Cisco Intrusion Protection solutions integrate a Firewall and an Intrusion Detection System (IDS) which includes Cisco Threat Response technology to work together to identify and protect the network.

Firewalls
Firewalls control access to critical applications, services and data, so that only legitimate users and information can pass from one network (trust domain) to another. Firewalls can also prevent unauthorised users from accessing a particular subnet, workgroup, or LAN within a corporate network, guarding borders known as the "extended perimeter."

Intrusion Detection Systems (IDS)
A network-based Intrusion Detection System (IDS) analyses packet data streams within a network searching for unauthorised activity- and enables users to respond to security breaches before systems are compromised.

When unauthorised activity is detected, the IDS can send alarms including details of that activity to management consoles, and can also send instructions to other systems - such as routers or firewalls - to cut off the unauthorised sessions.

The sensors use sophisticated detection techniques, including stateful pattern recognition, protocol parsing, heuristic detection, and anomaly detection to provide comprehensive protection from a variety of both known and unknown Network threats.

With its innovative intrusion investigation process focused on the targeted host, Cisco's Intrusion Detection System with integrated Threat Response technology accurately determines if an alarm needs your attention. The leading incident response training centers, including SANS (SysAdmin, Audit, Network, Security) Institute and Computer Security Institute (CSI), emphasize the importance of conducting forensic investigation of the targeted host to determine if a particular attack has worked. Cisco Threat Response (CTR) uses these concepts and provides automated investigation in a repeatable and predictable way - 24 hours per day.

Unlike other intrusion-management solutions, only CTR technology provides an automated, just-in-time analysis of each targeted host to determine whether a compromise has actually occurred. Only by investigating the host under attack can you efficiently uncover the real intrusions and address them quickly. CTR will then provide the user with detailed information on how the event was investigated, as well as any forensic data gathered showing details of the actual attack. An administrator can then quickly use this prioritised information to remediate an intrusion. The result is that false alarms are eliminated by up to 95% and real intrusions are quickly identified and addressed - saving time and money.

Cisco Threat Response Technology works by determining the level of threat presented by an attack. For example an IIS unicode attack launched against the network will trigger many alarms, each of which takes up to 15min to investigate. With CTR technology the IDS will immediately determine that the first targeted system is a Linux server and not vulnerable to attack, while the second server has a patched operating system, therefore not vulnerable either, leaving the third system which is unpatched. Here the CTR will investigate attack traces and report full details to the Network Manager - thus eliminating many false alarms through intelligent analysis of the network.

Increased Protection for the Desktop
To further enhance Cisco's integrated security portfolio, Cisco recently acquired Okena Inc. Okena's next-generation network security software provides threat protection for desktop and server computing systems (also known as "endpoints"), by identifying and preventing malicious behaviour before it causes harm. Rather than relying on signature-based techniques, Okena's technology intercepts all operating system, file system, configuration, registry, and network requests. This behaviour-based approach provides customers robust protection against known and unknown threats while reducing the number of false positives, thus reducing operational costs.

To download a trial copy of Cisco Threat Response (CTR) software, click here.

Please note you will need to have your Cisco Username and Password available to access the software.