Cisco Intrusion Detection System (IDSM-2) Service Module shown in Figure 20-2 is a high-speed, high-performance integrated IPS module that is installed in Cisco Catalyst 6500 switches and Cisco 7600 Series routers.
IDSM-2 can be deployed to deliver up to 600 Mbps of intrusion prevention protection in passive mode and up to 500 Mbps in inline mode.
IDSM-2 offers an intrusion prevention system (IPS) solution for safeguarding organizations from malicious attacks and network breaches, thereby ensuring stability.
IDSM-2 is the second-generation services module offering protection to switched environments by integrating full-featured IPS functionality directly into the network infrastructure. This integration allows monitoring traffic directly off the switch backplane scaling to multi-gigabit environments.
IDSM-2 offers enterprises and service providers with unparalleled intrusion security, reliability, scalability, and multi-gigabit performance.
Some of the key features in IDSM-2 are the following:
Installs an integrated module inside a Cisco Catalyst 6500 Series Switch or Cisco 7600 Series Router. The IDSM-2 integrates intrusion security inside the network infrastructure.
Ensures a higher Return on Investment (ROI) through flexible deployment leveraging of existing infrastructure investments.
Provides a comprehensive inline prevention solution.
Delivers up to 500-Mbps performance in inline mode (600 Mbps in passive mode).
Provides multi-gigabit scalability up to eight modules per chassis, providing up to 4 Gbps of inline prevention.
Protects your network from policy violations, vulnerability exploitations, and anomalous activity.
Detailed multivector threat identification and traffic inspection for Layers 2 through 7.
Prevents malicious traffic including network viruses, worms, spyware, adware, and application abuse.
Offers accurate prevention technologies through the Cisco innovative Risk Rating and Meta Event Generator features that reduce false positives and provide confidence in data forwarded to the internal network by taking preventive actions on a wide range of threats without the risk of dropping legitimate traffic.
Offers hot swap modules such as insertion/removal that does not affect the Cisco Catalyst switch.
Supports the Cisco EtherChannel load balancing.
Supports the Cisco FlexWAN module.
Supports multiple capture techniques including Switched Port Analyzer (SPAN), Remote SPAN (RSPAN), and VLAN Access Control Lists (VACL). Cisco is the only vendor to provide an in-switch IDS/IPS solution providing access to the data stream via VACL capture.
Offers Anti-X integrated services partnered with Trend Micro augmenting the Cisco native signature development, which provides the quickest and most complete signature updates for timely recognition and prevention of attacks.
Offers flexible configuration by using the sensor Command Line Interface (CLI) console, which is available locally or remotely via Telnet or Secure Shell (SSH).
Offers Cisco IPS Device Manager (IDM), which is a GUI-based, Java-enabled, built-in web-based tool for sensor configuration and management. It can be accessed through Internet Explorer, Netscape, or Mozilla and is enabled by default to use Secure Sockets Layer (SSL).
Provides event monitoring for up to five IPS sensors through Cisco IPS Event Viewer (IEV).
Provides through Cisco Security Manager and Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) a world-class management and monitoring for sensor deployments of all sizes.
IDSM-2 runs the same software code as the IPS 4200 Series appliance hardware; hence, it can be integrated into the same management workflow.
Note
For further details about the Cisco Intrusion Detection System (IDSM-2) Service Module, visit http://www.cisco.com/en/US/products/hw/modules/ps2706/ps5058/index.html.