You are on page 1of 16
Intrusion Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview

Intrusion Prevention System Modules for Integrated Services Routers

Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview for Business
Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview for Business
Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview for Business
Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview for Business
Prevention System Modules for Integrated Services Routers Cisco IPS AIM and IPS NME Overview for Business

Cisco IPS AIM and IPS NME Overview for Business Decision Marker

Tina Lam, Product Manager, Cisco Systems

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

1

Organizational Impacts of Security Threats

Security Threats

Security Threats Distributed Denial of Service V irus out-break Random or direct theft Break-in, espionage Web-
Security Threats Distributed Denial of Service V irus out-break Random or direct theft Break-in, espionage Web-
Security Threats Distributed Denial of Service V irus out-break Random or direct theft Break-in, espionage Web-
Security Threats Distributed Denial of Service V irus out-break Random or direct theft Break-in, espionage Web-

Distributed Denial of Service

Virus out-break

Random or direct theft

Break-in, espionage

Web-site defacement

Customer information leak

Who Sees the Pain

Who Sees the Pain Disruption impacts productivity CIO Problem Loss Impacts value CFO Problem Loss damages

Disruption impacts productivity

CIO Problem

Loss Impacts value

CFO Problem

Loss damages customer, shareholder confidence, company reputation

CEO Problem

are hold er con fidence, company reputation CEO Problem C97-494048-00 © 2008 Cisco Systems, Inc. All
are hold er con fidence, company reputation CEO Problem C97-494048-00 © 2008 Cisco Systems, Inc. All
are hold er con fidence, company reputation CEO Problem C97-494048-00 © 2008 Cisco Systems, Inc. All

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

2

Reducing the Grey:

Uncertainty Equals Risk and Cost

GOOD: Allow NAC Traffic Shaping IPS GOOD: Allow RELEVANT: Pass and Log Monitoring and Correlation
GOOD: Allow
NAC
Traffic Shaping
IPS
GOOD: Allow
RELEVANT:
Pass and Log
Monitoring and
Correlation
Relevant: Pass and Log
Suspicious: Pass and Alarm
SUSPICIOUS:
Pass and Alarm
BAD: Block
BAD: Block
IPS,
Anti-X, DDoS,
Firewall

Inefficient

;

Highly Manual

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Self- Defending Network
Self-
Defending
Network

Cisco Confidential

Cisco Confidential

Efficient O erations Effective Security

p

;

3

3

Cisco Intrusion Prevention Strategy

Comprehensive Threat Protection for the SDN

Cisco IPS 4200 Series Cisco ASA 5500 Adaptive Security Appliance Cisco Cisco Cisco Security Agent
Cisco IPS 4200 Series
Cisco ASA 5500
Adaptive Security
Appliance
Cisco
Cisco
Cisco Security
Agent
Cisco Integrated
Services Routers
Cisco Catalyst ®
Services Modules
Security
Security
MARS
Manager
Internet
Intranet
Endpoint
Branch
Perimeter
Data Center
Server
Protection
Protection
Protection
Protection
Monitoring and
Correlation
Solution
Protection
Management
Integrated
Adaptive
Collaborative
Location Matters
Focused Protection
Better Together
The most diverse line of IPS
sensors: the right tool for
Modular inspection engines:
respond rapidly with
the right job anywhere in
the network
,
minimal downtime
On-box and network-wide
correlation to provide greater
accuracy and confidence
IPS integrated into the
fabric of the network
Behavioral anomaly
detection: protect against
zero-day attacks
Endpoint and network
sensors sharing live network
information
Built on Cisco security and
network intelligence
Dynamic risk-based threat
rating: adapt threats policy
in real time
Reduced operational costs
with a common, solution-
based management interface

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

Intrusion Prevention System (IPS)

Advanced Integration Module and Network Module

NEW NME-IPS-K9 Cisco 2811, 2821, 2851, 3800 AIM-IPS-K9 Cisco 1841, 2800, 3800 Cisco IOS ®
NEW
NME-IPS-K9
Cisco 2811, 2821,
2851, 3800
AIM-IPS-K9
Cisco 1841, 2800, 3800
Cisco IOS ® Advanced Security
or Above
AIM—12.4(15)XY, 12.4(20)T
Device
NME—12.4(20)YA
Device
AIM-IPS NME-IPS
AIM-IPS
NME-IPS
Device NME—12.4(20)YA Device AIM-IPS NME-IPS I t N t k Ad ® i i Accelerated Threat

I

t

N

t

k Ad

®

i

i

Accelerated Threat Control for Cisco

ncorpora es

e wor

m ss on

ISR

Control (NAC) appliance server

Scans for latest anti-virus software

Enables inline and promiscuous Intrusion

Prevention (IPS)

Enforces security policies,

Runs same software (CIPS 6.1) and enables

same features as Cisco IPS 4200

Prevents unauthorized access and

spread of viruses on the network

Performance improvement by hardware

Supports wired, wireless and guest NAC

acceleration; dedicated CPU and DRAM

to offload host CPU

Integrated into Cisco ISRs

AIM—Up to 45 Mbps

Provides size and scale ideal for

remote offices (<100 users) Works with NAC appliances at management through Cisco IPS headquarters in
remote offices (<100 users)
Works with NAC appliances at
management through Cisco IPS
headquarters in a network system
Manager (IDM), Cisco Configuration
Benefits of router integration
Systems Integration
Lower Operating Costs

NME—Up to 75 Mbps

Professional (CCP); network-wide management

through Cisco Security Manager (CSM)

Supported by IPS Manager Express (IME) and

CS-MARS on event monitoring and correlation

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

5

Cisco IPS Product Portfolio

IPS 4200 Series Dedicated appliances for high performance, data center, and focused function environments IPS
IPS 4200 Series
Dedicated appliances for
high performance, data
center, and focused
function environments
IPS 4255
IPS 4270
IPS 4240
IPS 4260
Cisco Catal st 6500 Series
y
Switch Integrated Service
Modules for data center
and switch integration
IDSM2
Cisco Catalyst 6500
IDSM2 Bundle
ASA 5500 Series
Firewall-integrated for
comprehensive
security and Unified
ASA5510-AIP10
ASA5540-AIP40
ASA5520-AIP20
Threat
Management
ISR Series Routers
Remote Office/
Branch services
for scalable remote
office protection
Cisco IOS IPS
IPS AIM and
IPS NME

Performance

protection Cisco IOS IPS IPS AIM and IPS NME Performance C97-494048-00 © 2008 Cisco Systems, Inc.
protection Cisco IOS IPS IPS AIM and IPS NME Performance C97-494048-00 © 2008 Cisco Systems, Inc.

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

6

Branch Needs for Self-Defending Network

Trends

Securit y

PCI Compliance (Retail); HIPAA (Healthcare); Sarbanes- Oxley/GLBA (Finance)

Prone to attacks from s lit tunnels contaminated la to s and rogue APs

p

,

p

p

Moves protection to the edge before threats enter corporate or SP network

Helps to manage unmanaged devices

Protect Servers at Branch
Protect Servers
at Branch
Threat Servers 192.168.3.14-16/24 Protect WAN Link and Upstream Corporate Resources Employees 192.168.1.x/24 Th
Threat
Servers
192.168.3.14-16/24
Protect WAN Link and
Upstream Corporate
Resources
Employees
192.168.1.x/24
Th reat
Internet
ISR with IPS AIM
or IPS NME
Threat
Wireless Guests
192.168.2.x/24
IPS AIM or IPS NME Threat Wireless Guests 192.168.2.x/24 IPSec Tunnel Office Corporate C97-494048-00 © 2008
IPSec Tunnel Office
IPSec
Tunnel
Office

Corporate

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

7

Benefits of Integrated IPS on ISR

42xx IPS Sensor SMB Network MSSP CE Router AIM IPS CS-MARS Internet/ SP Network ISR
42xx IPS Sensor
SMB Network
MSSP CE Router
AIM IPS
CS-MARS
Internet/
SP Network
ISR
NME IPS
AIM IPS

Corporate Office

SP Network ISR NME IPS AIM IPS Corporate Office Cisco Security Manager Small Branch Large Branch

Cisco

Security

Manager

Small Branch

Large Branch

Office Cisco Security Manager Small Branch Large Branch Full feature, high performance threat protection in the

Full feature, high performance threat protection in the Branch or SMB network

Requires no additional footprint, cabling, and power requirements

Systems integration with data, security and voice features on ISR

Supports any routed WAN link—transport agnostic: T1/E1, T3/E3, Ethernet, xDSL, MPLS, 3G WWAN

Provides defense-in-depth to the perimeter of the network: ICSA-certified Cisco IOS Firewall, IPSec and SSL VPN, NAC, URL Filtering

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

8

Securing Cisco Unified Communication Manager and Phones with Cisco IPS

In-line inspection of voice and video traffic

Protect infrastructure that voice runs on:

Protect Call Management infrastructure from attack

Real-time anomaly detection for day-zero threats

Drop calls that are coming from IP addresses identified on the Cisco Security Agent “watch list”

Complements firewall application inspection technology

Cisco IPS’ Risk-Based Policy enables easy management of IPS by non-experts

Protection against: Firewall IPS Application misuse DoS/hacking Known attacks Zero-day attacks Viruses/worms,
Protection against:
Firewall
IPS
Application misuse
DoS/hacking
Known attacks
Zero-day attacks
Viruses/worms, spyware
infecting traffic

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Legitimate

Traffic

9

Cisco High-Performance IPS Applications:

Wireless Intrusion Prevention

P

t

t th

ro ec

t

i

f

i

l

e en erpr se rom w re ess users

High-performance IPS helps protect at WLAN speeds for guest users’ and employees’

infected com uters

p

Selectively block malicious traffic

Cisco IPS inspection services help enable accurate protection from wireless traffic

Remove repeat offenders from h

t

e networ k

Cisco IPS and Cisco WLAN Controllers work collaboratively to detect attackers from Layer 2 to Layer 7, and remove repeat offenders from the network

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Cisco Systems, Inc. All rights reserved. Cisco Confidential Cisco High-Performance IPS Cisco WLAN Controller Cisco
Cisco High-Performance IPS
Cisco High-Performance IPS
Cisco WLAN Controller
Cisco WLAN Controller

Cisco Access Point

Inc. All rights reserved. Cisco Confidential Cisco High-Performance IPS Cisco WLAN Controller Cisco Access Point 10

10

Cisco IPS Manager Express (IME)

All-in-One IPS Management Application for up to Five IPS Sensors

At-A-Glance Dashboard

NEW
NEW

Startup Wizard:

Get up and running in t

jus

t

i

m nu es

Dashboard:

Put needed information at your fingertips

Configuration:

Save time with intuitive interface Reporting:

Create and share security and compliance reports

Monitoring:

See what’s happening with real-time and historical security events

At-a-Glance Dashboard

time and historical security events At-a-Glance Dashboard C97-494048-00 © 2008 Cisco Systems, Inc. All rights

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

Cisco Security Manager

Integrated Security Configuration Management

Int egra ted S ecur it y C on fi gura ti on M anagemen t

Firewall Management

Support for PIX ® , ASA, FWSM, and Cisco IOS Routers

Rich FW rule definition: shared objects, rule grouping, and inheritance

Powerful analysis tools: conflict detection, rule combiner, hit counts, …

conflict detection, rule combiner, hit counts, … VPN Management Support for PIX, ASA, VPNSM, VPN SPA,

