IPS Services to Stop Worms and Viruses
• IPS capability delivered to Cisco IPS 4200 Series appliances and the Cisco Catalyst 6500 Series IDSM-2, allowing effective worm and virus mitigation at strategic points across the network.
• Support for hybrid IDS/IPS services that allow a single sensor to operate simultaneously as an IDS sensor and an IPS sensor.
• Numerous packet drop actions to stop attacks.
Accurate Prevention Technologies
• Automated alarm aggregation for accurate worm classification and mitigation delivered through on-box correlation-the Cisco Meta Event Generator (MEG) (Figure 1).
Figure 1. Cisco Meta Event Generator
• Increase in the accuracy and confidence of IPS packet drop actions through a risk-balanced approach to classify threats. In contrast to traditional IPS solutions that depend on a simplistic model that only considers the IPS event severity rating, the Risk Rating allows the user to make more informed worm mitigation decisions through visibility into a variety of parameters that include: the severity of the event, relevancy of the attack, asset value of target systems, and fidelity of signatures (Figure 2). The result is a numerical risk rating that is automatically aggregated for the user and ensures that worm activity is stopped without dropping valid traffic.
Figure 2. Risk Rating to Enhance the Accuracy of IPS Actions
Extensions to Multivector Threat Identification
• Proetction from spyware and adware by allowing organizations to safeguard the integrity of sensitive information that can be divulged by malicious spyware applications as well as common adware such as Gator, Bonzi Buddy and SaveNow. Cisco IPS v5 contains unique algorithms that can effectively stop communications between spyware host servers and network devices that have been infected by spyware. Additionally, Cisco IPS v5 can also block unwanted communications generated by common adware applications.
• Application inspection technologies allow enforcement of policy decisions based on content detected at the application layer.
• Detection and prevention of covert channel tunneling through Port 80.
• RFC compliance checking for HTTP methods.
• Filtering of traffic based on malicious MIME types such as JPEG extensions.
• Control of permitted traffic via user-defined policies, such as the denial of Peer to Peer traffic that can potentially consume precious network bandwidth.
• Voice over IP (VoIP) engine to help ensure protocol compliance of H225 call setup messages. This engine also delivers protection against attacks to voice gateways through advanced buffer overflow and URL overflow mitigation.
• Support for the inspection and mitigation of threats in Multiprotocol Label Switching (MPLS) environments.
• Network antivirus capabilities to accurately identify and prevent virus outbreaks.
• Support for advanced traffic normalization algorithms such as fragmentation reassembly.
• Ability to identify attacks in IPv6 environments through the inspection of IPv4 traffic being tunneled in IPv6.
• Support for Security Device Event Exchange (SDEE), a standardized IPS communications protocol developed by Cisco for the IDS Consortium at ICSA.
• Extension of monitoring and notification mechanisms through the delivery of sensor alerts via Simple Network Management Protocol (SNMP) traps.
• Cisco IPS Sensor Software Version 5.0 will be shipped with all new Cisco IPS platforms.
• Cisco IDS or IPS sensors* under a valid Cisco SMARTnet® contract may be upgraded to Cisco IPS Sensor Software Version 5.0 at no extra charge.
• Cisco IDS or IPS sensors* that are not under a Cisco SMARTnet contract may be upgraded through the purchase of the following part number: IPS-SW-K9-U
Table 1. Ordering Information for Cisco IPS Sensor Software Version 5.0
FOR MORE INFORMATION