View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0172 - ASA FirePower Malware Detection (Part 1)

Rating: 
5
Average: 5 (4 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
The video demonstrates Cisco ASA FirePower ability to perform Malware file detection and blocking. We will look at how a file is determined to contain malware, specifically executable files. We will attempt to submit a file with unknown disposition for further cloud analysis, explain the meaning of threat score, and review file analysis report. Finally, we will introduce you to Clean and Detection list and how they can be used to overwrite the default malware detection behavior. 
 
Part 1 of this video goes through file policy configuration to detect and block malware, and to submit file for cloud analysis
 
Topic:
  • File Malware Detection and Blocking
  • File Malware Dynamic and Spero Analysis
  • File Trajectory
  • File Capture and SHA256 Digest
  • File Clean and Detection List
  • Threat Score and Cloud Analysis Report
  • Endpoint FireAMP Integration

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

5 comments

Hi

I would like to know what it's for the FireAMP tab in the Firesight?

Thanks a lot, stay pending for your answer.

That is for pulling events from the cloud if you have FireAMP for endpoint solution so you can have single-pane of glass for reporting and event correlation.

And how do I got the FireAMP for endpoints, that requieres a license per user? Or how it works, and what differences exists between the Advanced Malware Protection from the Firesight and these one?

If you have any document or link with information it will be great.

Thanks a lot, stay pending for your answer.

FireAMP for endpoints is a separate prduct from FirePower and requires it own set of licenses. It is an agent that runs on user computer and being managed from the cloud, not FireSight. FireAMP on FirePower on the other hand is network-based which primarily analyses files that get passed around the network.

Here is the datasheet

http://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoi...

Thanks a lot :D