<Partner Logo>

Cisco Firepower Next-Generation

Intrusion Prevention System
Partner/Reseller Version

RFX Q&A for <<client>>

July 2018

Example Graphic Only

Please replace with an appropriate cover

page image. You can also obtain images
from Cisco Partner Marketing.

Suggested image size: 5.2”h x 7.33”w

Layout: “Behind text” Wrapping

This proposal is being provided by a Cisco authorized reseller utilizing a Cisco solution. Certain technical and other
information in this response may have been provided by Cisco; however, nothing herein shall be construed as a quotation
or offer to contract directly with Cisco. The Cisco logos, trademarks and other information provided by Cisco appear in this
response with Cisco’s permission and are proprietary and confidential information of Cisco Systems, Inc. All other
information, including any pricing information, is provided by the Cisco authorized reseller and not by Cisco, and any
relationship resulting from this response will be directly with such reseller and not Cisco.

<Insert Cisco
<<UserName>> ● <<UserPhone>> ● <<UserEmail>> Partner Logo>
Click Here
 <PartnerLogo>
<clientLogo>

Template Instructions
Instructions are given in text boxes as demonstrated below.

NOTE TO USER: THIS IS BOILERPLATE CONTENT. YOU WILL NEED TO CUSTOMIZE TO FIT THE
CUSTOMER’S OBJECTIVES AND CHALLENGES. THIS DOCUMENT IS PROVIDED AS IS AND MAY NOT BE
APPROPRIATE FOR ALL SITUATIONS.
RESELLER SHALL BE RESPONSIBLE FOR THE CONTENTS OF THIS DOCUMENT.

1. Perform a manual Find and Replace on information found in << >> including the following fields in
order to populate your custom information:
<<client>>
<<PartnerName>>
<<UserName>>
<<UserPhone>>
<<UserEmail>>
<<UserFirstName>>
2. For every use of <Future Feature. Check with Cisco BU>, be sure to follow-up with the business unit
on whether to include this feature when sending to a customer.
3. Be sure to click on all URLs and verify it they are still current before sending to a customer.
4. Remove all yellow highlights from text within the document:
a. Press Ctrl + A to select all text in the document.
b. On the Home tab, in the Font group, click the arrow next to Text Highlight Color.
c. Select No Color to remove yellow highlight from all text.
5. Insert Partner Logo and Customer Logo in the Header.
6. Delete all text boxes (as appropriate) before submitting to a customer.
7. Select the Table of Contents, press F9 to update or right-click and select Update Field. Then select
one of the following options:
a. Update page numbers only
b. Update entire table
8. Note these best practices:
a. When pasting in text, it is best to select “Keep Text Only” to preserve the formatting of this
document.
b. To add cells to a table, click on the table, and under the Table Tools > Layout box (for Mac
users, select the Tables > Table Layout tab), select one of the insert row or column
options.
c. Utilize the document’s Style formats. They have been preformatted for ease of use.
9. Convert document to PDF before submitting to prevent unwanted changes.
10. Delete the Template Instructions page before submitting to a customer.

<<PartnerName>> ● CONFIDENTIAL
Cisco Firepower NGIPS – Partner/Reseller Version RFX Q&A
-i-
 <PartnerLogo>
<clientLogo>

Table of Contents
CISCO FIREPOWER NEXT-GENERATION INTRUSION PREVENTION SYSTEM ................................................... 1
OVERVIEW ............................................................................................................................................................ 1
VISIBILITY ............................................................................................................................................................. 3
MANAGEMENT.......................................................................................................................................... 4

<<PartnerName>> ● CONFIDENTIAL
Cisco Firepower NGIPS – Partner/Reseller Version RFX Q&A
- ii -
 <PartnerLogo>
<clientLogo>

CISCO FIREPOWER NEXT-GENERATION INTRUSION

PREVENTION SYSTEM
Overview
1. What is a next-generation intrusion prevention system (NGIPS)?
Response: An intrusion prevention system (IPS) inspects network traffic trying to find known attack
signatures. It then either alerts on the attack, or stops the network traffic from proceeding, depending on
how it is deployed. A next-generation IPS (NGIPS) extends this capability to enable the following:

 Include extensive coverage of network protocols in order to identify a wider range of attacks

 Provide contextual awareness, or information about your network environment that will help better
evaluate intrusion events and blocking decisions

 Support content awareness by identifying files and file types as they traverse your network; this is very
important in malware protection

 Identify both applications and users to provide granular access control and facilitate faster
investigations

 Deploy various methods to address advanced threats, including the ability to identify suspicious
payloads and send it to an integrated device or cloud service to positively identify potential malicious
files

 Include actionable threat intelligence on spam, phishing, botnets, malicious websites, web exploit
toolkits, and malware activity

2. Describe the Cisco Firepower NGIPS solution.

Response: <<PartnerName>> is pleased to propose Cisco Firepower Next-Generation IPS (NGIPS)
threat appliances which combine superior visibility, embedded security intelligence, automated analysis,
and industry-leading threat effectiveness. You can get better protection against today’s sophisticated
attacks. You can stop more threats, gain more insight into your environment, and protect your digital
business initiatives.

3. How does the solution protect against web attacks?

Response: Intelligence provided by the integrated URL filtering reduces the threat plane. It allows
you to establish access controls and blocks high-risk web addresses (for example, gambling and
pornographic websites) and offers alerting and control over suspect web traffic. It enforces policies on
more than 280 million URLs in more than 80 categories. Cisco, the developer, accurately analyzes URLs
and associates a reputation score for each one to help users avoid high-risk web addresses. This meets
compliance needs and protects against spam, URL-based viruses, phishing attacks, and spyware.

4. How does the solution offer intelligent security automation?

Response: The proposed Cisco Firepower NGIPS incorporates automation, correlation and
integration to provide better security, reduce management complexity, and do more with less staff. An
example is to use the contextual awareness information to better analyze your intrusion events. By

<<PartnerName>> ● CONFIDENTIAL
Cisco Firepower NGIPS – Partner/Reseller Version RFX Q&A
-1-
 <PartnerLogo>
<clientLogo>

automatically correlating threat information with the vulnerabilities of targeted assets, Cisco is able to
automatically assess each threat and prioritize which intrusion events are impactful and should be
immediately investigated by your security teams. Actionable, prioritized events are valuable in streamlining
operations.

Indications of Compromise (IoCs) provide another method of threat detection for unknown threats. Specific
events from multiple sources are correlated against the affected hosts in order to highlight hosts that are
potentially compromised, enabling your analysts to investigate before severe damage can occur.

5. What information is used to prioritize threats?

Response: The proposed Cisco Firepower NGIPS matches contextual data with vulnerability
management information from Cisco Talos Security Intelligence and Research Group (Talos), available
through <<PartnerName>>. This is an elite group of 600 security researchers and threat analysts that
analyze 600 billion emails, more than 1 billion web queries, nearly 1.5 million malware samples and
50,000 network intrusions every day to identify the latest threats and vulnerabilities. You can take
advantage of early-warning insights and vulnerability analysis with the industry’s largest collection of real-
time threat intelligence. They use a number of tools, including big-data machine learning, advanced
forensics, and intelligence cultivated and curated from Cisco and third-party threat feeds. Talos enhances
the proposed solution’s capabilities with automatic updates every 3-5 minutes for the following:

 IPS rules and signatures

 Indicators of Compromise (IoCs)

 Vulnerability management information

 Known bad and suspect URLs

 IP-based security intelligence

 DNS-based security intelligence

 URL-based security intelligence

 AMP rules and signatures

6. How scalable is the solution?

Response: The proposed solution is scalable in several ways. Different Cisco Firepower appliances
are designed to be able to inspect network traffic ranging from 50 Mbps to 132 Gbps to best match your
traffic needs. From a management perspective, different appliance models provide a single management
interface to manage from 25 up to 750 NGIPS appliances. This allows you to maintain the same high level
of deep packet visibility and threat effectiveness as you increase network speeds. This is accomplished
without trade-off between line speed and protection.

7. Can the solution help remediate the effects of an attack?

Response: Yes. For unknown attacks, the proposed Cisco Firepower NGIPS sends suspicious files to
its integrated sandboxing solution for detailed behavioral analysis. This enables the identification and
containment of malicious software before any attack signature has been developed.

