IPS 4200 Series

Cisco's 4200 Series Sensors are hardware appliances that provide for the Enterprise Intrusion Prevention and Detection capabilities. The appliances can be deployed inline, where they can both classify and block malicious network activity; or in a "promiscuous" IDS only mode. "Hybrid" deployments where the appliance is both inline and promiscuous simultaneously are also supported.

The devices support both signature-based and behavioral-anomaly-based malicious traffic detection at Layers 2-7; with the vendor emphasizing that their signature-based detection is based not on specific exploits, but instead focuses on the actual vulnerabilities that are being exploited. Signature updates are provided by the vendor as part of their Cisco Services for IPS, which includes signature file updates and alerts, registered access to the vendor's online tools and technical assistance, IPS software updates, and advance replacement of failed hardware. For behavioral detection, the devices monitor network activities and mitigate attacks based on behavioral anomalies without requiring signature-based identification.

The appliances can be managed as stand-alone deployments, using an out-of-the-box GUI known as the Cisco IPS Device Manager. For the centralized management of multi-appliance deployments, the vendor notes compliance with the Cisco MARS (Monitoring, Analysis, and Response System), and Cisco Security Manager products.

Policy definitions can specify that malicious traffic be dropped, sessions terminated, or rate-limited based on the potential risk-score of the activity; a score that is determined by the appliance itself based on correlated details of the attack as well as knowledge of the corporate network--including such metrics as attack severity, relevance, and the relative value of the target asset. For post-event forensics, the appliances record details pertaining to each alert; including packet level details from before, during, and after the event.

Performance metrics for the appliance line are offered in two flavors: for "Media Rich" environments such as Web, streaming video, and file replication heavy traffic that features multiple transactions per connection and higher transaction sizes; and "Transactional" environments where a higher number of connections (including concurrent connections) is the norm. For Transactional environments the vendor lists performance at 80 Mb/sec in the IDS 4215 to 4 Gb/sec in the new IPS 4720; and for Media Rich environments the performance numbers are 65 Mb/sec to 2 Gb/sec.

Individual models available in the product line range from the 1U IDS 4215, with a single 10/100 interface and support for four additional 10/100 monitoring interfaces; to the new 4U IPS 4270, with four Copper or Fiber Gig Ethernet ports standard and support for additional monitoring interfaces (copper or fiber) up to a potential 16 total monitoring interfaces. The IPS 4270 also includes redundant power supplies standard; a feature that is optional in the 2U IPS 4260 and not available in any of the other IPS models.

Note that not all features described above may be available in each of the IPS 4200 Series Sensors.

The IPS 4200 series is available now. Pricing ranges from $7,295 (IDS 4215) to $89,995 (IPS 4270). Visit the Cisco Systems Web site for further information.

product submission by EITPlanet Staff

Latest category updates via our RSS feed