Network IPS Buyer's Guide: Cisco
Cisco battles threats by embedding IPS in switches, routers, firewalls, and appliances.
As the threat landscape evolved, Network Intrusion Detection and Prevention Systems (NIDS / NIPS) became an enterprise best practice to spot and automatically block attacks. In this edition of Enterprise Networking Planet's NIPS buyer's guide, we examine the capabilities and features offered by Cisco Systems' comprehensive portfolio of embedded and standalone IPS products.
A three-step evolution
Cisco's long involvement in the NIPS market started back in 1998 when it acquired the WheelGroup Corporation, a start-up focused on stand-alone intrusion detection and vulnerability assessment products.
"When we first got into this business with the WheelGroup, there was heavy emphasis on intrusion detection," said Rush Carskadden, product line manager for Cisco Security. "There is still interest in IDS, but now we find that there are really three big buckets [of functionality]. One is intrusion detection: providing visibility into traffic and network threats in a passive alerting environment."
But Cisco expanded the WheelGroup's technology to incorporate a separate component, focused specifically on intrusion prevention, using in-line blocking, rate limiting, and integration with other security systems to implement NIPS-initiated threat responses. "Our customers have the ability to move intrusion signatures and engines between those two areas. You can choose what's alerting and what's blocking," said Carskadden.
Finally, Cisco has devoted considerable attention to building out a third major functional area: global correlation within the NIPS. "Cisco was the first to bring a public cloud source of data into IPS, in the form of reputation," he said.
Baking IPS into the network
Throughout this evolution, Cisco innovated by driving NIPS functionality into the rest of the network. "Today, our IPS portfolio includes router, firewall, switch, and appliance products," said Carskadden. "While the lion's share of customers deploy IPS on a firewall or as a stand-alone appliance, features are the same across the entire portfolio."
Cisco's standalone offering is the 4200 Series -- a family of NIPS appliances that run from 150 Mbps at the low end (IPS 4240) to 4 Gbps at the high end (IPS 4270). "In these appliances, we addressed high-availability concerns by providing options for hardware bypass, multiple power supplies, etc," said Carskadden. 'These are really robust dedicated appliances, designed specifically to support the IPS software approach that we've taken."