The Instruction Detection System monitors and analyses traffic for protentional network intrusions, logging any possible threats to the network for analysis.
A system that does all of this and also blocks the attack is known as an Instruction Prevention System.
According to Garner, an Intrusion Prevention System should include the following capabilities:
- Real time contextual awareness
- Advanced threat protection
- Intelligence security automation
- Unparalleled performance and security
- Application visibility and control
- URL Filtering
Cisco acquired Sourcefire in 2013, and renamed it the Firepower next-generation intrusion prevention system when adding to their portfolio of products.
Firepower can be deployed as a physical appliance, as part of Firepower Threat Defence on an ISR, or virtually with NGIPS Virtual.
Firepower is claimed to exceed the requirements that were set by Gartner with the following capabilities:
Real-time Contextual Awareness
Firepower can discover and provide contextual information such as applications, users, endpoints, operating systems, vulnerabilities, services, processes, network behaviours, files and threats
Advanced Threat Protection and Remediation
Firepower can detect, block, contain, and remediate advanced threats through the integrated AMP for networks and threat grid for sandboxing solutions
Intelligent Security Automation
Firepower can automatically correlate threat events, contextual information, and network vulnerability data to perform the following:
- Optimise defences by automating protection policy updates
- Quickly identify users affected by a client side attack
- Receive alerts when a host violates a configuration policy
- Detect the spread of malware by baselining normal network traffic and detect network anomalies
- Detect and tag hosts that might potentially be compromised by malicious means
Unparalleled Performance and Scalability
Purpose built Firepower and ASA appliances can incorporate a low latency, single pass design for unprecedented performance and scalability
Firepower reduces threats through application detection of more than 4000 commercial applications, with support for custom applications too
Firepower can provide access control to more than 80 categories of websites and provides cover for more than 280 million URLs
Firepower is managed centrally by the Cisco Firepower management centre, a single pane of class for event collection and policy management
Global Threat Intelligence from Cisco Talos
Firepower integrates with Cisco Talos for the latest IPS signature updates as well as URL filtering information to block connections to URLs, IPs, or domain names
Snort IPS Detection Engine
Firepowers detection engine is Snort, a powerful open-source IPS engine
High Availability and Clustering
Firepower can be deployed as active/standby. Intra-chassis clustering is supported by the Firepower 9300 series platform
Integration with Cisco ISE
The firepower management console can use Cisco ISE to apply remediation on compromised hosts. It can quarantine a host on the network, or even shut down the port the host is connected too.