Easy Read Time: 4 Minutes

An intrusion detection and prevention system monitors network traffic for signs of a potential attack. When it detects potentially harmful activity, the action is taken to stop the attack. This often takes the form of dropping malicious packets, blocking traffic in the network, or resetting connections. The IDPS also usually sends an alert about the potentially malicious activity to the security administrators. Today’s IDPS systems typically use two main approaches to determine when an attack may occur. Detection based on signatures scans for signs of the known vulnerabilities. When it detects behavior correlated with an attack that has already been established, it takes steps to stop the attack. The second technique for identifying attacks is the detection of anomalies on a statistical basis. An IDPS using this technique compares current network activity with that which is normal. It will send out a warning or take other preventive measures when it detects an aberration.

The appliance market for network intrusion detection and prevention (IDPS) is composed of stand-alone physical and virtual appliances that inspect specified network traffic either on-site or in the cloud. They are also installed on the network to review traffic that has passed through perimeter monitoring systems, such as firewalls, protected Site gateways, and secure email gateways. IDPS devices are deployed in-line and reassemble the network traffic on a full-stream basis. They provide detection through several methods — like signatures, protocol detection of anomalies, behavioral monitoring or heuristics, integration of advanced threat defense (ATD), and threat intelligence (TI). IDPSs may also use various techniques when deployed in-line to detect and block attacks that are identified with high confidence; this is one of the primary advantages of this technology. IDPSs of the next generation have evolved in response to advanced targeted threats which may evade IDPSs of the first generation.

Cisco Firepower NGIPS offers a profound visibility, outstanding security intelligence and advanced protection of threats to secure complex IT environments today.

Cisco Firepower NGIPS

Cisco’s Next-Generation Intrusion Prevention System supports large enterprises with a capacity of 50 Mbps up to 60 Mbps of applications and physical and virtual devices for remote branch offices. NGIPS provides AMP Threat Grid integration, a URL-based security intelligence, and is supported by the security research team from Talos. More contextual data can be seen in your network and your security can be improved through the Firepower Management Center. Display apps, host profiles, file trajectory, sandboxing, information on the vulnerability, and visibility at the device level OS. NGIPS receives new policy rules and signatures every two hours, so you’re always up to date on security. By separating actionable events from noise, you can use the NGIPS automation to increase operational efficiency and reduce overhead. You can also prioritize threats to your staff and enhance your security through network vulnerability-based policy recommendations. It can be deployed at the perimeter, at the distribution/core of the data center, or behind the firewall to protect mission-critical assets, guest access, and connections to the WAN. This NGIPS can also be used in the network For an inline inspection or passive detection.

Next generation IPS (NGIPS) Network visibility, security, automation as well an advanced threat protection systems provide Cisco Firepower with network visibility. It uses the most advanced network threats and defends you from these intrusion detection features and various techniques. Threat appliances from Cisco Firepower NGIPS all offer the ability to run in-line through the Fail-To-Wire/Bypass network modules.

Cisco Firepower NGIPS discovers information on your network environment, continuously including operating systems data, mobile devices, files, apps and users. It then uses this information to create maps for the network and host profiles. This provides the contextual data that is needed to make better decisions on intrusion events.    And that information is also used as input to better enable key threat protection features to be automated. Cisco’s TALOS Security and Research Intelligence group collects and measures threats in real time with the world’s largest threat detection network. This results in vulnerability-oriented IPS rules and embedded Firepower NGIPS IP, URL, and DNS security intelligence. Security automation compares intrusion events with the vulnerabilities in the network to focus on the most important threats. This also analyzes the vulnerabilities of the network and recommends to put in place the appropriate security policies. Cisco Firepower NGIPS vulnerabilities appliances deliver industry-leading solutions against both identified and unknown vulnerabilities.

Features and Benefits.

  • IPS rules identify and restrict traffic attacks that target vulnerabilities in the network
  • Tightly integrated malware protection that integrates advanced network analysis and endpoint activity
  • Sandboxing technology that identifies zero-day and evasive attacks using hundreds of behavioral indicators
  • Stop more known and unknown threats with the industry-leading threats protection. Speeds up time for malware detection to reduce damage and propagation
  • Gain more control and insight into users, programs, apps, threats and vulnerabilities in the network with real-time visibility
  • Rapidly identify and block advanced threats and mitigate them by means of highly optimized AMP and sandbox solutions. Fix vulnerabilities “virtually” and immediately before new signatures or software become available
  • Threat events, contextual information and vulnerability data automatically correlate to better focus the workforce and better implement forensic investigations and security
  • Reduce threats to the network, with the help of custom application, by precise control of over 4,000 enterprise applications

As part of the core product, Cisco Firepower NGIPS includes Visibility and Control Application (AVC). Cisco Advanced Malware Protection (AMP) licenses for Networks and URL Filtering are available as option. Appliances from the Cisco Firepower 2100 Series, 4100 Series, and 9300 Series use the Cisco Firepower Threat Protection software image. The Cisco Firepower 2100 Series is a family of four NGFW security systems, which deliver business resilience by defending advanced threats. Once advanced threat functions have been enabled, it provides outstanding sustained performance. Such platforms incorporate an innovative dual multi-core CPU architecture, which simultaneously optimizes firewall, cryptography and threat management. The firewall range of the series covers cases from the Internet to the datacenter. Compliance with Cisco Firepower 2100 Series platform supports Network Equipment Building Standards (NEBS).

The Cisco Firepower 4100 Series consists of four NGIPS security platforms focused on threats. A maximum throughput is between 12 and 24 Gbps range, which covers use cases from the Internet edge to the datacenter. At higher speeds, they deliver superior threat protection with a smaller footprint.


The NGIPS Cisco Firepower is offered under Cisco Smart Licensing. Cisco realizes that software licenses can be incredibly complex to purchase, install, maintain and monitor. As a result, Cisco Smart Software Licensing is introduced that is a standardized licensing program that helps customers to understand how Cisco software is used across their networks and thus reduces administrative overhead and saves operational costs. For Smart Licensing, the platform offers a complete view of apps, licenses, and tools. Licenses are easily registered and activated and can be switched between hardware platforms. Additional information and related information on Smart Licensing is available here.


Smart Accounts is accessible here: