As users and data leave the corporate boundary and the network access layer becomes more porous, signature-only detection products lead to a one-dimensional response. Only Cisco uses broad network context through every stage of analysis, including victim OS, evasion techniques, attack state across signatures and an industry first: attacker identity, and behavior.
The Cisco® Intrusion Prevention Sensor (IPS) 4300 Series scales to serve a wide range of deployment scenarios, from small offices and branch locations to enterprise data center architectures. With throughput speeds ranging from 1 Gbps to 10 Gbps, each IPS 4300 Series model provides a consistent level of protection. The Cisco IPS 4300 Series delivers hardware-accelerated inspection performance, high port density, and energy efficiency in a 1-RU form factor (Figure 1). With effective, out-of-the-box protection and automated threat management, your critical assets are protected in minutes.
Figure 1. Cisco IPS 4345 and 4360 Sensors
Advanced Threat Protection
Cisco IPS solutions deliver:
• A wide and deep body of protection, with more than 5500 signatures
• Patented anti-evasion technology to defend and monitor against worms, viruses, Trojans, reconnaissance attacks, spyware, botnets, undesired applications, and malware
• Protocol and behavior analysis for final threat determination
• Cisco Global Correlation to help identify the source of denial of service (DoS), distributed denial of service (DDoS), SYN flood, and encrypted attacks so you can block them
• Specific protections for Unified Communications, WLAN, routing, and switching to help guard the Cisco infrastructure
Ensure Compliance
Cisco IPS solutions help customers move toward compliance with the following privacy and data protection regulations:
• Payment Card Industry (PCI) standard
• European Union privacy protection rules
• U.S. Sarbanes-Oxley Act (SOX)
• U.S. Gramm-Leach-Bliley Act (GLBA)
• NERC Critical Infrastructure Protection (CIP)
• Health Insurance Portability and Accountability Act (HIPAA)
Seamless Network Integration
Cisco IPS technology delivers the most advanced network awareness in the industry. Whether defending the data center, core, or edge, Cisco IPS solutions provide threat protection up to Layer 7. Network Based Flow Affinity feature offers high availability with better integration into the network via standards-based LACP support. To reduce capital expenditures, Cisco IPS solutions are built upon common software architecture and custom hardware platforms that enable deployment anywhere in the Cisco network, including routing, switching, and firewall platforms. A consistent policy and operations framework helps bring the system together to meet compliance and manage risk at a lower operational cost.
Unparalleled Global Correlation
As advanced persistent threats, botnets, and other blended threats evolve, signature-based content inspection alone becomes insufficient. Using 10 years of reputation technology heritage, Cisco IPS is the only IPS to mitigate identified attacks based on source reputation, not just signature firings. With Cisco IPS Global Correlation backed by Cisco Security Intelligence Operations (SIO), Cisco IPS gains visibility into hundreds of additional security parameters, millions of rules, and 100 TB of threat telemetry per day from market-leading email, web, firewall, and IPS devices.
Network-Ready Capabilities
To meet the needs of the most demanding networks, Cisco IPS technology directly integrates into the firewall to deliver multigigabit performance, low latency, and high-availability features. With hardware-accelerated deep packet analysis, the Cisco IPS 4300 Series delivers performance in the 750 Mbps to 1.25 Gbps range to support a variety of applications and deployments. For details on the unique methodology Cisco uses to calculate IPS performance, refer to the Performance of Cisco IPS 4500 and 4300 Series Sensors. Flexible and highly available deployment options include active-active and active-standby configurations; fail-open and fail-closed modes; IDS and IPS modes; and redundant power supplies. The IPS 4300 Series also offers the ability to inspect encapsulated traffic, including GRE, MPLS, 802.1q, IPv4 in IPv4, IPv4 in IPv6, and Q-in-Q double VLAN.
Proven Threat Prevention
With more than $100M invested in security research, 500 threat analysts, and terabytes of threat data fed into Cisco SIO every day, Cisco brings confidence to customer networks. That is why Cisco IPS technology is the most widely deployed commercial IPS technology in the world - and why independent testing agencies recommend Cisco IPS as well.
Complete Control and Real-Time Visibility
Cisco provides management solutions for smaller deployments, as well as enterprise-class coverage. Cisco IPS Manager Express is an all-in-one IPS management and reporting application for up to 10 devices. Cisco Security Manager is an enterprise-class security management application with thousands of real-world deployments.
Both solutions support the Cisco IPS 4300 Series as well as other Cisco sensor appliances, Cisco integrated services routers (ISRs), and Cisco Intrusion Detection Services Modules (IDSMs).
Cisco IPS Manager Express offers:
• Provisioning, monitoring, and troubleshooting
• Drag-and-drop dashboard gadgets for easy customization; personalized views remember user settings to minimize setup time
• Flexible reporting tool that allows custom and compliance reports to be generated in seconds
Cisco Security Manager 4.x offers:
• Flexible processes to incrementally provision new and updated signatures, create IPS policies for those signatures, and then share the policies across devices
• Enhanced reporting and event management support for Cisco's latest IPS features, including Cisco IPS Global Correlation
• Roles-based access control (RBAC) and workflow for error-free deployments and process compliance
Tables 1 and 2 list specifications for Cisco IPS 4300 Series sensors.
Table 1. Cisco IPS 4300 Sensor Specifications
Feature
Cisco IPS 4345
Cisco IPS 4360
Average Inspection Throughput
750 Mbps
1.25 Gbps
Maximum Inspection Throughput
1.8 Gbps
2.4 Gbps
Maximum Connections
750,000
1,700,000
Connections Per Second
30,000
45,000
Average Latency
<150 µ
<150 µ
Threat Protection
25,000+ threats
25,000+ threats
Protocol Anomaly Detection
Yes
Yes
Evasion Identification and Mitigation
Yes
Yes
Application Anomaly Detection
Yes
Yes
Passive OS Fingerprinting
Yes
Yes
Global Correlation
Yes
Yes
Pre-Inspection Reputation Black Lists
Yes
Yes
Reputation-Driven Mitigation Selection
Yes
Yes
Compound Signature Analysis (Disparate Alerts Combine to ID Higher Order Threat)
Cisco offers a wide range of service programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services for security, visit http://www.cisco.com/go/services/security.
Cisco Services for IPS
Cisco Services for IPS is an integral part of the Cisco IPS 4300 Series solution and enables operators to receive time-critical signature file updates and alerts. Part of the Cisco Technical Support Services portfolio, Cisco Services for IPS allows your Cisco IPS 4300 Series sensors to stay current on the latest threats so that malicious or damaging traffic is accurately identified, classified, and stopped. Cisco Services for IPS features include:
• Signature file updates and alerts
• Global Threat Correlation reputation feeds
• Registered access to Cisco.com for online tools and technical assistance
