How can you prevent cyber attacks from happening? Learn what you need to know about application control through completeness and validity checking.
Application Control Mechanism
Application Control is one of the key features of the Firepower System that provides network protection against attacks such as DDoS and malware. It can identify and block malicious traffic from entering the network. Also, security from spreading from one part of the network to another.
Application Control is an inspection mechanism that allows you to control communication. That is based on the application layer protocol header. It provides granular application identification and control, regardless of port type or transport protocol.
Application Control can be used to:
1. Prevent malicious traffic from entering your network, or spreading across your network.
2. Identify and block potential threats before they reach critical services within your network.
3. Help limit access to critical resources by using predefined policies for allowed traffic types.
How Does Application Control Works?
Application Control works by inspecting all packets at the firewall, regardless of port type (TCP/UDP). For inbound packets, Firepower performs a deep-packet inspection on packets. This is when they arrive at the outermost interface of the device.
The deep-packet inspection feature inspects packet data as it arrives at the interface and matches against known attack signatures. If a match is found, then the packet is blocked. If there is no match, then it passes through the device to be processed by other services such as Anti-Malware Protection or IPS.
In addition, if a rule is matched for whitelisted traffic, then it will not pass through Application Control for inspection. In addition to inspecting inbound packets, Firepower inspects outbound packets if you enable outbound Application Control rules on your zones. This includes virtual systems (VSs), virtual firewall (VF) interfaces, outbound security policies, security policy templates (SPTs), and IPSec tunnels.
Advanced Malware Protection
A default outbound rule allows all outbound traffic without inspection. Application Control uses a combination of security intelligence and attacks signatures to identify malicious traffic. Security intelligence includes reputation data supplied by Cisco Advanced Malware Protection (AMP).
It includes industry-wide threats such as Cisco Talos Security Intelligence and Research Group Threat Intelligence Feeds. Also, local threat intelligence you add using Smart Dashboard or Device Manager. The signature database includes Cisco security content updates that are released daily for signature updates for currently supported releases.
In addition to inspecting applications over TCP/UDP ports, Application Control also supports application inspections over TCP/UDP. This is an important part of an overall security strategy. It allows an administrator to block, restrict, and log the applications that are executed on the corporate network.
Application control is a core part of most security architectures today. It provides critical security services by preventing malware from executing and preventing unauthorized persons from accessing legitimate applications. Lastly, preventing critical resources from being exposed.
Similarly, this is how antivirus software works together with firewalls and intrusion prevention systems (IPSs). Also, it protects corporate networks from external threats. Hence, it is a key element working with these other security components to provide defense-in-depth protection against malicious threats that may reside on the network or are inadvertently introduced by users.