Cisco Cisco IPS 4520 Sensor 백서
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 6
Table 1 shows the results from a BreakingPoint (system version 2.2.7, product build 98473, strike build 108322)
run against a Cisco ASA 5585-X S60/P60 appliance with Cisco ASA Software Release 7.1(6)E4, signature level
690 [SIG1], and signatures tuned to provide high efficacy against the attacks embedded in the BreakingPoint
tests. While there are some operational differences between the integrated and distributed configurations
described earlier, the same software codebase is used across all Cisco IPS sensors, resulting in similar efficacy
across the IPS product line.
Figure 3. BreakingPoint Test Setup with Cisco IPS Sensor
Table 1.
Efficacy Test Results
Security level
Threats tested
Threats detected
Coverage
1
183
177
96.72%
2
273
260
95.24%
3
480
437
91.04%
Inspection throughput during test
The Cisco ASA 5585-X S60/P60 is rated at 10 Gbps for maximum inspection throughput using the media-rich
traffic profile (described in [PRF]). We tested the inspection throughput of the IPS sensor with the same
configuration and setup that was previously used for the efficacy test and found that the sensor achieved 10 Gbps
of inspection throughput on the media-rich profile.
Typically, as a sensor is configured to do more or deeper inspection, performance degrades. In the efficacy test,
the ASA 5585-X S60/P60 had enough inspection headroom above the stated data sheet throughput, and the
performance degradation of the sensor in the face of the deployed signatures was graceful enough that the sensor
achieved its advertised throughput of 10Gbps.