Cisco acquired Sourcefire in 2013. At that time, Sourcefire was one of the top leaders in the cybersecurity industry for its intrusion detection system (IDS), intrusion prevention system (IPS), and next-generation firewall (NGFW) solutions. The Sourcefire IPS was based on Snort, an open source network intrusion detection and prevention system. In fact, Martin Roesch, the creator of Snort, founded Sourcefire in 2001.
Since acquiring Sourcefire, Cisco has leveraged its technologies on various existing Cisco appliances, such as ASA 5500-X Series and Integrated Services Router (ISR) devices. Cisco has also released new hardware platforms, such as the Firepower 2100 Series, 4100 Series, and 9300 Series, which also implement the Sourcefire technologies. Integration of the Sourcefire technologies has made Cisco one of the leaders in the Gartner Magic Quadrant for IDS and IPS. Gartner is an advisory company that performs research on various branches of information technology and publishes numerous research papers every year.
Figure 1 shows the Cisco leadership position in the IDS and IPS spaces since the Sourcefire acquisition. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Cisco. Go to this link.
Figure 1 Gartner’s Magic Quadrant for IDS and IPS as of January 2017
Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Evolution of Cisco Firepower
A Firepower System deployment primarily consists of two types of appliances: a management appliance and a sensor. Basically, a sensor inspects network traffic and sends any events to its management appliance. A management appliance, as the name implies, manages all kinds of security policies for a sensor.
Figure 2 shows the workflow of a Firepower System deployment.
Figure 2 Block Diagram of a Firepower System Deployment
Sourcefire originally had two different software trains—Version 4.x (primarily for IPS) and Version 5.x (with NGFW functionalities). Depending on the software train, the management appliance had two different names. In Version 4.x, it was known as Sourcefire Defense Center. In Version 5.x, it was known as FireSIGHT System or FireSIGHT Management Center (FMC). Similarly, a sensor was known as a 3D sensor in Version 4.x and a FirePOWER appliance in Version 5.x. Therefore, it would be correct to say that, in Version 4.x, the Sourcefire Defense Center manages the 3D sensors, whereas in Version 5.x, the FireSIGHT Management Center manages the FirePOWER appliances.
FirePOWER Versus Firepower
In the previous section, did you notice that different words, FireSIGHT and FirePOWER, are used to refer to different types of appliances in different versions? Did you notice the word POWER with all uppercase letters?
To make the nomenclature simple as well as to maintain brand reputation, Cisco rebranded the Sourcefire technologies with one simple word, Firepower. (Cisco did not retrospectively change the names of the legacy Sourcefire software and hardware from FirePOWER to Firepower; only hardware and software released since the Cisco acquisition use the new nomenclature.) Figure 3 shows the evolution of the Firepower Threat Defense (FTD) technology from the pre-acquisition period to post-integration.
Figure 3 Evolution of FTD Technology
Some examples of new Firepower products are the Cisco Firepower 9300 appliance hardware and the Cisco FTD software. Similarly, Cisco FirePOWER 8000 Series appliances have been available since the pre-acquisition period.
Table 1 shows various names of management appliances in different software versions.
Table 1 Evolution of Firepower Management Center
Defense Center (DC)
FireSIGHT System or FireSIGHT Management Center (FMC)
Firepower System or Firepower Management Center (FMC)
Figure 4 shows the login page for a management appliance running Version 5.x. This page displays the legacy name FireSIGHT and the Sourcefire Support contact information.
Figure 4 The Login Page for FireSIGHT Management Center Running Version 5.x
Figure 5 shows the login page of a management appliance running Version 6.x. As you can see, this version displays the name Firepower and does not provide the legacy Sourcefire Support contact information.
Figure 5 The Login Page for Firepower Management Center Running Version 6.x
Despite the differences already mentioned, the login pages for Version 5.x and 6.x look almost identical. As you can see in Figure 6, the Defense Center login page for Version 4.x is totally different from the login pages for Version 5.x or 6.x.
Figure 6 The Login Page for Defense Center Running Version 4.x
Let's discuss now Cisco Firepower Threat Defense (FTD).