Cisco Cisco IPS 4520 Sensor 백서
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 6
Sensor
Industry segment
Firewall access policy
Traffic blocked by Global Correlation
MED-1
Medical School & Hospital
Permissive
98%
As Table 2 shows, the impact of network reputation varies depending on the access control policy on the firewall in
front of a sensor and the attacks targeting an organization. When the access policy is permissive or open (as on
sensors MED-1 and PRO-2), network reputation detects and stops more threats than when the access policy is
tight (as on the sensor BNK-1). For the sample of sensors studied [COR], traditional IPS techniques deny about
half of the bad traffic and Global Correlation denies the other half
3
. In essence, deploying Global Correlation
alongside traditional IPS techniques doubled the efficacy of Cisco IPS sensors in the study.
Another result of deploying Global Correlation along with traditional IPS techniques is that the network is afforded
protection, even in instances where a signature for a vulnerability is turned off or has not yet been written. If an
attacker on a device with a low reputation attempts to exploit a vulnerability for which no signature protection is
turned on, Cisco IPS can block the attacker based purely on network reputation.
Summary
Securing an enterprise requires a portfolio of security components. In this paper, we have examined how Cisco
IPS fits within the Cisco security portfolio and explained how we test the efficacy of Cisco IPS. Our results
demonstrate that Cisco IPS provides effective security with traditional IPS techniques, while preserving data sheet
performance numbers. We also observed that combining traditional IPS techniques with techniques such as
Global Correlation increases the efficacy of Cisco IPS even further.
About Cisco IPS
Cisco IPS is the most widely deployed IPS solution in the market. Cisco’s newly refreshed IPS portfolio includes
the Cisco IPS 4500 Series, the Cisco IPS 4300 Series, and IPS modules integrated into Cisco ASA 5500-X Series
Adaptive Security Appliances.
For more information on Cisco IPS, visit
http://www.cisco.com/go/ips
.
References
[ASA]
Intrusion Prevention for the Cisco ASA 5500-X Series data sheet
[COR]
Global Correlation on Cisco IPS Sensors
[CVE1]
CVE 2003-0245
: Apache APR_PSPrintf Memory Corruption
[CWS]
Cisco ASA and Cloud Web Security
[ESA]
Cisco Email Security Appliance
[PRF]
Performance of Cisco IPS 4500 and 4300 Series Sensors
[SIG1]
Cisco IPS Signatures
[SIG2]
Writing Custom Signatures for the Cisco Intrusion Prevention System
[TST]
IPS Testing
[WSA]
Cisco Web Security Appliance
3
Calculated by averaging the percentage of blocked traffic across the six sensors in the study.