VPN Management

Support for PIX, ASA, VPNSM, VPN SPA, and Cisco IOS Routers

Support for wide array of VPN technologies such as DMVPN, Easy VPN, and SSL VPN

VPN Wizard for Three-Step Point-and-Click VPN Creation

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Cisco Systems, Inc. All rights reserved. Cisco Confidential IPS Management Support for IPS Sensors, modules and

IPS Management

Support for IPS Sensors, modules and Cisco IOS IPS

Automatic policy- based IPS Sensor software and signature updates

Signature Update Wizard allowing easy review/editing prior to deployment

Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices
Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices
Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices
Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices
Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices
Wizard allowing easy review/editing prior to deployment Reduce OpEx Unified security management for Cisco devices

Reduce OpEx

Unified security management for Cisco devices supporting FW , VPN, and IPS

Efficiently manage up to 5000 devices per server

Multiple views for task optimization

Device View Policy View Topology View

12

Cisco Services for IPS

Rapid Signature Updates for Emerging Threats

V

l and Threats

u nera

biliti

es

ng Th rea ts V l and Threats u nera biliti es Cisco IPS Signature R&D

Cisco IPS Signature R&D Team

u nera biliti es Cisco IPS Signature R&D Team Updated Signature k P ac age C97-494048-00

Updated Signature k

P

ac age

Signature R&D Team Updated Signature k P ac age C97-494048-00 © 2008 Cisco Systems, Inc. All
Signature R&D Team Updated Signature k P ac age C97-494048-00 © 2008 Cisco Systems, Inc. All
Signature R&D Team Updated Signature k P ac age C97-494048-00 © 2008 Cisco Systems, Inc. All
Signature R&D Team Updated Signature k P ac age C97-494048-00 © 2008 Cisco Systems, Inc. All
Signature R&D Team Updated Signature k P ac age C97-494048-00 © 2008 Cisco Systems, Inc. All
Signature R&D Team Updated Signature k P ac age C97-494048-00 © 2008 Cisco Systems, Inc. All

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

S

R Extensive around-the-clock research capability gathers, f vulnerabilities and threats

F

ll

o ow-

th

e-

un

h

esearc :

f

identi ies and classi ies

Rapid Response:

Signatures are created to mitigate the vulnerabilities within hours of classification

Human Intelligence:

Applied Intelligence Reports provide insight and guidance on using IPS technology to protect yourself

13

Cisco Security IntelliShield Alert Manager Service

Now Includes IPS Signature-to-Threat Correlation

Service Now Includes IPS Signature-to-Threat Correlation C97-494048-00 © 2008 Cisco Systems, Inc. All rights
Service Now Includes IPS Signature-to-Threat Correlation C97-494048-00 © 2008 Cisco Systems, Inc. All rights
Service Now Includes IPS Signature-to-Threat Correlation C97-494048-00 © 2008 Cisco Systems, Inc. All rights

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

y information in a single database

Com lete vulnerabilit

and threat

p

Notification of only those vulnerabilities relevant to a pre-defined infrastructure

Actionable alerts in a standardized format based on user-customized profiles

Each vulnerability or threat is analyzed and validated by security analysts

Vulnerability and threat information is vendor-neutral and objectively graded

Comprehensive library of over 10,000 threats and vulnerabilities

Built-in workflow allows easy management of tasks and remediation efforts

14

Cisco License Manager

Automates license management for IPS AIM, IPS NME and more Increased productivity

Rapidly roll out new services—500 licenses deployed in two minutes

Scales to 30,000 devices

Enhanced Security and Virtualization

Role-Based Access Control via user roles

Access Control Lists limit access to PAKs and Devices

Reduced complexity

Automated licensing workflows

License reports aid in audit compliance

Investment protection

Full-functionality Java and Perl Software Development Kits (SDK) to integrate with existing applications

Faster failure recovery

Restore device licenses from database backup

Resend all licenses from Cisco.com and deploy them quickly

C97-494048-00

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15

C97-494048-00

C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
C97-494048-00 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16

16