Cisco Firepower Web Application Firewall is an integrated, threat-focused next-generation firewall designed to provide visibility and protection from network to endpoint. Utilizing an advanced threat intelligence service, it offers control of over 4,000 commercial applications.
The ASA comes equipped with anti-malware features that work by filtering incoming traffic against known malware signatures to stop infections from spreading throughout a network.
Security Intelligence
WAFs offer key capabilities that help protect APIs against automated attacks, enabling DevOps teams to deliver apps faster without compromising security and agility, while also helping organizations strengthen their cybersecurity practices.
One key feature is its granular WAF protection, enabling you to customize responses based on specific characteristics relating to an attack – including URL, parameter and cookie protection as well as anti-bot & anti-DDoS protection.
Cisco provides an innovative suite of next generation firewall management tools which facilitate centralized control over multiple appliances. Their Firepower Management Center enables automated policy modifications while simplifying network security services into one consolidated solution.
The interface is user friendly and simple to navigate, featuring context menus on certain pages for accessing additional data and options that correspond with the domain and predefined user roles that you have selected. Furthermore, right-click context menus support viewing nested files in archive files.
Application Detectors
Firepower NGFW features an application identification and filtering capability to prevent malicious applications from circumventing firewall rules using ports to circumvent them, protecting against threats attempting to hide their activities by encrypting data or employing SSL certificates, while other features like URL reputation and advanced malware protection provide further safeguards.
NGFWs can analyze traffic at a deeper layer than traditional firewalls can, providing more in-depth analysis that includes identification of devices (e.g. iPad or PC), users and applications used. With this knowledge comes the ability to create policies which block or allow traffic.
Local Malware Analysis: When performing Local Malware Analysis, files are examined locally using a rule set provided by Cisco TALOS. This option can be combined with Spero Analysis and Dynamic Analysis to accurately detect whether they contain malware; then their disposition can be marked Unknown, Clean or Malware depending on its results of analysis.
Inspection
The Firepower System employs inspection features to detect and block malware, viruses, attacks on web applications, and other threats. For instance, this system applies intrusion prevention system (IPS) and file inspection rules when traffic that matches access control rules arrives; additionally it recognizes application protocols in network traffic as well as basic and advanced custom application detectors that you can configure as needed.
Internal detectors detect traffic based on application fingerprints provided with the VDB or system updates, and you have control of activating or deactivating these detectors as desired. Furthermore, you can create and import your own application protocol detectors as desired.
Some events feature hotspots that allow you to take specific actions, such as adding files to the clean list or custom detection list, viewing their vulnerability description, downloading a copy of it from our server for local malware analysis or dynamic analysis and setting the rule state. You can also click icons on many events for event details in separate windows.
Logging
Web Application Firewalls have an inbuilt malware protection engine which scans incoming traffic for known malicious signatures, and blocks them as soon as they arrive. In addition, they protect against attacks targeting web application layers such as cross-site request forgery, cookie theft and data breach attempts.
Compliance and monitoring purposes require firewall logging features for compliance and monitoring purposes. Cisco ASA firewalls offer multiple logging options, and can be configured to record both connection and file events. An access rule’s logging settings determine whether connection events are generated for traffic that matches its rule; file event logging is enabled by default with file policies; additionally, these settings appear both in dashboard data and Event Viewer.
ASA NGFW supports various application and web filtering rules designed to detect patterns of network traffic that indicate the presence of application protocols. System-provided protocol detectors are delivered via VDB update or system update; custom detectors may also be created by users themselves.