You Can’t Protect What You Can’t See
The title seems like a simple enough concept, but when it comes to advanced threat protection, truer words were never written. This concept of visibility into your network, which in turn enables better protection and control of your network, is at the heart of Cisco’s Next-Generation Intrusion Prevention System (NGIPS). Visibility is what feeds critical capabilities in the solution and it’s also what sets our NGIPS apart from other IPS products.
In the coming weeks, we’ll focus on different aspects of our market-leading NGIPS solution, as recognized by third-party groups such as Gartner and NSS Labs, but since NGIPS is all about threat protection – and you can’t protect what you can’t see – let’s start with visibility.
Historically, IPS products have provided visibility into network packets to be able to identify and block network attacks. The last couple of years have seen next-generation firewalls get a lot of industry buzz by providing visibility (and subsequent control) into applications and users.
But is that all the visibility you need in order to protect today’s dynamic computing environments? What about:
- Operating Systems and Applications – Isn’t it important to be able to know all of the operating systems and client-side applications – and their respective versions – that are operating in your network? How would you know if unsupported operating systems or outdated app versions were running that could introduce additional vulnerabilities to your network?
- Mobile Devices – In today’s BYOD-world, if you can’t see these devices then you have no defense against endpoints that are routinely on other networks and whose application vulnerabilities you can’t control.
- Virtual Machines – Because many organizations are increasing their reliance on virtualized environments to reduce capital and operating expenses, if you don’t have visibility into your virtualized processing, how do you protect it against attacks?
- File Transfers, Malware, Malicious Connections (C&C, etc.), Anomalous Behavior, etc. – Malware comes in many forms and takes advantage of vulnerabilities wherever they exist, so having visibility into content and activity is fundamental to defending these attack plains.
Granted, there are a number of different products that individually provide visibility into many of these different areas – but at what cost? Additional appliances? Agents? Management interfaces? Support requirements? And if this visibility is contained in different product interfaces, do you really have holistic visibility into your network environment?
That’s why FireSIGHT™ sets Cisco’s NGIPS apart. FireSIGHT passively discovers more network, host, application, and user information than any other IPS solution. It uses this information, also known as “contextual awareness,” to build network maps and host profiles. It correlates and organizes this information to easily display trends and actionable security metrics. This real-time contextual awareness provides an “information superiority” advantage so that defenders can stay a step ahead of attackers. Remember, if you can’t see it, you can’t protect it! With FireSIGHT, you see all.
All of this critical visibility is provided out-of-the-box in a single product. In a single interface. Passively, without a single agent.
Visibility Enables Control
But what’s visibility without control? Cisco NGIPS’ ability to “see” all of this information also enables this information to be used in protection policies – providing better security over a wider range of dynamic assets. We also use FireSIGHT information to make smarter decisions and to fuel automation.
Our next blog will explore these advantages in more detail.
For more information, visit http://www.sourcefire.com/products/next-generation-network-security