Guest

Next-Generation Intrusion Prevention System (NGIPS)

High performance. Resiliency. Security operations empowerment.

What is an NGIPS?
Compare us with others

Let Us Help

Comprehensive and consistent protection

As cyberattacks evolve, network security requires unparalleled visibility and intelligence covering all threats for comprehensive protection. And with differing organizational responsibilities and agendas, you need a consistent security enforcement mechanism. These increasing operational demands call for a renewed focus on dedicated NGIPS to provide a deeper level of security and visibility for the enterprise.

  • Leading breach detection

    Leading breach detection

    Source: NSS Labs
  • Reduce time to detection

    Time to detection

    Source: 2018 Annual Cybersecurity Report
  • Savings from security automation

    Savings from security automation

    Source: SANS Institute

NGIPS features and benefits

Visibility

Visibility

With Firepower Management Center, you can see more contextual data from your network and fine-tune your security. View applications, signs of compromise, host profiles, file trajectory, sandboxing, vulnerability information, and device-level OS visibility. Use these data inputs to optimize security through policy recommendations or Snort customizations.

Efficacy

Efficacy

NGIPS receives new policy rules and signatures every two hours, so your security is always up to date. Cisco Talos leverages the world’s largest threat detection network to bring security effectiveness to every Cisco security product. This industry-leading threat intelligence works as an early-warning system that constantly updates with new threats.

Operational cost

Operational cost

Use NGIPS automation to increase operational efficiency and reduce overhead by separating actionable events from noise. Prioritize threats for your staff and improve your security through policy recommendations based on network vulnerabilities. Stay informed on what rules to activate and deactivate, and filter events pertinent for the devices on your network.

Flexibility

Flexibility

Cisco Firepower NGIPS flexible deployment options meet the needs of the enterprise. It can be deployed at the perimeter, at the data center distribution/core, or behind the firewall to protect mission-critical assets, guest access, and WAN connections. NGIPS can be deployed for inline inspection or passive detection.

Integration

Integration

Firepower NGIPS plugs into your network without major hardware changes or significant time to implement. Enable and manage several security applications from a single pane with Firepower Management Center. Seamlessly navigate between NGIPS, NGFW, and AMP to optimize your security and ingest third-party data through Cisco Threat Intelligence Director.

High-performance appliances

High-performance appliances

Cisco Firepower (4100 Series and 9000 Series) and FirePOWER (7000 Series and 8000 Series) appliances are purpose-built to provide the right throughput, modular design, and carrier-class scalability. They incorporate a low-latency, single-pass design and include fail-to-wire interfaces.

View data sheet

Find the best NGIPS for you

Cisco Firepower NGIPS is available on many appliance models and in both physical and virtual form factors. Choose the best option for your use case and throughput needs.

Firepower 4100 Series

Firepower 4100 Series

  • Designed for Internet-edge, high-performance environments
  • Threat inspection from 10 to 20 Gbps
  • Includes AVC, with AMP and URL options
  • Fail-to-wire interfaces available

FirePOWER 7000 Series

FirePOWER 7000 Series

  • Designed for sales and remote offices
  • Threat inspection from 50 Mbps to 1.25 Gbps
  • 8-12 monitoring interfaces
  • Small Form-Factor Pluggable (SFP): 2 models

Firepower 9000 Series

Firepower 9000 Series

  • Designed for service provider and data center deployments
  • Threat inspection up to 90 Gbps
  • Includes AVC, with AMP and URL options
  • Fail-to-wire interfaces available

NGIPSv for VMware

NGIPSv for VMware

  • Small branch offices and remote locations
  • Threat inspection up to 800 Mbps
  • East-west data center/PCI critical servers
  • Full NGIPS and options functionality

FirePOWER 8000 Series

FirePOWER 8000 Series

  • Designed for campus and enterprise deployments
  • Threat inspection up to 60 Gbps
  • Stackable scalability
  • Fail-to-wire interfaces available

Firepower Threat Defense for ISR

Firepower Threat Defense for ISR

  • Designed for branch and remote offices
  • Threat inspection up to 800 Mbps
  • Deployed on ISR G2 and 4000 Series routers
  • Increased security, lower WAN costs

Superior threat protection from Firepower NGIPS

Superior threat protection from Firepower NGIPS
  • Intrusion detection: Stop more threats and address attacks. For vulnerability prevention, the Cisco Next-Generation Intrusion Prevention System can flag suspicious files and analyze for not yet identified threats.
  • Public cloud: Enforce consistent security across public and private clouds for threat management. Firepower NGIPS is based on Cisco’s open architecture, with support for Azure, AWS, VMware, and more hypervisors.
  • Internal network segmentation: Accommodate network agendas with an enforcement mechanism that spans the requirements of various internal organizations.
  • Vulnerability and patch management: Use insights from Cisco IPS to patch high-priority vulnerabilities in a shorter period with fewer resources, without delay from your organization’s test process or environment.

Gartner: Cisco is named an IDPS leader

Cisco is positioned as a leader in the Magic Quadrant for Intrusion Detection and Prevention Systems.

Get report
Gartner: Cisco is named an IDPS leader
Upgrade to Firepower NGIPS

Upgrade to Firepower NGIPS

If you have a Cisco IPS or Sourcefire NGIPS, find an upgrade path that’s best for you. (PDF - 328 KB)

Download the guide

Related products

Firepower Management Center

Firepower Management Center

Provide complete and unified management over Firepower NGIPS, Firepower NGFW, and Cisco AMP deployments.

Cisco AMP Threat Grid

Cisco AMP Threat Grid

This integrated sandboxing technology produces both static and dynamic malware analysis.

Cisco Advanced Malware Protection (AMP)

Cisco Advanced Malware Protection (AMP)

Get rapid malware detection, tracking, containment, and remediation for advanced threat protection.

Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine (ISE)

Our access control policy platform is integrated with Firepower NGIPS to provide rapid threat containment.

Improve your results with our services

Security advisory services

Advisory

Work with our strategic and technical advisors to align security, compliance, and threat management with your business goals.

Managed security services

Managed

Reduce expenses and increase security with offerings that range from monitoring and management to managed threat solutions.

Optimized network security

Implementation

Design the best technical architecture for your company, plus speed the adoption of and optimize your network security technologies.

Product technical services

Support

Increase efficiency, lower support costs, and improve network availability with our award-winning product support services.

News and events

Protect your digital business with an NGIPS

Protect your digital business with an NGIPS

Get visibility, threat detection, and response where firewalls can't go.

Where firewalls can’t go

Where firewalls can’t go

See 5 major reasons why you should choose a dedicated NGIPS.

NSS Labs validates our NGIPS

NSS Labs validates our NGIPS

Cisco FirePOWER again leads in efficacy, throughput, and low TCO.

Meet the experts

Security intelligence experts

Cisco Talos

Follow our industry-leading team of security intelligence and research experts who regularly share analyses of threats and provide you with tools to help protect you against them.

Security management demo

Security management demo

Learn how to unify firewalls, apps, intrusion prevention, and more.

Watch now

Resources

Support

For partners

Are you a Cisco partner?  Log in to see additional resources.

Looking for a solution from a Cisco partner? Connect with our security technical alliance partners.

View all security partner resources