Post on 01-Apr-2018
transcript
Cisco IPSAdaptive Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 1
Adaptive Intrusion Prevention
Ng Tock Hiong
Director, Systems Engineering
thng@cisco.com
Today’s Discussion
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 2
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
The Evolution of IntentFrom Hobbyists to Professionals
Threats Becoming Increasingly Difficult to Detect and Mitigate
Financial:Theft and Damage
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 3
Th
rea
t S
eve
rity
1990 1995 2000 2005 What’s Next?
Testing the Waters:Basic Intrusions and Viruses
Fame:Viruses and Malware
Sophisticated Hacking Tools Are Easily Accessible
Austin, Texas, January 28th, 2008 -- The Metasploit Project announced today the freefree, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits.
Austin, Texas, January 28th, 2008 -- The Metasploit Project announced today the freefree, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits.
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 4
“…provides a wizard“…provides a wizard--based exploitation system“based exploitation system“
“…includes a bristling arsenal of exploit modules “…includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every that are sure to put a smile on the face of every information warrior"information warrior"
“…provides a wizard“…provides a wizard--based exploitation system“based exploitation system“
“…includes a bristling arsenal of exploit modules “…includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every that are sure to put a smile on the face of every information warrior"information warrior"
Sophisticated Hacking Tools Are Easy to Use too…
Choose Your Target and Exploit Type…Choose Your Target and Exploit Type…Choose Your Target and Exploit Type…Choose Your Target and Exploit Type…
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 5
Reducing the Gray: Uncertainty Equals Risk and Cost
GOOD: Allow
RELEVANT: Pass and Log
GOOD: Allow
Relevant: Pass and Log
NACTraffic Shaping
IPS
Monitoring &
Good: Allow
Relevant: Pass and Log
Good: Allow
Relevant: Pass and Log
NACTraffic Shaping
IPS
Monitoring &
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 6
Inefficient;Highly Manual
Efficient OperationsEffective Security
SUSPICIOUS: Pass and Alarm
BAD: Block
Suspicious: Pass and Alarm
BAD: BlockIPS,
Anti-X, DDoS,Firewall
Monitoring &
Correlation
Self-Defending Network
Inefficient;Highly Manual
Efficient OperationsEffective Security
Suspicious: Pass and Alarm
Bad: Block
Suspicious: Pass and Alarm
Bad: BlockIPS,
Anti-X, DDoS,Firewall
Monitoring &
Correlation
Self-Defending Network
Today’s Discussion
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 7
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
Cisco IPS Intelligent Detection
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 8
Intelligent Detection
� Unmatched threat analysis and mitigation engines based on 15 years of continuous innovation
� Deep protection from known and unknown attacks that other solutions don’t catch
� Superior anti-evasion and day-zero attack protection
Proactive Protection
� Rapid updates from Cisco® global security intelligence engineering
� Vulnerability-focused signatures for superior protection ahead of the threat
� Expedited coverage of important security events, including Microsoft Patch Tuesday Vulnerabilities
Comprehensive Application Protection
� End-to-end Cisco on Cisco voice protection from the unified communications experts
� In-depth inspection capabilities
to protect critical Web 2.0
application farms
� Adaptive wireless protection
collaboration with Cisco wireless
controllers
Slide 8
BH7 pls add bullet in first box
middle box needs to be larger to include all textBonnie Hupton, 2/26/2008
Cisco IPS ArchitectureIntelligent Detection and Precision Response
Modular Inspection Engines
Signature Updates
Engine Updates
Cisco Threat Intelligence Services
Risk-Based Policy Control
• Calibrated “risk rating” computed for each event
Normalizer Module
• Layer 3–7
On-Box Correlation
Engine
Context Data
Network Context
Information
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 9
Forensics Capture
• Before attack
• During attack
• After attack
• Vulnerability
• Exploit
• Behavioral anomaly
• Protocol anomaly
• Universal engines
computed for each event
• Event action policy based on risk levels
• Filters for known benign triggers
• Layer 3–7 normalization of traffic to remove attempts to hide an attack
• Meta event generator for
event correlation
Mitigation and Alarm
• “Threat rating” of event indicates level of residual risk
Virtual Sensor Selection
• Traffic directed to appropriate virtual sensor by interface or VLAN
In Out
Intelligent Detection:Key Threat Analysis and Mitigation Technologies
Evasion Protection
Protection against stealthy attacks designed to deceive security systems
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 10
security systems
Vulnerability-Focused Signatures
Verified protection against tens of thousands of threats and millions of potential exploit variants with a minimal number of signatures
Local Event Correlation
Real-time protection against multivector attacks
Normalizer Module
üüüüüüüü
üüüü
üüüü
üüüüüüüü üüüü
“Correct” Stream
Stream with Evasion Attempt
üüüüüüüüüüüü üüüü
“Normalized”Stream
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 11
Cisco® anti-evasion technology detects deceptive attack techniques that may go undetected by other IPS devices. This adaptive technology provides protection against some of the most dangerous tools currently used by attackers today.
