Cisco Cisco IPS 4520 Sensor Libro bianco
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 6
White Paper
Testing the Efficacy of Cisco IPS
Enterprise customers considering deployment of a network device typically want to understand the performance
characteristics of that device. If the device under consideration is also a security device, such as an intrusion
prevention system (IPS), the security characteristics of that device are as important as its performance
characteristics. An earlier white paper addressed the performance characteristics of Cisco
®
IPS sensors [PRF].
This paper complements the results in [PRF] with an analysis of the security characteristics of a Cisco IPS sensor.
IPS in the Cisco security portfolio
Cisco’s security portfolio offers three components to provide enterprises with in-depth network defense:
●
A firewall that provides access control
●
An IPS that provides broad protection against network threats
●
A web security module that provides specialized protection against threats embedded in web traffic
These components can be deployed in multiple ways. One arrangement integrates the firewall, IPS, and web
security capabilities on a single hardware appliance [CWS]. Another arrangement distributes the firewall, web
security, and IPS functions onto individual hardware appliances [WSA]. These arrangements are depicted in
Figures 1 and 2.
Figure 1. Integrated Cisco Security Components
All three components are connected via Cisco Security Intelligence Operations (SIO), into which the individual
components feed telemetry and from which they extract network reputation
1
.
1
“
Network reputation” is the calculated reputation of an individual IP address.