Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA CX or ASA IPS for Threat Detection

I have been looking into the Cisco NGFW IPS and CX for Internet threat detection and prevention.


What i cannot wrap my head around is that the CX seems to be as much as an IPS as the regular IPS module, but it is not nearly as up to date with the signatures. 


IPS module recently got the S825 update containing the signature for ShellShock, while the CX have not been updated since the beginning of september. Only containg ~22 CVE signatures from 2014. 

Im missing something, or is the IPS way more secure than the NGFW CX module ?

Everyone's tags (1)
Hall of Fame Super Silver

The CX module also uses WSE

The CX module also uses WSE and AVC in conjunction with IPS to provide full-spectrum threat defense. As an IPS only the dedicated appliance is more comprehensive. As a multi-function security appliance, the CX-based services have broader coverage.

New Member

Thanks for the reply. Thats

Thanks for the reply.


Thats great and all, but the IPS module for CX cannot even compare to the dedicated IPS. So many CVE threat signatures that is missing. Is this something that will improve? Any reason why there are so few?

Hall of Fame Super Silver

You're welcome.I would

You're welcome.

I would suggest comparing the legacy Cisco IPS with the FirePOWER IPS (former Sourcefire product). That's where Cisco is putting it's strongest IPS investment these days.

New Member

I see.But still, CX IPS are

I see.

But still, CX IPS are missing critical signatures like "Heartbleed" and "ShellShock". 

Is there any paper from Cisco explaining why they do not keep the signatures up to date, or even if it will improve in the future ?

Hall of Fame Super Silver

There's no paper or official

There's no paper or official announcement. The CX-based IPS is and will always be a "lightweight" IPS.

You can draw conclusions for yourself based on observing where the updates are being made.

CreatePlease login to create content