Evasion Attempt
Vulnerability-Focused Signaturesfor Unparalleled Coverage
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 12
Cisco® commitment to vulnerability-focused signatures provides exceptional detection of both known and tested exploits as well as exploits yet to be written (day-zero exploits.)
Cisco® commitment to vulnerability-focused signatures provides exceptional detection of both known and tested exploits as well as exploits yet to be written (day-zero exploits.)
3000 Vulnerability-Focused Signatures
30,000Known Exploits
and Variants
Countless ExploitVariants
Yet to Be Written
Outstanding Coverage
One Sub-Signature: 5477-2 Possible Heap Payload Construction
39 Different Exploits Covered (as of 2/8/2008)
Metasploit: mozilla_compareto v1.3
Microsoft Internet Explorer window Arbitrary Code Execution Vulnerability
[xxxxx]: Microsoft Internet Explorer window() exploit 1.6
Mozilla Firefox InstallVersion.compareTo() Overflow
Metasploit 2.5 - mozilla_compareto 1.3
[xxxxx]: Firefox and Mozilla compareTo
Metasploit: Mozilla Firefox Memory corruption via QueryInterface on Location, Navigator objects
[xxxxx] MS07-004 CVE-2007-0024 Vulnerability in Vector Markup Language Could Allow Remote Code Execution
milw0rm: MS Internet Explorer VML Remote Buffer Overflow Exploit (MS07-004)
MS Windows (.ANI) GDI Remote Elevation of Privilege Exploit (MS07-017)
[xxxxx]: McAfee ePolicy Orchestrator ActiveX Exploit
Milw0rm: Yahoo Messenger Web Cam Exploits
[xxxxx] Microsoft Speech API ActiveX control Exploit for IMPACT v6.2
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 13
Location, Navigator objects
[xxxxx]: IE createTextRange() exploit v1.3
Metasploit ie_createtextrange v1.4
MS April - CVE-2006-1359 Cumulative Security Update for Internet Explorer
Metasploit: Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities firefox_queryi
IE MS06-42 Patch Exploit for [xxxxx]
milw0rm IE COM Object Heap Overflow DirectAnimation.PathControl
[Milw0rm] MS Internet Explorer (VML) Remote Buffer Overflow Exploit (SP2) (pl)
[xxxxxx] : IE VML buffer overflow exploit update 1.6
[milw0rm] MS Internet Explorer WebViewFolderIcon setSlice() Exploit (pl)
[milw0rm] MS Internet Explorer WebViewFolderIcon setSlice() Exploit (c)
Media Player PNG header overflow exploit
MS06-071 - Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability
milw0rm: MS Internet Explorer 6/7 (XML Core Services) Remote Code Exec Exploit 2
MS Internet Explorer 6/7 (XML Core Services) Remote Code Exec Exploit 3
[xxxxx]: IE XML HTTP Exploit for IMPACT v1.5
[xxxxx] Microsoft Speech API ActiveX control Exploit for IMPACT v6.2
milw0rm: Yahoo! Widget < 4.0.5 GetComponentVersion() Remote Overflow Exploit
[xxxxx] McAfee Subscription Manager ActiveX Exploit
[xxxxx] CVE-2007-3040 KB938827 Vulnerability in Agent could allow Remote Code Execution
[xxxxx] - Yahoo Messenger YVerInfo.dll ActiveX Multiple Remote Buffer Overflow Vulnerabilities
[xxxxx] KB942615: Cumulative Security Update for Internet Explorer CVE-2007-3902
[xxxxx] KB942615: Cumulative Security Update for Internet Explorer CVE-2007-5344
[xxxxx] KB942615: Cumulative Security Update for Internet Explorer CVE-2007-3903
[xxxxx]:Microsoft Agent MS07-051 Exploit Update for IMPACT v7
AskJeeves Toolbar 4.0.2.53 activex Remote Buffer Overflow Exploit
Milw0rm: Yahoo! Music Jukebox Remote exploits (3)
Event 3
Local Event CorrelationProtection from Multivector Attacks
üüüü
üüüü
üüüü
Event 1
Event 3
Event 2
Event 1
Event 2
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 14
Single events may appear normal when taken alone, but may indicate a multivector attack when taken together. Unlike security event manager-based correlation, local event correlation enables the IPS to take preventive action before the end system is compromised.
