TL;DR
Cisco issued a Field Notice on February 21, 2022 warning customers of its FirePOWER Services Software for ASA, FirePOWER Threat Defense (FTD) Software, and Firepower Management Center Software that the root certificate that signed the TLS certificate for security intelligence updates by its Talos group is being decommissioned and will be replaced on March 6, 2022. In order to maintain the automated Talos security intelligence feed, customers are being instructed to update their Firepower products. Assura is encouraging its customers with affected versions to update prior to March 6, 2022.
Overview
Field Notice FN-72332 published here provides full details of the issue and affected versions Cisco’s Firepower intrusion prevention suite. From the Field Notice:
Affected Firepower platforms will be unable to receive the latest Talos intelligence feeds (IPs, URLs, DNS Hosts). The platform might experience a degraded security posture for future threats. Health monitoring indications regarding failures to download Talos security intelligence updates should be ignored until the platform software is upgraded to a fixed release. No other content updates (Snort Rule Updates (SRUs), Vulnerability Database (VDB), Geolocation Database (GeoDB), and so on) will be affected by this issue.
Assura’s Take
This one is really simple: update. Intelligence feeds from organizations like Cisco Talos help to ensure that intrusion prevention systems like Cisco’s Firepower suite are able to identify and block the latest threats. Being cut off from a useful tool like that puts organizations at risk of missing new cyberattack indicators of compromise.
If you’re an Assura client and have any questions about this, please contact your Assura Virtual ISO or Defensive Security Operations concierge; or feel free to write us at [email protected].