5-9
Cisco Intrusion Detection System (IDS) Network Sensors
Chapter5 VPN and Security Products
•Flexible deployment options—A range of high-availability devices provide the
flexible backbone for creating the secure and efficient intrusion protection system.
The current Cisco IDS sensing portfolio includes the following sensor appliances: IDS
4215, IDS 4235, IDS 4250, and IDS 4250-XL. Additionally, Cisco IDS delivers
solutions that are integrated into the Catalyst 6500 switch with the Intrusion Detection
System Module (IDSM-2) and into the Cisco Access Routers with the IDS Network
Module (NM-CIDS).
When to Sell
Key Features
•High-Speed Performance including support for full line rate gigabit environments
•Integrated solutions for the Cisco Catalyst Switch and Cisco Access Routers
•Easy Installation and Setup; Remote Configuration Capability
•Comprehensive Attack Database
•Notification actions; Automated response actions
•Comprehensive IDS Anti-Evasion Techniques
•Cisco IOS-like CLI for full featured IDS management capabilities
Competitive Products
Specifications
Sell This Product When a Customer Needs These Features
Cisco IDS Network
Sensors • A distributed intrusion detection system capable of directing and forwarding alarms between local,
regional, and headquarters-based monitoring consoles
• A scalable architecture to allow the deployment of large numbers of sensors in order to provide
comprehensive security coverage in large network environments
• Cisco network IDS appliances (Cisco IDS 4200 Series Appliances) that can be deployed throughout the
network with the ability to monitor multiple subnets using a single appliance through the support of
multiple interfaces
• The Cisco IDS Switch Module (IDSM2) enables customers to perform both security monitoring and
switching functions within the same chassis
• The Cisco IDS Network Module enables full features intrusion protection integrated into the Cisco
Access Routers
• Broad performance range from 10 Mbps to 1 Gbps
• Automated false alarm reduction capabilities through CTR (Cisco Threat Response)
• Flexible IDS signature customization options
• Broad range of management and monitoring options to fit any environment.
• A robust, 24 hour x 7 day-a-week monitoring and response system with the latest attack detection
capabilities
• Internet Security Systems (ISS): RealSecure
• Symantec: Recourse Manhunt & ManTrap/NetProwler
• Enterasys: Dragon IDS
• Intrusion.com: SecureNet
• Netscreen: OneSecure IDP
• Snort: IDS
• Tipping Point
• NAI: Intrushield
• Network Flight Recorder, Inc.: NFR
Feature IDS-4215 IDS-4235 IDS-4250 IDS-4250-XL IDS Module
(IDSM-2)
IDS Network
Module
(NM-CIDS)
Performance 80 Mbps 250 Mbps 500 Mbps 1000 Mbps 600 Mbps 45Mbps
Processor 850 MHz 1.26 GHz Dual 1.26 GHz Dual 1.26 GHz.
Includes
customized HW
acceleration
Custom Hardware 10-45 Mbps
RAM 512 MB 1 GB 2 GB 2 GB 2 GB 512 MB