Single events may appear normal when taken alone, but may indicate a multivector attack when taken together. Unlike security event manager-based correlation, local event correlation enables the IPS to take preventive action before the end system is compromised.
IPS Passes Multivector Attack
IPS With Local Event Correlation Blocks Multivector Attack
Dynamic Protocol Analysis Engine Updates
Dynamically updated Protocol Analysis Engines provide a framework for sophisticated inspection and analysis capabilities that, unlike hard-
HTTPHTTP
MSRPCMSRPC
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 15
capabilities that, unlike hard-ware-based engines, can be updated as-needed to reflect changes and enhancements to network protocols as easily as a signature update.
SMTPSMTP
SMBSMB
� Anomaly-detection algorithms to detect and stop zero-day threats
� Real-time learning of normal network behavior
� Automatic detection and policy-based protection from anomalous threats to the network
� Result: Protection against attacks for which there is no signature
Real-Time Anomaly Detection for Zero-Day Threats
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 16
Internet
Traffic Conforms to Baseline
Traffic Conforms to Baseline
Anomalous Activity Detected, Indicating Potential Zero-Day Attack
� Attack target contextual information used to refine security response
� Contextual information gathered through:
� Passive OS fingerprinting
� Static OS mapping for exception handling
� CSA Linkages
� Dynamic Risk Rating adjustment based on attack relevance
� Result: More appropriate and effective security response actions
Endpoint Attack Relevance VisibilityIncreasing the Fidelity of Risk-based Policy
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 17
Network Scanner
A
Windows Server Linux Server
Not VulnerableFilter Event
VulnerableIncrease Risk Rating
Event / Action FilteringMonitoring Console:
Non-relevant events filteredAttacker initiates IIS attack destined for servers
� Result: More appropriate and effective security response actions
� Cisco Security Agent (CSA) provides data on suspicious hosts through Watch List (Network Context)
� IPS Sensor risk sensitivity increased dynamically for suspicious hosts (risk rating increase)
� Result: Improved risk management
Network-Endpoint CollaborationIncreasing the Fidelity of Risk-based Policy
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 18
1. Attacker tries to brute force attack an internal server
2. CSA blocks the attack and adds attacker to its watchlist
3. CSA collaborating with Cisco IPS is able to dynamically elevate the Risk Rating threshold for attacks coming from the attacker
4. Future attacks from hacker are blocked at the IPS device
Real-Time Risk-based PolicyRisk Rating and IPS Policy
Event Severity
Signature Fidelity
Urgency of threat?
How Prone to false positive?+
Risk Rating IPS Policy Action
RR < 34 Alarm
RR >35 and < 84
Alarm and
A quantitative measure of each threat before IPS mitigation
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 19
Fidelity
Attack Relevancy
Asset Value of Target
false positive?
Important to attack target?
How critical is this destination host?
= Risk Rating
+
+
+
and < 84Alarm and Log Packets
RR > 85 Deny Attacker
= IPS Policy Action
Network Context
What additional risk information is available?+
A quantitative measure of each threat after IPS mitigation
• High risk attacks that have been denied no longer require urgent operator attention
Threat RatingPrioritize Incident Response Efforts by Residual Risk
IPS Policy:RR > 85 ���� Deny Attacker
70
80
90
100
85
Risk measurement is updated based on IPS policy actions
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 20
attention
• Prioritize incident response on Events with high Residual Risk
Example:
• Event 2: Very high Risk Rating, but denied by policy � Low urgency, low Threat Rating
• Event 4: Quite high Risk Rating, but not high enough to deny � Higher urgency and Threat Rating
Result: Increased efficiency of response and productivity of operations by automatic prioritization of high risk incidents
0
10
20
30
40
50
60
70
1 2 3 4 5
Event Number
Risk Rating Threat Rating
MARSCSM
Mo
nito
rin
g
Po
licy
Total Security System Management
Configuration and Management
Policy Implementation
��
��
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 21
MARSCSM
Mo
nito
rin
g
Po
licy
Threat Intelligence
Reduced complexity for more effective risk analysis and operational control
�
Event Sharing and Collaboration
�
��
Today’s Discussion
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 22
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
Cisco Security Intelligence
IntelliShieldIntelliShield
Cisco PSIRTCisco PSIRT
IPS Signature Team
IPS Signature Team
Applied Intelligence
Applied Intelligence
Critical Infrastructure Assurance Group
Critical Infrastructure Assurance Group
Cisco STATCisco STAT
Global Security Analysts
• IPS signature development
• Vulnerability research
• Product security testing
• Incident management
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 23
• Cisco® security mitigation expertise
• Global critical infrastructure security research
Cisco Global IPS Signature TeamCisco Global IPS Signature Team
Cisco Security IntelliShield Alert Manager Service
Customer Profile
� Network is mission critical to business
Customizable, web-based security alert service that allows customers to easily access and receive timely, accurate, actionable, and vendor-neutral intelligence about potential threats and vulnerabilities in their environment
Security IntelliShield
Alert Manager
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 24
� Network is mission critical to business
� Needs proactive support for a more secure network
Sales and Delivery
� Sold by Cisco and certified partners, delivered by Cisco
Service Capabilities and Features
� Updates on threats and vulnerabilities that may impact network enabling devices, software, or IT infrastructure
� Built-in tools to proactively manage intelligence within organizations
� Configurable portal with flexible service packages
� Detailed information; historical coverage of approximately 10,000 alerts
� Correlation of Cisco IPS signatures SMB LB SPNEW
Responding to Security Events as They Occur
Incident Response
Groups
Incident Response
Groups
Primary Research
(Cisco Products)
Primary Research
(Cisco Products)
Cisco STATCisco STATCisco® PSIRTCisco® PSIRT
OtherVendors
ISACsISACs
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 25
ExternalSecurity
Research
ExternalSecurity
Research
InternalSecurity
Research
InternalSecurity
ResearchBugTraqBugTraq
Full DisclosureFull Disclosure
“Back-Channel”“Back-Channel”
Cisco AppliedIntelligence
Cisco AppliedIntelligence
Cisco IntelliShieldCisco IntelliShield
IPS SignatureTeam
IPS SignatureTeam
Cisco IPS Signature Delivery Process
Create NewSignature
Create NewSignature
AnalyzeVulnerability
AnalyzeVulnerability
Discovery, Analysis, and Signature GenerationDiscovery, Analysis, and Signature Generation
DiscoverVulnerability
DiscoverVulnerability
OverallProcess Time
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 26
Test SignatureIntegration
Test SignatureIntegration
Test Signature
Field
Test Signature
Field
PublishSignaturePublish
Signature
Testing and PublishingTesting and Publishing Critical: 8 hours
Urgent: 24 hours
Standard: 1 week
Cisco Security Center: Mission Control
� Applied mitigation bulletins
� CVSS scores
� PSIRT security alerts
� Integration with IronPort®
� IPS signatures
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 27
� Six-month free trial
� Integration with IronPort®
Slide 27
BH8 IronPort is a registered TM, so needs a noun after. I don't know what it is. IronPort device?IronPort technology
pls add a noun that is correct after IronPortBonnie Hupton, 2/27/2008
Today’s Discussion
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 28
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
Cisco High-Performance IPS Applications:Wireless Intrusion Prevention
• Protect the enterprise from wireless users
High-performance IPS helps protect at WLAN speeds for guest users’ and employees’ infected computers.
• Selectively block malicious traffic
Cisco High-Performance IPS
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 29
• Selectively block malicious traffic
Cisco IPS inspection services help enable accurate protection from wireless traffic.
• Remove repeat offenders from the network
Cisco IPS and Cisco WLAN Controllers work collaboratively to detect attackers from Layer 2 to Layer 7, and remove repeat offenders from the network.
