“With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing multiple solutions. This integrated approach combines best-in-class security technology with multilayer protection integrated in a single device that is less costly than piecemeal security solutions.”

For more information, see Cisco’s product description: http://www.cisco.com/c/dam/en/us/products/collateral/security/asa-firepower-services/at-a-glance-c45-732426.pdf

Malware Patrol provides threat data compatible with Cisco ASA FirePOWER security intelligence feeds. There are three types of feeds that can be applied:

  1. IP addresses: includes IP addresses of malware C&Cs as well as those resolved from malware and ransomware DGAs.
  2. URLs: includes partial URLs used by malware and ransomware to contact command and control systems and drop zones.
  3. Domains: includes registered active domains generated via DGAs for malware and ransomware.

You can follow these simple steps to configure your Cisco ASA FirePOWER to filter malicious IPs and protect the internal network, computers and users from getting infected by malware. The same procedure can be followed to filter URLs and domains.

Cisco Firepower Login

1) Log in to Cisco FirePOWER Management Center.

Cisco Firepower Management

2) Choose Objects > Object Management.

Cisco Firepower Objects

3) Expand the Security Intelligence node, then choose Network Lists and Feeds.

Cisco Firepower Screen Shot

4) Click Add Network Lists and Feeds.
5) Enter a name for the feed (ex: MalwarePatrol_malicious_IPs).
6) Choose Feed from the Type drop-down list.
7) Enter the corresponding feed URL that can be found logging in to the Malware Patrol website.
8) Enter the corresponding feed MD5 URL that can be found logging in to the Malware Patrol website.
9) Choose the Update Frequency, we suggest one hour.
10) Choose Save.

Cisco Firepower

 

Cisco Firepower

11) Click Update Feeds.

Cisco Firepower

 

Cisco Firepower

12) Cisco ASA FirePOWER will automatically update the data feed at the chosen interval.

Cisco Firepower

13) Choose Policies / Access Control and click New Policy.

Cisco Firepower

14) Enter a meaningful Name and Description to the policy. The Default Action must be Block all traffic. On Available Devices select the devices that will be affected by the policy and click Add to Policy. When you are done, click Save.

Cisco Firepower

15) A new policy will be created. Click on Security Intelligence.

Cisco Firepower

16) On Available Objects / Networks select the object created previously (ex: MalwarePatrol_malicious_IPs), choose a zone from Available zones (Any is the default) and click on Add to Blacklist.

Cisco Firepower

17) The object and corresponding policy were created successfully. You can follow the same steps to use the other data feeds we provide.

Cisco Firepower

 

If you experience any difficulties configuring Cisco ASA FirePOWER to use Malware Patrol data feeds, please make sure it is working properly and contact our tech support at support (@) malwarepatrol.net.