IPS Product Comparison of Cisco 4255 & TippingPoint 5000E

6,122 views

Published on

IPS Product Comparison of Cisco 4255 & TippingPoint 5000E

Published in: Technology, News & Politics
2 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total views
6,122
On SlideShare
0
From Embeds
0
Number of Embeds
28
Actions
Shares
0
Downloads
201
Comments
2
Likes
3
Embeds 0
No embeds

No notes for slide

IPS Product Comparison of Cisco 4255 & TippingPoint 5000E

  1. 1. Intrusion Prevention Systems (IPS) Allen Galvan
  2. 2. Introduction <ul><li>We will try and answer some basic questions so that we might better understand how Intrusion Prevention Systems fit into a comprehensive Network Security Program. </li></ul>
  3. 3. IPS History
  4. 4. What is an IDS? <ul><li>There are two types of IDSs: </li></ul><ul><ul><li>Host Intrusion Detection Systems (HIDS) </li></ul></ul><ul><ul><ul><li>Software on hosts protects hosts: </li></ul></ul></ul><ul><ul><ul><ul><li>Router </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Switch </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Network Appliance </li></ul></ul></ul></ul><ul><ul><li>Network Intrusion Detection Systems (NIDS) </li></ul></ul><ul><ul><ul><li>Monitor network traffic against predefined Signatures. </li></ul></ul></ul>
  5. 5. What is an IPS? <ul><li>An IPS is the Next Generation of the IDS. </li></ul><ul><ul><li>An IDS Reacts and Stops an Attack. </li></ul></ul><ul><ul><li>On the other hand, an IPS Detects, Identifies, & Proactively Stops Unauthorized Anomalies or Malicious Attacks. </li></ul></ul>
  6. 6. We will Analyze two IPSs <ul><li>We will look at two IPSs: </li></ul><ul><ul><li>Cisco 4255 </li></ul></ul><ul><ul><li>TippingPoint 5000E </li></ul></ul>
  7. 7. How does Cisco 4255 IPS Work? Part I <ul><li>The Cisco 4255 IPS has 3 Components: </li></ul><ul><ul><li>Risk Rating Component </li></ul></ul><ul><ul><li>Meta-Event Generator Component </li></ul></ul><ul><ul><li>Multivector Threat Identification Component </li></ul></ul>
  8. 8. How does Cisco 4255 IPS Work? Part II <ul><li>Risk Rating Component </li></ul><ul><ul><li>Signature Analysis </li></ul></ul><ul><ul><li>Asset Value </li></ul></ul><ul><ul><li>Attack Relevance </li></ul></ul><ul><li>Meta-Event Generator Component </li></ul><ul><ul><li>Unique correlation of events to stop attacks. </li></ul></ul>
  9. 9. How does Cisco 4255 IPS Work? Part III <ul><li>Lastly, Multivector Threat Identification Component: </li></ul><ul><ul><li>Malware Protection (Trend Micro) </li></ul></ul><ul><ul><li>Rate Limiting </li></ul></ul><ul><ul><li>Stateful Pattern Recognition </li></ul></ul><ul><ul><li>Traffic / Protocol Analysis Detection </li></ul></ul><ul><ul><li>Custom Policies </li></ul></ul>
  10. 10. How does TippingPoint 5000E Work? <ul><li>Threat Suppression Engine (TSE) </li></ul><ul><ul><li>Monitors Packets </li></ul></ul><ul><ul><li>Parallel Processing @ Gbps backplane speeds assure High Network Performance </li></ul></ul>
  11. 11. Cisco & TippingPoint IPS Similarities & Differences
  12. 12. Cisco 4255 & TippingPoint 5000E Comparison Part I <ul><li>Both work @ Gigabit Speeds. </li></ul><ul><li>Both provide Inline Protection. </li></ul><ul><li>Both provide Stateful Packet Inspection. </li></ul>
  13. 13. Cisco 4255 & TippingPoint 5000E Comparison Part II <ul><li>Cisco has a partnership with TrendMicro to protect against viruses & worms. </li></ul><ul><li>Cisco uses: </li></ul><ul><ul><li>Risk Rating </li></ul></ul><ul><ul><li>Multivector Threat Identification </li></ul></ul><ul><li>TippingPoint protects the network using the Threat Suppression Engine. </li></ul>
  14. 14. Cisco Advantages
  15. 15. Cisco IPS 4255 Benefits - I <ul><li>Cisco provides increased Network Availability & Performance of Mission Critical Business Applications. </li></ul><ul><li>Cisco Mitigates Risk Management of Legal Liabilities. </li></ul>
  16. 16. Cisco IPS 4255 Benefits - II <ul><li>Cisco Protects Trade Secrets & Proprietary Information. </li></ul><ul><li>Cisco provides Comprehensive Policy Enforcement. </li></ul>
  17. 17. In Conclusion
  18. 18. Network Security is an Ongoing Process! <ul><li>An Intrusion Prevention System is one important part of a Network Security Program. </li></ul><ul><li>The Cisco IPS 4255 System is a more comprehensive Network Security Solution than the TippingPoint 5000E IPS. </li></ul>

×