Cisco WLAN Controller
Cisco Access Point
Securing Cisco Unified Communication Manager and Phones with Cisco IPS
� In-line inspection of voice and video traffic
� Protect Infrastructure that Voice runs on:
Protect Call Management infrastructure from attack
Real-time anomaly detection for day zero threats
Drop calls that are coming from IP addresses identified on the Cisco Security Agent “watch list”
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 30
Security Agent “watch list”
� Complements firewall application inspection technology
Cisco IPS’ Risk-based Policy enables easy management of IPS by non-experts
Protection against
• Application Misuse
• DoS/Hacking
• Known Attacks
• Zero-day Attacks
• Viruses/worms, spyware infecting traffic
Legitimate traffic
Firewall IPS
Cisco ASA 5500 with IPS: Threat Protected VPN Protecting the VPN Threat Vector
Worm/Virus Spyware Exploit
Remote AccessVPN User
Threat MitigationMalware DetectionWorm DetectionSpyware Detection
Application Firewall and Access ControlApplication Inspection/ControlGranular, Per-User/Group Access ControlProtocol Anomaly DetectionStateful Traffic Filtering
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 31
ASA 5500Unwanted
ApplicationIllegal
Access
Accurate EnforcementReal-Time CorrelationRisk RatingAttack DropSession Removal and Resets
Comprehensive Endpoint SecurityPre-Connection Posture AssessmentMalware MitigationSession/Data SecurityPost-Session Clean-Up
Leverages Depth of Threat Defense Features to Stop Malicious Worms, Viruses, and More…and Without External Devices or Performance Loss!
Today’s Discussion
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
� The Self-Defending Network and Cisco® IPS
� Cisco Intelligent Detection Architecture and Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 32
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
� Cisco Security Intelligence Engineering
� IPS Application Examples
� Summary
Cisco IPS Intelligent Detection
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 33
Intelligent Detection
� Unmatched threat analysis and mitigation engines based on 15 years of continuous innovation
� Deep protection from known and unknown attacks that other solutions don’t catch
� Superior anti-evasion and day-zero attack protection
Proactive Protection
� Rapid updates from Cisco® global security intelligence engineering
� Vulnerability-focused signatures for superior protection ahead of the threat
� Expedited coverage of important security events, including Microsoft Patch Tuesday Vulnerabilities
Comprehensive Application Protection
� End-to-end Cisco on Cisco voice protection from the unified communications experts
� In-depth inspection capabilities
to protect critical Web 2.0
application farms
� Adaptive wireless protection
collaboration with Cisco wireless
controllers
Slide 33
BH4 pls add bullet in first box
middle box needs to be larger to include all textBonnie Hupton, 2/26/2008
Cisco IPS Product Portfolio
IPS 4240
IPS 4255
IPS 4260
IPS 4200 Series
Catalyst 6500 Series
IPS 4270
IDSM2Catalyst 6500 IDSM2 bundle
Switch Integrated Service Modules for data center and switch integration
Dedicated Appliances for high performance, data center, and focused function environments
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 34
IOS IPS
Performance
ISR Series Routers
ASA5520-AIP20
ASA 5500 Series
IDSM2 bundle
Remote Office / Branch services for scalable remote office protection
Firewall-Integrated for comprehensive security and Unified Threat Management
ASA5510-AIP10 ASA5540-AIP40
AIM-IPS NME-IPS
Enhanced Operational Health and Monitoring
Signature Update Status
Sensor heartbeat
Sensor software restart status
Simplified Deployment and Management
Auto Signature Updates from CCO
IPS Device ManagementEase of use and Greater Visibility
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 35
Auto Signature Updates from CCO
Simplified configuration copy
Easier setup
Enter host name[sensor]:
Enter IP interface[192.168.1.2/24,192.168.1.1]:
Modify current access list?[no]: yes
Current access list entries:
No entries
Permit: 0.0.0.0/0
Permit:
Modify system clock settings?[no]:
[0] Go to the command prompt without saving this
config.
[1] Return to setup without saving this config.
[2] Save this configuration and exit setup.
[3] Continue to Advanced setup.
Intranet
Cisco Intrusion Prevention Strategy Comprehensive Threat Protection for the SDN
Endpoint Protection
Branch Protection
Perimeter Protection
Data Center Protection
Server Protection
Monitoring and Correlation
Solution Management
Internet
Cisco® Security Agent
Cisco Security Manager
Cisco Catalyst® Services Modules
Cisco Integrated Services Routers
Cisco ASA 5500 Adaptive Security
Appliance
Cisco SecurityMARS
Cisco IPS 4200 Series
© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 36
• Modular inspection engines: Respond rapidly with minimal downtime
• Behavioral anomaly detection: Protect against zero-day attacks
• Dynamic risk-based threat rating: Adapt threats policy in real time
• The most diverse line of IPS sensors: The right tool for the right job, anywhere in the network
• IPS integrated into the fabric of the network
• Built on Cisco security and network intelligence
• On-box and networkwide correlation to provide greater accuracy and confidence
• Endpoint and network sensors sharing live network information
• Reduced operational costs with a common, solution-based management interface
Adaptive CollaborativeIntegrated
Location Matters Focused Protection Better Together