Managed Intrusion Detection System / Intrusion Prevention System

Cisco Powered Managed Services

A Cisco Powered Managed Intrusion Detection(IDS) / Intrusion Prevention(IPS) service provides Cisco's proven deep-packet inspection-based technology, combined with end-to-end management, monitoring and maintenance. The service:

Helps customers better protect their business infrastructure and mitigate a wide range of network attacks.
Is managed from a Security Operations Center (SOC) and is deployed at strategic locations across the enterprise network in order to detect, protect and react to misuse, attacks and security policy violations.
Supports the key features available on the Cisco IDS/IPS solutions and conforms to Cisco and industry best practices.
Provides comprehensive SLAs covering the overall performance of the service, and online access to real-time and historical service-performance reports.

To view a complete list of requirements for this service, please visit the Managed Services: Portfolio Requirements

To view the full Bills of Material for this service, please visit the MSCP Portfolio: Bills of Material

Cisco Powered Managed Services

Strategic Managed Services

Legacy Managed Services

Architecture and Technical Attributes

Requirement	Auditor Instructions (What to Look for)
Deploy as IDS or IPS. Service must have the ability to deploy the sensor in several modes: monitor-only, fully-managed service, promiscuous mode—listen only and alarm, inline—bump in line with drop/alarm, signature updates, customization and tuning	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Intrusion detection is supported. Intrusion monitoring is supported, including event correlation/alarm filtering, classification and customization. Monitoring must include log trending with analysis	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of voice media failover	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of the following detection methodologies: Simple Pattern Matching: Looking for a fixed sequence of bytes in a single packet; can be associated with a specific service Stateful Pattern Matching: Matches are made in context within the state of stream	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Dynamically deploy signatures and/or ACLs to respond to new attacks. The IDS/IPS must be able to be configured to check for signature updates and push them to the sensors in the network. New signatures must be able to be added to the existing policies on the mitigation devices	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Recognize new outbreaks and deploy threat specific ACL within 60 minutes, and new signature within 90 minutes. Intrusion Prevention Service must be capable of deploying outbreak prevention policies on mitigation devices	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for signatures for evaluation of VoIP (H323 and H225) traffic, including: Ensuring protocol compliance for call setup messages Protecting against attacks on voice gateways Preventing excess memory allocation through detection of ULR overflow	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support for tunneling protocols, including GRE, MPLS, IP-in-IP, and IPv6	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
An automatically scheduled mechanism to update signature files. The user has 3 choices in IPS MC 2.2 when dealing with signature updates: Check only: Allows the IPS MC to check for new updates and notify the user Check and download: Checks for new signature updates	Generally part of the Technical Service Description (MSD); other service description may also be acceptable

Architecture and Technical Attributes

Requirement	Auditor Instructions (What to Look for)
Deploy as IDS or IPS. Service must have the ability to deploy the sensor in several modes: monitor-only, fully-managed service, promiscuous mode—listen only and alarm, inline—bump in line with drop/alarm, signature updates, customization and tuning	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Intrusion monitoring is supported, including event correlation/alarm filtering and classification. Monitoring must include log trending with basic analysis	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Support of the following detection methodologies: Simple Pattern Matching: Looking for a fixed sequence of bytes in a single packet; can be associated with a specific service Stateful Pattern Matching: Matches are made in context within the state of stream	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Dynamically deploy signatures to respond to new attacks. The IDS/IPS must able to be configured to check for signature updates and push them to the sensors in the network	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Recognize new outbreaks and deploy threat specific ACL within 60 minutes, and new signature within 90 minutes. Intrusion Prevention Service must be capable of deploying outbreak prevention policies on mitigation devices	Generally part of the Technical Service Description (MSD); other service description may also be acceptable
Access lists	Generally part of the Technical Service Description (MSD); other service description may also be acceptable

There are no services being offered at the Legacy level.

Hierarchical Navigation

Partner Central

Cisco Powered Managed Services

Related Tools