https://community.cisco.com/t5/network-security/need-some-clarification/m-p/557708#M89773 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In inline mode, the IPS (SSM-10) will bascially sits in the data path. All network traffic need to pass through the IPS to check/inspect and filter malicious traffic content like trojans, viruses, various types of network and application attacks and so on.</P><P></P><P>In short, IPS can/will intercept passing through network viruses, but not the one hovering outside the IPS, e.g viruses in end-user workstations.</P><P></P><P>So, in the event of viruses/worms outbreak where it tries to replicate itself all over the network, any passing through traffic (through IPS-SSM), e.g outbound to the internet, containing this malicious scripts will be stopped by IPS. However, for segments without IPS protection, no filtering can be done.</P><P></P><P>This combination allows you to handle viruses/worms/trojans issues both at the hosts level using host antivirus software, and at the network level using IPS appliance (or ASA with SSM).</P><P></P><P>FYI, Cisco partnered with TrendMicro to enhanced virus/malware protection in the new IPS 5.1.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801eeea5.html" target="_blank">http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801eeea5.html</A></P><P></P><P></P><P>Rgds,</P><P>AK</P></BODY></HTML> Tue, 30 May 2006 15:18:07 GMT a.kiprawih 2006-05-30T15:18:07Z https://community.cisco.com/t5/network-security/need-some-clarification/m-p/557707#M89772 <P>I have just installed ASA-5520 with SSM-10 module. I have the IPS working and running in inline mode. I need clarification on the anti virus features. We currently use Symantec anti virus. I dont understand how I can integrate the IPS and symantec to work hand in hand. Also if an email virus breaks out and I activate or update the signature based on the virus, will the IPS catch it? The IPS is installed inline with the internet connection.</P><P></P><P>Thanks for any assistance.. </P> Sun, 10 Mar 2019 10:02:38 GMT https://community.cisco.com/t5/network-security/need-some-clarification/m-p/557707#M89772 bvalentz 2019-03-10T10:02:38Z https://community.cisco.com/t5/network-security/need-some-clarification/m-p/557708#M89773 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In inline mode, the IPS (SSM-10) will bascially sits in the data path. All network traffic need to pass through the IPS to check/inspect and filter malicious traffic content like trojans, viruses, various types of network and application attacks and so on.</P><P></P><P>In short, IPS can/will intercept passing through network viruses, but not the one hovering outside the IPS, e.g viruses in end-user workstations.</P><P></P><P>So, in the event of viruses/worms outbreak where it tries to replicate itself all over the network, any passing through traffic (through IPS-SSM), e.g outbound to the internet, containing this malicious scripts will be stopped by IPS. However, for segments without IPS protection, no filtering can be done.</P><P></P><P>This combination allows you to handle viruses/worms/trojans issues both at the hosts level using host antivirus software, and at the network level using IPS appliance (or ASA with SSM).</P><P></P><P>FYI, Cisco partnered with TrendMicro to enhanced virus/malware protection in the new IPS 5.1.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801eeea5.html" target="_blank">http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801eeea5.html</A></P><P></P><P></P><P>Rgds,</P><P>AK</P></BODY></HTML> Tue, 30 May 2006 15:18:07 GMT https://community.cisco.com/t5/network-security/need-some-clarification/m-p/557708#M89773 a.kiprawih 2006-05-30T15:18:07Z