Sizing 2016 Cisco andor its affiliates All rights

Sizing © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

NGIPS High Level Design § Industry-best intrusion prevention § Real-time contextual awareness § Full stack visibility § Intelligent security automation with Cisco Fire. SIGHT™ § Superior performance and scalability § From branch office to data center § 18 models; 50 Mbps – 60 Gbps § Easily add (with optional subscription licenses) § Advanced Malware Protection § Application Visibility and Control (AVC)* § URL Filtering * AVC comes by default with ASA with Fire. POWER Services © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

NGIPS High Level Design Perimeter Appliances usually sit behind a firewall in transparent inline mode with link state propagation enabled Alternatively, Fire. POWER appliances can subsume basic firewall capabilities and run in a bridged or routed mode Appliances will often sit in a listen only mode off of a trunk port, profiling all data center traffic Data Center Branch or wiring closet © 2016 Cisco and/or its affiliates. All rights reserved. They may also, and often in conjunction with the passive mode, sit inline between each layer of the data center – all of these functions can be provided by a single appliance, stack, or cluster for simplified management and overhead While Threat discovery is often desirable everywhere it can be placed, it is often too expensive to deploy everywhere. However, it is a common option to simply enable Fire. POWER appliances to only run the Fire. SIGHT discovery technologies to provide profiling as close to protected assets as possible (and detect changes to network topology that may indicate compromise) Cisco Confidential 3

NGIPS High Level Design Performance: How to measure and Why it matters? § Sizing: Which device do I need to buy? § Upgrade of existing or new device? § Features: What features am I going to need or want to run? § Firewall, IPS, Application Control, URL, Malware, Security Intelligence, Custom rules, etc. ? § Location: Where is the device in the network? § In front of a DNS only datacenter with millions of very small very fast transactions or in front of HTTP web servers serving normal web pages? § Datacenter looking at only internal traffic or Internet Edge looking at the wild Internet? As with all performance discussions, YOUR MILEAGE MAY VARY!! © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

How to measure? § Datasheets generally have some indication of performance. In most cases this includes the infamous “throughput” measurement. Different product spaces have different typical “throughput” tests. § The firewall industry almost always publishes a max throughput number, usually based on a traffic type that is never helpful in determining sizing of the product. UDP 1518 byte packet size is fairly common. § The IPS industry has generally been more conservative about throughput estimates on their datasheets, partly because their performance range is much more variable than firewalls, and partly because of industry choice. TCP 440 byte HTTP is fairly common. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

NGIPS throughput in mbps ASA with Fire. POWER Services models: © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

NGIPS throughput in mbps Standalone Fire. POWER models: © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

NGIPS throughput mbps Standalone AMP Fire. POWER models: © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8