After an attack, remediate with speed if a threat does manage to evade your first line of defense. The
proposed solution makes it possible to decrease the time it takes from when an attack has been
successful to when you know about it. It allows you to quickly understand the attack, determine the scope
of the damage, apply easy-to-use blocking techniques to contain the event, and update your rules to watch

<<PartnerName>> ● CONFIDENTIAL
Cisco Firepower NGIPS – Partner/Reseller Version RFX Q&A
-2-
 <PartnerLogo>
<clientLogo>

for similar attacks. Regardless of which method is used to identify a successful unknown attack, the
proposed solution gives you the ability to track everywhere that malware has gone. Compromises that
would have gone undetected for months can be identified, scoped, contained, and remediated in days or
even hours.

8. Can an NGIPS solution be deployed in a virtual environment?

Response: Yes. The proposed solution is available in a virtual format for use on VMware, also
available through <<PartnerName>>.

9. Has the NGIPS solution received third-party validation of its security effectiveness?
Response: Cisco has achieved a recommended rating or better from NSS Labs. No other company
has the lasting security effectiveness we do.

10. What is the solution’s time to detection?

Response: For the period from December 2015 through April 2016, the median TTD was about 13
hours. That figure is the weighted average of the five medians for the period observed. The proposed
solution’s median TTD is far below the industry estimate of 100–200 days, and Cisco continues to
accelerate our ability to detect a wide number of threats.

Visibility
11. Does the solution offer granular application visibility and control?
Response: Cisco supports more than 4000 commercial application-layer and risk-based controls. For
example, you can make popular social media applications read-only to comply with regulations and to
enforce acceptable-use policies. The company is the only vendor with support for the open-source
OpenAppID initiative. It allows organizations to quickly and cost-effectively develop application
identification definitions for custom and rare applications that would otherwise be without protection. This
capability helps prevent organizations from being dependent on a vendor’s roadmap or release cycles to
meet their application security requirements.

12. Describe the network visibility that the NGIPS solution offers.
Response: Any IPS provides visibility into threats attacking your network. The proposed Cisco
Firepower NGIPS goes further to provide insights about your network with visibility into a wide array of
devices, OSs, services, applications, and users. This information is discovered passively—without agents—
and is used to build a real-time network map and host profiles. You can use this visibility to better
understand your IT environment and implement appropriate controls, enforce policy, control applications,
and harden assets. In-depth visibility strengthens your overall defense and reduces the attack plane.

This visibility allows you to detect threats and vulnerabilities and close gaps in your defenses. It considers
behavioral and reputational indicators of a given connection to help decide whether to block or allow. All of
the proposed solution’s different layers of security work together for efficient and effective protection.

13. How does this visibility protect the network during an attack?
Response: The proposed solution detects and blocks known and unknown threats as they happen. It
uses full stack visibility to defend against advanced persistent threats (APTs) and application-embedded
attacks. This includes protection against intrusion events and advanced malware attacks. Keep your
critical data and your customers’ sensitive information safe.

<<PartnerName>> ● CONFIDENTIAL
Cisco Firepower NGIPS – Partner/Reseller Version RFX Q&A
-3-
 <PartnerLogo>
<clientLogo>

Management
14. How does the solution simplify network management?
Response: The proposed Cisco Firepower NGIPS identifies what’s running in your network and then
correlates that information with the vulnerability information supplied by Talos. It then uses the IPS rules
database and determines the appropriate rules required to defend your specific assets. The proposed
solution automates the provisioning and tuning of security policies and applies them consistently across
your enterprise. This leads to security tailored to your specific environment. Its automation and security
intelligence allow you to do more with less resources.

15. Does the solution offer unified management without requiring a new management
system?
Response: Yes. The proposed solution works with Cisco Firepower Management Center, which
manages not only the proposed Firepower NGIPS, but also Cisco Firepower NGFW, Cisco AMP for
Networks, Cisco Firepower Threat Defense for ISR, and virtual form factors of these solutions, all available
through <<PartnerName>>.

<<PartnerName>> ● CONFIDENTIAL
Cisco Firepower NGIPS – Partner/Reseller Version RFX Q&A
-4-