Cisco Snort IPS for 4000 Series Integrated Services Routers Data Sheet

Available Languages

Download Options

  • PDF     (290.3 KB)
    View with Adobe Reader on a variety of devices
Updated:November 9, 2015
Document ID:1472072822688844

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Snort IPS for the 4000 Series ISRs provides integrated, lightweight threat defense for the branch office to help comply with PCI-DSS and other regulatory requirements.

Product Overview

Cisco® Snort® IPS for Cisco 4000 Series Integrated Services Routers (ISRs) offers a lightweight threat defense solution that uses industry-recognized Snort open-source intrusion prevention system (IPS) technology. It is perfect for customers who are looking for a cost-effective solution that provides one box for both advanced routing capabilities and integrated threat defense security to help comply with regulatory requirements. Enterprises with distributed branch offices (for example, in retail, the financial sector, hospitality, and education) can use these routers at the branch to comply with regulatory requirements without the need to deploy additional devices.

Moreover, when Snort IPS is paired with other security features integrated into the 4000 Series ISRs, such as VPN, zone-based Cisco IOS® firewall, and Cisco Cloud Web Security, the routers can provide comprehensive threat protection in a small footprint to address security where local Internet at the branch is used for guest traffic and applications hosted in the public cloud.

Features and Benefits

Feature

Benefit

Signature-based intrusion detection system (IDS) and intrusion prevention system (IPS)

Snort open-source IPS, capable of performing real-time traffic analysis and packet logging on IP networks, runs on the 4000 Series ISR service container without the need to deploy an additional device at the branch.

Snort rule set updates

Snort rule set updates for 4000 Series ISRs are generated by Cisco Talos, a group of leading-edge network security experts who work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware, and vulnerabilities.

Snort rule set pull

The router will be able to download rule sets directly from Cisco.com or to a local server, using one-time commands or periodic automated updates.

Snort rule set push

A centralized management tool can push the rule sets based on preconfigured policy, instead of the router directly downloading on its own.

Signature allowed listing

Allowed listing allows the disabling of certain signatures from the rule set. Disabled signatures can be reenabled at any time.

 

 

Lightweight, Cost-Effective Threat Defense for the Branch

Snort IPS complements existing network security features of the 4000 Series by providing industry-recognized, signature-based threat defense integrated into the ISR itself, without the need to deploy a second appliance at the branch. Snort IPS can use the compute power of the service container to scale security with the platform without affecting routing capabilities or other data plane functionality.

With more than 30,000 signatures delivered automatically by Talos, the ability to customize rule sets by allowed listing individual signatures, and centralized deployment and management capabilities, Snort IPS for the 4000 Series ISRs offers compelling yet cost-effective security to help customers comply with the Payment Card Industry Data Security Standard (PCI-DSS) and other regulatory requirements.

Platform Support

Snort IPS is available on the 4000 Series ISRs. It requires a minimum of 8 GB of memory and flash to run the service container infrastructure with IDS/IPS functionality. Starting with the Cisco 4331 Integrated Services Router, you have the ability to run three different profiles in order to reach increasingly higher levels of performance. Each profile may require additional system resources.

Platform

Profile

Required Service Container CPU Share

System Requirements

4321

Default

50%

Memory: 8 GB

Flash: 8 GB

4331

Low (default)

25%

Memory: 8 GB

Flash: 8 GB

Medium

50%

Memory: 8 GB

Flash: 8 GB

High

75%

Memory: 8 GB

Flash: 8 GB

4351

Low (default)

25%

Memory: 8 GB

Flash: 8 GB

Medium

50%

Memory: 8GB

Flash: 8 GB

High

75%

Memory: 8GB

Flash: 8 GB

4431

Low (default)

25%

Memory: 8 GB

Flash: 8 GB

Medium

50%

Memory: 8 GB

Flash: 8 GB

High

75%

Memory: 12 GB

Flash: 12 GB

4451

Low (default)

25%

Memory: 8 GB

Flash: 8 GB

Medium

50%

Memory: 8 GB

Flash: 8 GB

High

75%

Memory: 12 GB

Flash: 12 GB

Licensing

The Snort engine is included in the SEC license for 4000 Series ISRs. Snort rule sets to keep current with the latest threat protection are term-based subscriptions, available for one or three years. There are two types of term-based subscriptions:

    Community Rule Set

    Subscriber Rule Set

The Community Rule Set offers limited coverage against threats, focusing on reactive response to security threats versus proactive research work. There is 30-day delayed access to updated signatures in the Community Rule Set, and this subscription does not entitle the customer to Cisco support.

