Cisco does not longer provide end-point protection (CSA) you can talk with your account team for a replacement product. In regards to the IPS part of the question; the IPS can stop some of the consequences of a virus (attack) using anomally detection and signatures but the root cause will remain on the PC; so you still need end point protection.
"If you need PDI (Planning, Design, Implement) assistance feel free to reach us"
The problem we are trying to solve is as follows. If a user brings in laptop infected with a virus, we would like to restrict the spread of that virus to the local LAN segment. If we put an IPS at the perimeter/gateway of this LAN, can we prevent the spread of the virus to the global network? And can IPS identify the source (laptop) of the virus?
To add on ISE, the Cisco ISE supports posture assessment of clients. Posture assessment allows inspecting security “health” of the PC and MAC clients. This includes checking for installation, running state, and last update for security software, such as anti-virus, anti-malware, personal firewall. It also ensures the operating systems are patched appropriately.
In addition, ISE posture policies can check for additional custom attributes, like files, processes, registry settings, and applications. Taken together, these features provide ISE with the ability to determine the security “health” of a client that is trying to access your network. ISE uses posture policies to determine the access rights and remediation options that should be provided to clients.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...