By Ryan Lindfield
Botnet Traffic Filter
Another exciting feature released in the 8.2 release is the Botnet Traffic Filter. This new technology enables the ASA to monitor both inbound and outbound traffic and to compare the external IP addresses and hostnames to a dynamic database, or blacklist, of offensive IP addresses and domain names. Essentially, after purchasing the license for this feature (a 30 day trial is available), your firewall gains insight into the latest known locations of botnet control points, SPAM distribution points, and other known hostile hosts.
The Cisco Security Intelligence Operations Group (CSIOG) maintains this real-time blacklist. The CSIOG is comprised of hundreds of engineers and researcher who analyze terabytes of data each day and build a global correlation rule set. Cisco has leveraged technologies that were originally part of the Ironport product (SenderBase) and is now referring to that technology as SensorBase
Imagine a scenario where a spear-phishing attack is used against an accountant or board-level executive. An attack that incorporates a new 0-day PDF exploit is run, which bypasses your antivirus, and the agent attempts to connect to a control point in Russia. If the control point is hosted in a known hostile net block, the ASA can prevent this connection from establishing and send a notification to the administrator of the attempted communication. This makes for a much happier ending than that of which you’ve been reading in the news stories lately.ASA Specialist Certification
813-925-0700 (opt 2)
877-333-EXAM (opt 2)