Where do we start? I guess the the benefits really happen if you have other cisco products.
For instance, if you are running Cisco Security Agent as well, you'll be able to do some event correlation by setting up the CSAMC to communication with the IPS. This gives a good visual for traffic making it through the IPS. When the agent fires an alert, it communicates that back to the sensor. The sensor then increases a score for the source address. That of course increases the chances of it being blocked.
Anomaly detection is also a big thing. This detects actions between networks, as long as they flow through the IPS, for "suspicious" activity. Things such as scanning or multiple connections. There is a good presentation on this that cisco has done. It explains how the metrics work as well as setting up the learning mode.
What I think is a very nice feature is the possibility of multiple virtual interfaces. You can create a vast array of custom setups to apply in various situations.
You can write a book about all of this, which is why many people just post links. Its easier and a lot more resourceful. But, I hope this assists you. OH, I'm sure I've left items here and there out. But, you get the idea.
There are many enhancements, but two of the most significant new features are:
1. Multiple Virtual Sensors. This allows you to scan the same traffic in multiple places in your network without confusing the virtual sensor normalizer. It will recognize that the traffic has traversed two locations in the network that are being scanned by the IPS.
2. 6.0(4) has support for asymmetric traffic. Again, this makes the Virtual Sensor more robust to support more complex traffic flow without normalization issues. See this site for more information.
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...
Our Cisco experts and guests chat about how the integration of Cisco Secure Firewall + Secure Workload is securely accelerating application delivery by allowing NetOps to start running at DevOps speed, and what that means for business success.