The Subscriber Rule Set offers the best protection against threats. It includes coverage in advance of exploits by using the research work of the Cisco Talos security experts. The Subscriber Rule Set also provides the fastest access to updated signatures in response to a security incident or the proactive discovery of a new threat. This subscription is fully supported by Cisco.

Product ID

Term

SKU

Description

L-SNT4321-C=

1 year

L-SNT4321-C-1Y

Snort Community Ruleset for 4321 ISR 1Y Svc Sub

L-SNT4321-S=

1 year

L-SNT4321-S-1Y

Snort Subscriber Ruleset for 4321 ISR 1Y Svc Sub

3 years

L-SNT4321-S-3Y

Snort Subscriber Ruleset for 4321 ISR 3Y Svc Sub

L-SNT4331-C=

1 year

L-SNT4331-C-1Y

Snort Community Ruleset for 4331 ISR 1Y Svc Sub

L-SNT4331-S=

1 year

L-SNT4331-S-1Y

Snort Subscriber Ruleset for 4331 ISR 1Y Svc Sub

3 years

L-SNT4331-S-3Y

Snort Subscriber Ruleset for 4331 ISR 3Y Svc Sub

L-SNT4351-C=

1 year

L-SNT4351-C-1Y

Snort Community Ruleset for 4351 ISR 1Y Svc Sub

L-SNT4351-S=

1 year

L-SNT4351-S-1Y

Snort Subscriber Ruleset for 4351 ISR 1Y Svc Sub

3 years

L-SNT4351-S-3Y

Snort Subscriber Ruleset for 4351 ISR 3Y Svc Sub

L-SNT4431-C=

1 year

L-SNT4431-C-1Y

Snort Community Ruleset for 4431 ISR 1Y Svc Sub

L-SNT4431-S=

1 year

L-SNT4431-S-1Y

Snort Subscriber Ruleset for 4431 ISR 1Y Svc Sub

3 years

L-SNT4431-S-3Y

Snort Subscriber Ruleset for 4431 ISR 3Y Svc Sub

L-SNT4451-C=

1 year

L-SNT4451-C-1Y

Snort Community Ruleset for 4451 ISR 1Y Svc Sub

L-SNT4451-S=

1 year

L-SNT4451-S-1Y

Snort Subscriber Ruleset for 4451 ISR 1Y Svc Sub

3 years

L-SNT4451-S-3Y

Snort Subscriber Ruleset for 4451 ISR 3Y Svc Sub

Ordering Information

Snort IPS for the Cisco 4000 Series ISRs is available and shipping. For more information about how to order it, please visit the Snort IPS for 4000 Series ISRs Ordering Guide. To place an order, visit the Cisco Ordering homepage. To download software, visit the Cisco Software Center.

Part #

Product Description

ISR4321-SEC/K9

Cisco ISR SEC bundle w/SEC license

MEM-4320-4GU8G

4G to 8G DRAM Upgrade (Fixed 4G + additional 4G) for 4320 ISR

MEM-FLSH-4U8G

4G to 8G eUSB Flash Memory Upgrade for 4300 ISR

L-SNT4321-S-1Y

Snort Subscriber Rule Set for 4321 ISR 1-yr Svc Sub

Cisco Capital

Financing to Help You Achieve Your Objectives

Cisco Capital® can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.

For More Information

http://www.cisco.com/c/en/us/products/security/router-security/literature.html.

 

 

 

 

 

 

 

Contact Cisco

  • Get a call from Sales
  • Call Sales:
  • 1-800-553-6387
  • US/CAN | 5am-5pm PT
  • Product / Technical Support
  • Training & Certification

Was this Document Helpful?

FeedbackFeedback