Cisco Cisco IPS 4255 Sensor 브로셔
Solution Overview
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 9
Protecting the network requires an IPS solution that delivers more than just individual attack
mitigation. To provide system wide security, the IPS must scale the protection to other security
points throughout that network. Cisco IPS solutions provide unique and unparalleled protection
through the ability to determine network resource information, and to collaborate and communicate
with those resources. Cisco IPS solutions include:
●
IPS/Cisco Security Agent collaboration—This collaboration provides in-depth protection
by communicating endpoint information to the IPS for contextual analysis. In addition, using
the Cisco Security Agent Watch List, the IPS is able to quarantine suspicious hosts. The
result is protection on the network from hosts that the endpoint has deemed as malicious.
●
Cross-solution feedback linkages—Alarmed network traffic can be communicated with
other network security devices and tools to provide a system wide protection from attacks
on single segments.
●
Passive/active fingerprinting—Contextual endpoint profiling based on passive OS
fingerprinting and/or static mapping is added to the values within the Risk Rating algorithm
to determine block action thresholds. This automated contextual analysis makes it easier to
determine the legitimacy of an attack and reduces false positives.
●
Attack-path identification—When using Cisco Security MARS as part of an IPS solution,
attacks can be visually displayed, and policies can be updated in real time to secure the
network.
●
Multivendor event correlation—Using Cisco Security MARS, Cisco IPS sensors, and
other security devices together provides network wide visibility and information correlation.
Proactive Posture Adaptation
As your network threat posture changes, a Cisco IPS solution evolves and adapts to stay ahead of
the security landscape, mitigating threats by known and unknown attacks.
●
Anomaly detection/behavioral analysis—With Cisco IPS solutions, network protection
from malicious worms and DoS attacks can be automated based on the sensor’s ability to
learn network behavior, and alarm when traffic patterns deviate from determined normal
patterns. Although normal traffic can be configured statically, the sensor’s ability to protect
from day-zero attacks using these intelligent engines delivers unprecedented protection,
beyond traditional policy-based network security.
●
On-device and network event correlation—Cisco Meta Event Generator provides an "on-
box" correlation method to deliver accurate worm classification. Cisco IPS Sensor Software
incorporates advanced sensor-level event correlation and knowledge base anomaly
detection that gives security administrators an automated method for enhancing the
confidence level in the classification of malicious activity detected by the IPS sensor. This
provides a mechanism that allows for corresponding actions to deliver network wide
containment of worm and virus injection vectors, as well as worm propagation.
Integrated Deployment Options
Cisco offers a wide range of network IPS deployment solutions, providing the ability to implement
intrusion prevention in the ways that are the most effective for each specific environment. All
solutions are designed for high availability, backed by outstanding customer support, and available
in a range of performance levels, from 45 Mbps up to multiple Gbps. Deployment options include
dedicated appliances, switch and router modules, and software-based solutions.