Intrusion prevention systems (IPSs) are critical to protecting your network and assets against worms, Trojans, and other malicious attacks. Cisco® IPS Manager Express (IME) is a powerful all-in-one IPS management application designed to meet the needs of small and medium-sized businesses. With one application, you can provision, monitor, troubleshoot, and generate reports for as many as five Cisco IPS sensors. Cisco IPS Manager Express is a key part of the Cisco IPS solution, which provides intuitive, powerful, and secure protection of your network and assets.
• Intuitive: Easy-to-use interfaces simplify deployment and management.
• Powerful: High performance and advanced features provide strong security protection and reduce analysis time.
• Secure: Security updates delivered by global security intelligence team working 24 hours a day helps provide peace of mind.
Features and Benefits
Intuitive Customizable Dashboards
The Cisco IPS Manager Express dashboard (Figure 1) is easy to use. On one dashboard, you can look at both your IPS sensor health and network security health. You can customize the dashboard with more than 10 drag-and-drop gadgets. The dashboard remembers your settings, so you can come back to the same settings the next time you start Cisco IPS Manager Express. Live Really Simple Syndication (RSS) feeds keep you informed about the most recent security threats.
Figure 1. Customizable Dashboard
Live RSS Feeds
Live RSS feeds (Figure 2) keep you informed about the most recent security threats on the network. RSS feeds can be personalized to your needs and can provide recommendations for securing your network.
Figure 2. Live RSS Feeds Gadget
Powerful Monitoring of Real-Time and Historical Events with Cisco IPS Manager Express Event Viewer
Cisco IPS Manager Express provides many advanced event-monitoring capabilities to reduce analysis and troubleshooting time. With the Cisco IPS Manager Express Event Viewer (Figure 3), you can monitor real-time and historical events in the same view. To help you with analysis, the Cisco IPS Manager Express Event Viewer provides filtering, coloring, and grouping capabilities. Events can be colored or filtered using more than 10 parameters. Multilevel grouping allows four levels of tiered grouping. To help you better understand an event, Event Details provides information about the event and the signature.
Figure 3. Cisco IPS Manager Express Event Viewer
Flexible Reporting Tool
The Cisco IPS Manager Express reporting tool allows you to generate custom and compliance reports in seconds. You can choose from more than 10 predefined templates or create your own report with easy-to-use filters. The reporting tool allows you to choose from pie charts or bar graphs. You can customize your report to the time period you choose. You can display the reports with IP addresses. For easier reading, you can use the built-in DNS resolution to convert the IP addresses to DNS names. All reports can be printed or saved to PDF or RTF format for sharing and future viewing.
Advanced Policy Provisioning
The Cisco IPS policy provisioning table allows you to quickly and easily define your network security policy based on Risk Rating, an innovative Cisco feature that quantifies the level of risk of each event. Different policy actions can be assigned to different Risk Rating ranges. You want the IPS to drop packets from events with high Risk Ratings and to alert you about events with medium Risk Ratings. You can also create exceptions to your policy using the policy exception table.
Tight Integration between Application Functions
Tight integration between different application functions within Cisco IPS Manager Express shortens threat response time. With one click, for each event, you can link from the event viewer to the policy table or to the signature table. When you link from the event viewer to the policy table, you will see prepopulated event information. This powerful linkage simplifies policy provisioning and reduces chances of mistakes. One-click block allows you to stop an attack directly from the event viewer.
Intuitive Startup Wizard
The Cisco IPS Manager Express Startup Wizard simplifies IPS sensor setup and reduces deployment time. It provides step-by-step instructions on how to set up an IPS sensor, whether the sensor is a Cisco IPS 4200 Series appliance or an IPS module on a Cisco ASA 5500 Series appliance. With the Cisco IPS Manager Express Startup Wizard, you can set up a fully functional IPS sensor in minutes.
Feature Specifications
Table 1 describes supported features, Table 2 describes minimum system requirements, and Table 3 describes supported IPS sensors and IPS sensor software.
Table 1. Supported Features
Features
Feature Description
IPS Sensors*
Cisco IOS IPS
Homepage
Five-Sensor Dashboard View
Five-sensor dashboard view of primary sensor statistics, including CPU utilization, memory utilization, IP address, sensor health status, and license expiration for easy at-a-glance viewing.
Yes
No
Sensor Health Meter
An intuitive trilevel (red, yellow, green) meter of sensor health provides at-a-glance view of health of each sensor. Adjustable thresholds on each of six customizable parameters allow user to customize meter to organization's needs.
Yes
No
Security Health Meter
An intuitive trilevel (red, yellow, green) meter of network security health-based Threat Rating. Adjustable thresholds allow user to customize meter to organization's needs.
Yes
No
Customizable Dashboards
Health and Real-Time Traffic Gadgets
Drop-and-drop gadgets for at-a-glance view of sensor health statistics and real-time traffic statistics.
• Sensor information:
• Sensor health
• Sensor information
• CPU, memory, disk, and sensor load
• Licensing information
• Interface status
• Real-time traffic statistics:
• Top applications
• Network security
Yes
No
Event Statistics and Security News Gadgets
Drag-and-drop gadgets for at-a-glance view of event statistics and security news.
