Cisco Secure IPS or Next-Generation Intrusion Prevention System (NGIPS) acts as a security enforcement mechanism that provides intelligence and network visibility to secure the network from cyber attacks and threats.
Cisco Secure IPS (NGIPS) incorporates the following features:
- Visibility – Cisco uses Secure Firewall Management Center to view contextual data from the network. The network security is adjusted and optimized using the data inputs by recommending policies and customizing the Snort system.
- Efficacy – new policy rules and signatures are received every two hours.
- Operational Cost – using automation to increase operational efficiency and reduce overhead, classifies actionable events from insignificant ones.
- Flexibility – various flexible deployment options are available. It can be deployed either for inline inspection or passive detection.
- Integration – implementation does not require major hardware changes or any significant time. Firewall Management Center enables and manages security applications from a single pane. Cisco Threat Intelligence Director is used to navigate between Cisco’s security solutions.
- High-Performance Appliances – the Firepower 4100 and 9000 Series from the Cisco portfolio deliver network visibility, security intelligence, and advanced threat protection to secure IT environments.
- Threat Protection – incorporates intrusion detection to stop threats and address attacks. It prevents vulnerability by flagging and analyzing suspicious and unidentified files and enforces threat management across public and private clouds. It also supports internal network segmentation and patches high-priority vulnerabilities.
Cisco Firepower NGIPS Capabilities
The Intrusion Detection System (IDS) passively monitors and analyzes the network traffic for any potential intrusion attack and logs the attack data for analysis. The Intrusion Prevention System (IPS) performs the IDS functionalities and automatically restricts intrusion attacks.
Cisco acquired Sourcefire in 2013, which led to Cisco’s Firepower NGIPS. According to Gartner, Inc., a Next-Generation IPS should have IPS functions and some additional functionalities, which Firepower is capable of:
- Real-Time Contextual Awareness – discovers and provides contextual information, such as applications, users, operating systems, vulnerabilities, files, threats, etc.
- Advanced Threat Protection and Remediation – identifies, blocks, contains, and remediates advanced threats using integrated AMP for Networks and Threat Grid.
- Intelligent Security Automation – automatically associates threat events, contextual information, and network vulnerability data to implement:
- Defense optimization through protection policy update automatization
- Identify affected users in a client-side attack
- Configuration policy violation alerts
- Recognize malware advancement
- Detecting and tagging potentially compromised hosts with IoC
- Unparalleled Performance and Scalability – Cisco ASA and Firepower appliances incorporate a low-latency, single-pass design for remarkable performance and scalability.
- Application Visibility and Control (AVC) – lessen threats through application detection of more than 4000 commercial applications.
- URL Filtering – provides access control to over 80 website categories and 280 million individual URLs.
Cisco Firepower NGIPS includes the following capabilities, which further improve the overall security posture:
- Centralized Management – central management using the Cisco Firepower Management Center (FMC), a single pane of glass for policy management and event collection.
- Cisco Talos Global Threat Intelligence – integrates with Cisco’s Talos security intelligence for the latest IPS signature updates, leveraging the world’s largest threat detection network to act as an early warning system for new emerging threats. Thus, providing industry-leading threat effectiveness.
- Snort IPS Detection Engine – Snort is Firepower’s detection engine. It is the world’s most powerful open-source IPS engine.
- High Availability and Clustering – deployed as active/standby and intra-chassis clustering and is supported by the Firepower 9300 series appliances.
- Third-Party and Open-Source Ecosystem – supports open API for integration with third-party products.
- Cisco ISE Integration – used to apply remediation on a compromised host and secure endpoint:
- Quarantine: Limits an endpoint’s access to the network
- Unquarantine: Removes the quarantine status
- Shutdown: Shuts down the port where a compromised endpoint is attached
Cisco Firepower NGIPS is available as a virtual machine and physical appliances, which are:
- Firepower Series Appliances
- Firepower Threat Defense (FTD) for ISR
- Secure IPS Virtual
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: