Network IPS Buyer's Guide: Cisco

Cisco battles threats by embedding IPS in switches, routers, firewalls, and appliances.

By  Lisa Phifer | Apr 13, 2011
Page 1 of 3
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

As the threat landscape evolved, Network Intrusion Detection and Prevention Systems (NIDS / NIPS) became an enterprise best practice to spot and automatically block attacks. In this edition of Enterprise Networking Planet's NIPS buyer's guide, we examine the capabilities and features offered by Cisco Systems' comprehensive portfolio of embedded and standalone IPS products.

A three-step evolution

Cisco's long involvement in the NIPS market started back in 1998 when it acquired the WheelGroup Corporation, a start-up focused on stand-alone intrusion detection and vulnerability assessment products.

"When we first got into this business with the WheelGroup, there was heavy emphasis on intrusion detection," said Rush Carskadden, product line manager for Cisco Security. "There is still interest in IDS, but now we find that there are really three big buckets [of functionality]. One is intrusion detection: providing visibility into traffic and network threats in a passive alerting environment."

But Cisco expanded the WheelGroup's technology to incorporate a separate component, focused specifically on intrusion prevention, using in-line blocking, rate limiting, and integration with other security systems to implement NIPS-initiated threat responses. "Our customers have the ability to move intrusion signatures and engines between those two areas. You can choose what's alerting and what's blocking," said Carskadden.

Finally, Cisco has devoted considerable attention to building out a third major functional area: global correlation within the NIPS. "Cisco was the first to bring a public cloud source of data into IPS, in the form of reputation," he said.

Baking IPS into the network

Throughout this evolution, Cisco innovated by driving NIPS functionality into the rest of the network. "Today, our IPS portfolio includes router, firewall, switch, and appliance products," said Carskadden. "While the lion's share of customers deploy IPS on a firewall or as a stand-alone appliance, features are the same across the entire portfolio."

Cisco's standalone offering is the 4200 Series -- a family of NIPS appliances that run from 150 Mbps at the low end (IPS 4240) to 4 Gbps at the high end (IPS 4270). "In these appliances, we addressed high-availability concerns by providing options for hardware bypass, multiple power supplies, etc," said Carskadden. 'These are really robust dedicated appliances, designed specifically to support the IPS software approach that we've taken."

lisa@corecom.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >