RealTime IT News

New Cisco IPS Isn't All About Speed

Enterprise IT buyers have long been wary of the gap between the performance promised on a networking vendor's data sheet and a device's real-world effectiveness. Networking giant Cisco thinks that it has the answer, at least when it comes to intrusion prevention systems, or IPS , with its newest high-end appliance, the IPS 4270.

Cisco is wagering that the way to meet buyers' expectations is to properly define the types of traffic that an IPS will handle, and then to accurately benchmark for each.

According to the company, there are now two distinct types of traffic -- transactional and media-rich, which means rich HTTP content, video and collaboration tools.

With media-rich traffic, "the number of connections may not be high, but in terms of the nature of traffic, the traffic flows might be longer," Robert Berlin, senior manager for product marketing at Cisco, told InternetNews.com.

"In contrast, there is the more transactional nature of traffic that we might see in a financial institution, where you have fast transactions where a connection is set-up and torn down rapidly," he said.

The Cisco IPS 4270 boasts 4Gbps of performance for media-rich traffic and 2Gbps of throughput for transactional traffic, supporting up to 20,000 transactions per second. Berlin said those figures are actual performance speeds, with all intrusion detection signatures turned on.

Even though transactional traffic requires less time and bandwidth from a network, it's actually more difficult to deal with, security-wise.

"When you think about what we're trying to do from a protective profile perspective, a lot of attacks are on the initial setup and tear down," Cisco product manager Keith Stewart told InternetNews.com. "So when you think about really high-transaction traffic, you need to do a whole lot of inspection on setup and tear down, and continually do that. The bulk inspection of media-rich content is actually easier to do from a processing perspective than transactional traffic."

At its core, the 4270 runs the latest iteration of Cisco's IPS 6.x operating system software, which was first released earlier this year.

The IPS 4270 supports up to sixteen 1 Gigabit Ethernet (GbE) interfaces that can be bonded together into a load-balanced configuration. However, vendors like Force10 have been pushing the idea of 10 GbE IPS for several years.

Still, Cisco's Berlin said 10 GbE has yet to be widely deployed, though there is a lot of talk in the industry about the technology. Instead, he said the company views 1 GbE as the market's sweet spot.

Despite shunning 10 GbE, the 4270's raw performance could make it a viable option for datacenters, which Berlin said could plug in a number of servers and other devices to aggregate security inspection.

For instance, the IPS 4270 integrates with the rest of Cisco's Self Defending Network security offerings, like the company's NAC (Network Access Control) technology for post-admission policy control. It can also integrate with its security management tools, such as Cisco Security Manager.

The release of the IPS 4270 continues Cisco efforts to fill out its IPS portfolio as part of a broader push to meet the demands of more sectors in IT.

"What we have sought to do in the last few years is make IPS more accessible for more markets," Berlin said. "IPS started in the computer science realm and with organizations that under stood it. We're trying to make it more mainstream and we continue to look at taking IPS to commercial markets and down to the SMB."

"At the same time, we recognize that the datacenter continues to grow and the need for speed continues to be an issue in the industry," he said. "So we're continuing to invest in the high end."