Packet captures: Collecting, storing, and analyzing the raw packets that are traversing the network.
Snort: An open source intrusion detection and prevention technology developed by the founder of Sourcefire (now a part of Cisco). The Snort engine consists of threat identification, detection, and prevention components that combine to reassemble traffic, prevent evasions, detect threats, and output information about advanced threats while minimizing false positives and missing legitimate threats (false negatives).
NetFlow: Using a base set of parameters, a flow is created to help trace back a malware to its source. Flows are manually created with an expiration. Additionally, flows contain a set of predefined parameters such as source IP address, source port, destination IP address, destination port, IP protocol, ingress interface, and type of service (ToS).
IPS events: Intrusion Prevention Systems (IPS) mainly use signature-based methods to detect and alert the presence of malicious activity on the network. An IPS will not prevent malicious activity though.
Advanced Malware Protection (AMP): Cisco AMP is designed for Cisco FirePower network security appliances. It provides visibility and control to protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. AMP helps to identify inconspicuous attacks by continuously analyzing and monitoring files after they've entered the network, utilizing retrospective security alerts to help administrators take action during and after an attack, and provides multisource indications of compromise to aid in the correlation of discrete events for better detection.
NGIPS: The Cisco FirePower next-generation intrusion prevention system (NGIPS) solution provides multiple layers of advanced threat protection at high inspection throughput rates. The NGIPS threat protection solution is centrally managed through the Cisco FireSight Management Center and can be expanded to include additional features such as AMP, application visibility and control, and
URL filtering.