Key Features and Benefits
- High performance: IPS capabilities are hardwareaccelerated to provide maximum performance, and do not negatively affect firewall or VPN throughput.
- Full IPS protection: The Cisco ASA 5500 Series IPS Solution offers full IPS protection. It supports the same intrusion prevention software found in Cisco IPS 4200 Series Sensors.
- Global Correlation: Part of Cisco IPS Sensor Software 7.0, IPS with Global Correlation provides real-time updates on the global threat environment beyond the perimeter, enabling your sensors to detect more threats, detect them earlier and more accurately, and protect critical assets from malicious attacks. With global correlation, your security definitions are updated every 15 minutes, so you always have the most current protection available.
- Reputation technology: Using market-leading reputation technology backed by Cisco Global Correlation, you are proactively protected from known malicious users who attempt to gain access to your critical assets.
- Comprehensive and timely attack protection: Through signature updates provided by a global security intelligence team working 24 hours a day, your critical assets and services are secured.
- Zero-day attack protection: Cisco anomaly detection provides powerful protection against day-zero attacks. It learns the normal behavior on your network and alerts you when it sees anomalous activities in your network. Thus, you are protected against new threats even before signatures are available.
- Wireless protection: Tight integration between the Cisco ASA 5500 Series IPS solution and the Cisco Wireless LAN Controller helps ensure that intruders do not enter your wireless network.
- Unified Communications protection: Strong protection of voice-over-IP (VoIP) protocols, Cisco Unified CallManager, and devices provides maximum uptime of your critical voice network.
- Advanced policy provisioning with Modular Policy Framework: The Cisco Modular Policy Framework provides a powerful mechanism to assign Cisco ASA firewall, VPN, and IPS policies in one place. With the Cisco Modular Policy Framework, the Cisco ASA firewall passes traffic to the AIP SSM for inspection on a flow-by-flow, as-needed basis for simplified management.
- Cisco IPS policy provisioning: With Risk Rating–based IPS policy provisioning, you assign IPS policies based on risk, instead of tuning individual signatures. All events are assigned a Risk Rating number between 0 and 100 based on the risk level of the event. Based on the Risk Rating, different policy actions can be assigned, including drop packet, alarm, and log.
- Cisco IPS Manager Express: Cisco IPS Manager Express is a powerful yet easy-to-use all-in-one IPS management application for as many as ten IPS sensors. With built-in provisioning, monitoring, troubleshooting, and reporting capabilities, Cisco IPS Manager Express simplifies IPS deployment and management.
Intrusion Prevention for the Self-Defending Network
Integrated
- The most diverse line of IPS sensors provides the right tool for the right job, anywhere in the network
- Intrusion prevention is integrated into the fabric of the network
- Solution is built on Cisco security and network intelligence
- Modular inspection engines provide rapid response with minimal downtime
- Behavioral anomaly detection protects against zero-day attacks
- Dynamic risk-based threat rating adapts policy to attacks in real time
- On-box, network wide, global correlation provides greater confidence
- Network and endpoint collaboration provide greater visibility and effectiveness
- A common, solution-based management interface helps reduce operational costs
Policy-Based Management
- Cisco IPS 4200 Series Sensors reduce the time and effort required to implement security measures by using management and correlation tools that focus on policy, yet provide the granularity you need to fine-tune your IPS configuration.
- Instantly increase your security visibility and define your inspection policy, with integrated graphical management and event viewing tools.
- Reduce the cost of change and configuration management activities, using the rich Cisco Security Manager graphical interface to update policies on thousands of devices in a few simple steps.
Enterprise Resilience
- Cisco IPS 4200 Series Sensors are designed to withstand failures and minimize downtime, giving you the assurance that your IPS solutions can bear the most strenuous peaks of your day-to-day operations.
- Built-in, comprehensive monitoring detects potential failures at every level of operation, including devices, services, communications, and monitoring link failures.
- Automated and manual fail-open options enable you to define the right policy for a worst-case scenario, whether no packet should pass unexamined, or your traffic must flow-no matter what. Integrated hardware bypass enables you to extend this policy to total system and power failures.
Flexible Deployment
As part of the most diverse line of IPS technologies available, Cisco IPS 4200 Series Sensors can be deployed in a variety of IPv4 and IPv6 network environments. The wide range of performance and interface configurations in the IPS 4200 Series enable you to achieve effective intrusion prevention with unparalleled flexibility throughout the edge, campus, and data center.
- Cisco IPS 4200 Series Sensors can be deployed in an inline IPS configuration, a promiscuous IDS configuration, or both inline and promiscuous simultaneously.
- Your critical assets on IPv4 and IPv6 networks can be protected with a single Cisco IPS 4200 Series Sensor for maximum deployment flexibility and lower total cost of ownership. Cisco IPS 4200 Series Sensors provide investment protection for customers planning or considering migration to IPv6 or hybrid IPv4 and IPv6 networks.
- Appliances in the Cisco IPS 4200 Series are available in a variety of multiple-interface configurations, featuring copper and fiber Gigabit Ethernet, and 10 Gigabit Ethernet interfaces. You can also configure logical interfaces and implement intrusion prevention within your VLAN environment, giving you the design flexibility to address all of your deployment requirements, from simple to complex.
- Cisco IPS technologies also feature industry-leading virtualization capabilities. Virtual sensors enable the virtualization of both the configuration and the sensor state.
As shown in Figure 1, sensors can be placed on almost any enterprise network segment where security visibility is required.
Figure 1. Deployment Scenarios for Cisco IPS 4200 Series Sensors
Delivering Performance
Cisco IPS 4200 Series Sensors are designed to meet the rigors of a broad range of applications and network use. In recognition of the rapid growth of Internet based applications, Cisco has created two metrics to measure IPS performance. These networked applications pose different and varying demands on resources such as connection rates, concurrent connections, flow length, transaction size, etc. Additionally these web based applications can act as a vector for the introduction of threats or the path for critical data loss.
NOTE: Every deployment scenario is different and IPS performance will vary based on live traffic profiles. Users should test with as much live traffic as possible to assess your network's individual characteristics.
To reflect these internet focused deployment scenarios, Cisco has established a "Media Rich" and "Transactional" measurement suite to measure our system's anticipated performance. These tests are based on pure HTTP traffic.
Media-Rich
Media-rich environments are characterized by content delivered by HTTP. Content seen on most popular websites falls on the media rich end of the spectrum, as do video content and file transfers. If your environment is driven by access to large amounts of data and converged, immersive experiences, your environment is more media-rich.
Transactional
Transactional environments are characterized by a higher number of connections, in this case HTTP connections. Many types of e-commerce environments fall on this end of the spectrum, as can instant messaging and voice. If your environment is driven by connection-intensive applications and small transaction sizes, your environment is more transactional.
Figure 2 shows the spectrum between media-rich and transactional environments.
Figure 2. Network Environment Spectrum: Transactional to Media-Rich
|