działalności stawialiśmy na profesjonalne podejście do naszych Klientów

Network w liczbach

0
lat na rynku
0
realizacji
0
Klientów
0
projektów powyżej 100,000zł

Od samego początku naszej działalności stawialiśmy na profesjonalne podejście do naszych Klientów

Network w liczbach

0
lat na rynku
0
realizacji
0
Klientów