cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
83
Views
2
Helpful
6
Replies
Highlighted
Cisco Employee

NSO integration with Security IPS NED

 

Dear All;

 

 

Is there any successful deployment that integrates NSO with any security Intrusion Prevention System (IPS)?

 

I have looked at the list of Cisco available NEDs but I couldn’t find any Cisco IPS or even non-Cisco IPS like tipping point for example.

 

Or should we develop NED for such integration which is something I need to avoid as customer is opened to utilize any IPS that is supported by NSO already built-in NED.

 

Thanks for any reply in advance.

 

 

 

Best Regards,

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

 

Ayman,

 

 

I think it is important to understand our driver strategy.

 

 

We do not speculative develop NEDs, we only do it at customer requests and particularly when there is a paying customer. As we develop drivers very fast, this is normally not a blockage for a deal. In some exceptions, we develop POC level NEDs for an RFP but that needs to go through a betting process that is explained in the NED PPT in DevNet.

 

 

The general rule is to confine POCs to the existing NEDs because it is a “proof of concept” and does not need to be exactly the same as the operational environment.

 

 

With this info and referring to your original question:"Is there any successful deployment that integrates NSO with any security Intrusion Prevention System (IPS)?”, my recommendation would be to use the Cisco IOS IPS feature (http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/prod_white_paper0900aecd805c4ea8.html) or similar features from other vendors in existing NEDs. This will show the NSO capabilities to orchestrate IPS using our existing NED. Some commands may be missing but that is a simpler ask to fulfill rather than a full new NED.

 

 

Regards,

 

Roque

 

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

 

I'm not sure about any third party IPS but we are working on one for our NGIPS. Nowhere near production quality code yet, I'm afraid.

 

  Mike

Highlighted
Cisco Employee

 

Hi Mike,

 

Which Cisco IPS model you are using?

 

It's really sad that we don't have a production or POC grade NED for any IPS.

 

I find myself really cornered against the competition.

Sent from my iPhone

 

 

Regards,

 

Ayman Hamza

 

Highlighted
Cisco Employee

 

Ayman,

 

 

If you find an IPS that supports NETCONF then your customer will be happy.

 

No "Specialized" NED needs development for NETCONF devices.

 

 

Regards,
Nabil Michraf

 

Highlighted
Cisco Employee

 

My work focuses more on the virtual side of things on both vIPS and vFTD. Who is the competition that has cornered you?  As was written earlier, if they are a Netconf device, not such a big deal. If a more custom NED needs to be built, different story. You're welcome to look me up on directory and call my mobile if you care to chat.

 

 

Thanks,

  Mike

Highlighted
Cisco Employee

 

Many thanks Mike for replying.

 

Competition is mainly JNPR at the moment which they claim having straight forward integration with customer's IPS (Tippingpoint and Sourcefire).

 

Will check with customer if both support NETCONF.

 

Highlighted
Cisco Employee

 

Ayman,

 

 

I think it is important to understand our driver strategy.

 

 

We do not speculative develop NEDs, we only do it at customer requests and particularly when there is a paying customer. As we develop drivers very fast, this is normally not a blockage for a deal. In some exceptions, we develop POC level NEDs for an RFP but that needs to go through a betting process that is explained in the NED PPT in DevNet.

 

 

The general rule is to confine POCs to the existing NEDs because it is a “proof of concept” and does not need to be exactly the same as the operational environment.

 

 

With this info and referring to your original question:"Is there any successful deployment that integrates NSO with any security Intrusion Prevention System (IPS)?”, my recommendation would be to use the Cisco IOS IPS feature (http://www.cisco.com/c/en/us/products/collateral/security/ios-intrusion-prevention-system-ips/prod_white_paper0900aecd805c4ea8.html) or similar features from other vendors in existing NEDs. This will show the NSO capabilities to orchestrate IPS using our existing NED. Some commands may be missing but that is a simpler ask to fulfill rather than a full new NED.

 

 

Regards,

 

Roque

 

View solution in original post

Content for Community-Ad
Cisco Community August2020 Spotlight Award Winners
This widget could not be displayed.