Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Cisco Firepower Threat Defense, a unified next-gen firewall and IPS image combining ASA firewall features with Snort-based threat protection.
Cisco FTD Definition: Cisco Firepower Threat Defense, a unified next-gen firewall and IPS image combining ASA firewall features with Snort-based threat protection.
Cisco FTD (Firepower Threat Defense) is Cisco's unified next-generation firewall (NGFW) software that combines traditional stateful firewalling with next-generation intrusion prevention, application visibility, and advanced threat protection in a single image. It runs on Cisco Firepower and Secure Firewall appliances as well as virtual platforms, replacing the separate ASA and FirePOWER software lines with one integrated operating system.
FTD merges proven ASA firewall capabilities, such as stateful inspection, NAT, and VPN, with a Snort-based intrusion prevention system (IPS), giving it deep packet inspection and signature-driven threat detection. Additional services include application visibility and control (AVC), URL filtering, Cisco Secure Endpoint integration for malware analysis (formerly AMP), TLS decryption, and identity-based policy. Administrators manage FTD through the Firepower Management Center (FMC) for centralized, multi-device control, the on-box Firepower Device Manager (FDM) for smaller deployments, or the cloud-based Cisco Defense Orchestrator.
FTD matters because it consolidates several security functions that traditionally required separate products, simplifying policy management and improving correlation across firewall, IPS, and malware events. A unified platform reduces blind spots between layers and lets teams write policy that ties application identity, user identity, URL category, and threat signatures together. Without integrated NGFW controls, organizations rely on basic port-and-protocol firewalls that cannot detect modern application-layer attacks, encrypted threats, or lateral malware movement.
For example, a network team deploys an FTD appliance at the internet edge managed by FMC. They build an access control policy that permits business web applications, blocks risky URL categories, and routes traffic through the Snort IPS engine using a balanced intrusion policy. When an attacker attempts an exploit against an unpatched web server, the IPS rule fires, FTD drops the connection, and the event is logged centrally in FMC, where analysts correlate it with file and malware events from the same flow to scope the incident.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →