As part of our strategy to enhance application awareness for SecOps practitioners, our new Secure Firewall Application Detectors portal, https://appid.cisco.com, provides the latest and most comprehensive application risk information available in the cybersecurity space. This advance is important because today’s applications are not static.
In fact, applications are continuously evolving as new technologies and services emerge. This dynamic space creates new cybersecurity challenges like continuous changes to application relationships and hierarchies. This unstoppable dynamic creates blind spots that often increases risk.
Secure Firewall users are entitled with their base license to Application Visibility & Control for:
- Network traffic discovery with application-level insight
- Analyzing and report on application usage
- Classify and manage application sessions (including web browsing, multimedia streaming, and peer-to-peer applications)
- Monitor application usages and anomalies
- Build reporting for capacity planning and compliance
- Enforce quality-of-service (QoS) policies and service guarantees for latency-sensitive applications (such as voice over IP [VoIP] and interactive gaming)
- Implement fair-use policies and manage network congestion by optimizing application-level traffic
The unique capabilities available in Secure Firewall Application Detectors provide insight into application protocols such as:
- HTTP and SSH, which represent communications between hosts.
- Clients, like web browsers and email applications, which run on endpoints.
- Web applications, including MPEG video and social media, which comprise content or requested URLs for HTTP traffic.
In addition, you can leverage the relevant application data available within the portal to write and tune effective security policies based on specific application identification fields. For each application listed, the user can find the following details distributed across six fields:
- Application Name
- Description – A brief description of the application.
- Categories – A general classification for the application that describes its most essential function. Example categories include web services provider, e-commerce, ad portal, and social networking.
- Tags – Predefined tags that provide additional information about the application. Example tags include webmail, SSL protocol, file sharing/transfer, and displays ads. An application can have zero, one, or more tags.
- Risk – The likelihood that the application is used for purposes that might be against your organization’s security policy. The risk levels are Very High, High, Medium, Low, and Very Low.
- Business Relevance – The likelihood that the application is used within the context of your organization’s business operations, as opposed to recreationally. The relevance levels are Very High, High, Medium, Low, and Very Low
Furthermore, the new Secure Firewall Application Detectors website offers web application sorting capabilities, providing insight on relationship/hierarchy between applications and an intuitive advanced searching engine using any of these existing fields, or the simplicity and flexibility provided by keyword searching.
The new site is publicly available from any device with internet browsing capabilities, and assists users with rapid identification of web applications as key artifacts leveraged for security operations use cases such as:
- Detection of malicious or abusive use of applications, protocols, ports.
- Ability to research across applications using similar protocols, ports, or behaviors.
- Initial layer for a defense in depth strategy providing protection for web applications (XSS, CSRF, etc) based on network artifacts.
- Securing vulnerable applications whose source codes are not reviewed properly or are unpatched and may leave an open door for communication exploits.
- Applying hot fixes for newly discovered vulnerabilities in applications that are using unexpected communication ports, protocols.
Cisco Secure Firewall Application Visibility and Control is constantly adding application detectors through the Cisco Vulnerability Database (VDB). VDB is a central repository of known vulnerabilities, as well as fingerprints for operating systems, clients, and applications. The Secure Firewall Application Detectors website is powered by VDB and assists users in quickly determining if a particular application increases the risk of compromise.
The accuracy and maintenance of VBD is advanced by the new portal, as users can easily submit new application detector requests and add customized applications into the database, or even dispute the risk categorization of already registered applications. The submission request is easily accessible from the website.