Benefits of IPS 6.0 over 5.1

Unanswered Question
Apr 23rd, 2008
User Badges:

Hi


Can anybody tell me what are the major benefits of version 6.0 of IPS (Please dont send a link as i have gone thru many and i didnt find relevant information for teh same


Regds

Ankur

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.

Where do we start? I guess the the benefits really happen if you have other cisco products.


For instance, if you are running Cisco Security Agent as well, you'll be able to do some event correlation by setting up the CSAMC to communication with the IPS. This gives a good visual for traffic making it through the IPS. When the agent fires an alert, it communicates that back to the sensor. The sensor then increases a score for the source address. That of course increases the chances of it being blocked.


Anomaly detection is also a big thing. This detects actions between networks, as long as they flow through the IPS, for "suspicious" activity. Things such as scanning or multiple connections. There is a good presentation on this that cisco has done. It explains how the metrics work as well as setting up the learning mode.


What I think is a very nice feature is the possibility of multiple virtual interfaces. You can create a vast array of custom setups to apply in various situations.


You can write a book about all of this, which is why many people just post links. Its easier and a lot more resourceful. But, I hope this assists you. OH, I'm sure I've left items here and there out. But, you get the idea.

Brian Conklin Fri, 04/25/2008 - 11:49
User Badges:

Hi Ankur,


There are many enhancements, but two of the most significant new features are:


1. Multiple Virtual Sensors. This allows you to scan the same traffic in multiple places in your network without confusing the virtual sensor normalizer. It will recognize that the traffic has traversed two locations in the network that are being scanned by the IPS.


2. 6.0(4) has support for asymmetric traffic. Again, this makes the Virtual Sensor more robust to support more complex traffic flow without normalization issues. See this site for more information.

http://www.cisco.com/en/US/docs/security/ips/6.0/release/notes/8827_02.html#wp1161779


These features combined make the IPS usable in many more complex network design scenarios than ever before.


Hope that helps!

-Brian

Actions

This Discussion