Firepower Threat Defense (FTD) operating systems are most popularly used in hardware platforms. FTD is also called Firepower NGFW. It is a next-generation firewall that provides an advanced VPN concentrator, stateful firewall, and next-generation IPS. Two main types of FTD managers are Cisco CDO and Cisco FMC.
Cisco CDO vs Cisco FMC
The main difference between Cisco CDO and FMC is that Cisco CDO is a cloud-based multi-device manager while Cisco FMC is a web-based on-device manager. Cisco CDO is best for multiple numbers of devices while Cisco FMC is best for a smaller number of connected devices.
Cisco CDO stands for Cisco Defense Orchestrator. CDO has advanced features and is considered to replace FMC. Cisco CDO can manage various devices like IOS devices or virtual private clouds of AWS. CDO can be started through the CDO home page.
On the other hand, Cisco FMC stands for Firewall Management Center. FMC acts as an administrative nerve center for managing the network of Cisco. There are different models of FMC available. The data in FMC is encrypted and every user needs to go through the authentication process. FMC can be started through Firepower Threat Defense Deployment.
Comparison Table Between Cisco CDO and Cisco FMC
| Parameters of Comparison | Cisco CDO | Cisco FMC |
| Full form | Cisco Defense Orchestrator | Firewall Management Center |
| Version | Runs on Version 6.6.0 | Runs on Version 6.4 |
| Management modules | Manage only firepower images FDT or Firepower Module Services | Manages ASAs, Meraki security policies, FTD, and other VPC security policies |
| Object | Imported objects are stored in read-only form and can be copied to other devices | Imported objects can be of network or network-group, service, or port and cannot be edited or duplicated |
| Configuration type | Central | Local |
What is Cisco CDO?
Cisco CDO stands for Cisco Defense Orchestrator. It is a cloud-based multi-device manager. It is often used to manage changes in security policies that take place across several products of security. The job of the platform is to enable efficient management of the various policies which occur in the branch offices. The platform is highly distributed across various environments and therefore achieves consistent implementation of several policies of security.
Cisco CDO manages FTD (Firepower Module Services), Meraki security policies, ASAs Adaptive security appliance, AWS VPC security policies, and Cisco firepower next-generation firewalls. Other devices like Cisco IOS devices or virtual private clouds of AWS can also be effectively managed by CDO. Devices that are reached by SSH also fall under the category of management by CDO. CDO follows central management of all the connected devices, therefore all the operations can be done and maintained through one portal at one place.
Cisco CDO offers end-to-end security, two-factor authentication, and data isolation. It also provides authentication calls for APIs and database operations and separates the roles which provide overall security to customer data. During connection to cloud portal, there is multi-factor authentication for every user which protects the identity of the customers. The data is encrypted with SSL.
CDO has a multi-tenant architecture. This isolates the tenant data and encrypts the traffic which is formed between the databases and the application servers. The access gaining of every user is through a token system. CDO also has a “Secure Data Connector” to control all the inbound and outbound traffic.
What is Cisco FMC?
Cisco FMC stands for Firewall Management Center. it plays a vital role in managing the critical Cisco network in terms of security solutions. Cisco FMC provides management over firewalls in a complete and unified manner, URL filtering, application control, advanced malware protection, and even intrusion prevention.
It can control investigate and remediate any malware outbreaks. FMC can specifically manage FTD (Firepower Module Services) that are Firepower images. There are several models of FMC like FMC1600, FMC2600, FMC4600, and others. The models can manage over 1800 sensors and 300 million maximum events. The storage of the events can range up to 3.2 TB.
Cisco FMC allows total visibility of the network and detailed analysis of every user, host, file, application, device, threat, environment, and vulnerability that exist or can occur in the changing network. The information provided by FMC is very valuable for any network. FMC also provides recommendations that are tailored specifically for the security policies of a Network and are easy to integrate and implement. The capabilities are unified in a single management interface.
The policies are easy to use and give total access and guard against attacks. FMC provides real-time information about the networks which have changing resources and operations. It also provides details like trends and high-level statistics, compliance, workflow data, forensics, and event details.
Main Differences Between Cisco CDO and Cisco FMC
- Cisco CDO manages FTD (Firepower Module Services), Meraki security policies, ASAs, AWS VPC security policies while Cisco FMC managers can manage specifically Firepower images.
- Cisco CDO requires local VM and small resources which helps it to communicate with the cloud while Cisco FMC requires local VM with moderate to large resources to communicate.
- Cisco CDO has advanced features while Cisco FMC has less advanced features.
- Cisco CDO centrally manages the devices connected while Cisco FMC locally manages the devices and even has sftunnel built for device management.
- Cisco CDO can only be used by customers who have access to public Internet while Cisco FMC can be used by customers with or without access to the public internet.
Conclusion
Both FDM and CDO can discover the configuration on the firewall, so the users can use FDM and CDO to manage the same firewall. CDO is compatible while FMC is not compatible with other managers. The object types imported and onboarded by CDO and FMC are different.
Cisco CDO experience is simpler when compared to Cisco FMC. Both the FTD managers have their advantages and disadvantages. They have different features and are suitable for different kinds of operating systems and several devices.
References
- https://link.springer.com/chapter/10.1007/978-1-4842-6672-4_21
- https://ieeexplore.ieee.org/abstract/document/1261441/