IDS/IPS solutions-- Firepower, or open source server?

jmaxwellUSAF · ‎11-20-2023

Hello.

My task is to investigate IDS/IPS solutions for my enterprise.

QUESTIONS:

1. ASA "Firepower" technology-- can this solution be implemented with only one ASA running Firerpower, or is an additional server needed?

2. This solution requires Firepower devices, with annual license renewals, at all our branches. There seems to be cheaper alternative options, such as High Performance Network Monitoring Solutions based on Open Source and Commodity Hardware. (ntop.org) , but I don't understand how these solutions expediently stop a threat. With or without Cisco devices, are there any significantly cheaper yet still satisfactory Enterprise IDS/IPS solutions-- such as sending all data to a server to run IDS/IPS? What are your thoughts?

Thank you.

MHM Cisco World · ‎11-20-2023

What asa platform you have ?

I think and I hope Mr.Rob also comment same is order new firepower which can add IPS to it.

Asa old and I think it waste of money add IDS/IPS to it.

balaji.bandi · ‎11-20-2023

Depends on what security expert internall have it.

Suricat

Snort (offer service directly)

zeek

I have used before and if you do not have any hands on experience, then going with Vendor is viable solution.

Not that i need to mention here - I used Fortigate ( that is reasonable cost for mediam enterprise)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎11-20-2023

@jmaxwellUSAF you would not use ASA software or hardware, the ASA hardware is EOL. If using a Cisco solution you could use Firepower hardware with the FTD software image and the Threat/IPS license, this can all be managed centrally by on-premise FMC or in the cloud by cdFMC.