• Event statistics:
• Top attackers
• Top victims
• Top signatures
• Attacks over time
• Security news:
• RSS feeds
Yes
Yes
Customizable Gadgets
Customizable graphs (pie chart, bar chart, table) and time intervals for personalization and ease of troubleshooting.
Yes
Yes
Minimize Gadgets
Gadgets can be minimized to save dashboard space.
Yes
Yes
Multiple Dashboard Views
Multiple dashboard views for customization and flexible viewing.
Yes
Yes
Saved Dashboard Views
Saved dashboard views allow you to see same view next time you start Cisco IPS Manager Express.
Yes
Yes
Event Viewer
Real-Time Event Viewer
Real-time event viewer for real-time event monitoring.
Yes
Yes
Real-Time Event Viewer Pause
User can pause and scroll forward and backward for analysis and troubleshooting.
Yes
Yes
Historical Event Viewer
User can view events for specified time intervals (date and time) for analysis and troubleshooting.
Yes
Yes
Event Coloring
Powerful event coloring (by signature, severity, attacker/victim IP address, victim port, Risk Rating, Threat Rating, virtual sensor, sensor) for improved analysis and troubleshooting.
Yes
Yes
Event Filtering
Powerful event filtering (by signature, severity, attacker/victim IP address, victim port, Risk Rating, Threat Rating, virtual sensor, sensor) for simplified analysis and troubleshooting.
Yes
Yes
Multilevel Event Grouping
Powerful multilevel event grouping (by signature, severity, attacker/victim IP address, Risk Rating, Threat Rating, sensor) for simplified analysis and troubleshooting.
Yes
Yes
Drag-and-Drop Columns
Drag-and-drop columns allow easy column reordering and customized views.
Yes
Yes
Multicolumn Sort
Columns can be sorted alphanumerically for easy viewing on multiple columns.
Yes
Yes
Customizable Views
User can create and save customized event views (including filter, color, group settings, and column arrangements) for simplified analysis and troubleshooting.
Yes
Yes
Inline Packet Decode
Under Event Details, user can see inline packet decode for troubleshooting and forensics.
Yes
Yes
Ethereal Integration Support
Cisco IPS Manager Express can integrate Wireshark Ethereal for advanced troubleshooting and forensics.
Yes
Yes
Dynamic Linkages to Cisco Security Center
Under Event Details, user can view event information based on data from Cisco Security Center for simplified analysis and troubleshooting.
Yes
Yes
Dynamic Event Linkages to Policy Table
Dynamic event linkages to policy table allow easy creation of policy exceptions and simplified provisioning.
Yes
No
Dynamic Linkages to Signature Table
Dynamic event linkages to signature table simplify signature tuning.
Yes
No
One-Click Block/Deny
User can, at click of a button on the event viewer, block or deny attacker packets for immediate threat prevention.
Yes
No
Integrated Network Tools
Network tools, including ping, trace-route, DNS lookup, and whois, are integrated into event viewer for simplified analysis and troubleshooting.
Yes
Yes
Event Incident Handling
Event incident handling settings help you simplify your incident handling process. You can assign incident handling settings (assigned, acknowledged, closed) to events, filter events based on these settings, and create notes for each event.
Yes
Yes
Event Save and Export
Save all events or selected events to HTML or CSV for further analysis or record keeping. Events can be exported from Cisco IPS Manager Express for sharing and record keeping.
Yes
Yes
Events per Second (EPS) Meter
EPS gives you an indication of the number of events Cisco IPS Manager Express is processing per second. User can also view EPS per sensor.
Yes
Yes
E-mail Notification
E-mail notification keeps you informed about threats when you are away. You can specify e-mail notification intervals and events you would like to receive. Events can be filtered based on severity and Risk Rating.
Yes
Yes
Data Archive
On-box data archive with customizable archive schedule allows faster data analysis.
Yes
Yes
Configuration
Policy Provisioning
User provisions policies based on Risk Rating. IPS actions are assigned to different Risk Rating ranges.
Yes
No
Policy Exceptions
User provisions policy exceptions based on Risk Rating, attacker IP address/port, victim IP address/port, and signature.
Yes
No
Anomaly Detection Provisioning
User can set up sensor to send alerts upon abnormal network behavior. Cisco anomaly detection provides day-zero attack protection.
Yes
No
Signature Provisioning
Signature Action Assignment
You can choose from 14 actions to assign to signatures. These action include deny packets and alert.
Yes
No
Signature Enable And Disable
You can enable and disable signatures based on your requirements.
Yes
No
Auto-Signature Updates
Sensor automatically retrieves and applies new signature updates at user-specified time for enhanced security and ease of deployment.
Yes
No
Signature Wizard
Signature wizard provide step-by-step guide of creating custom signatures
Yes
No
Signature Filtering
Intuitive signature filtering (by signature, severity, fidelity, Risk Rating, and action) for simplified signature provisioning.
Yes
No
Drag-and-drop columns
Drag-and-drop columns allow easy column reordering and customized views.
Yes
No
Column sort
Columns can be sorted alphanumerically for easy viewing.
Yes
No
Signature export
Signature export allows you to export signature tables to comma separated variable (CSV) or HTML.
Yes
No
Reporting
Predefined Report Templates
More than 10 predefined report templates for easy report generation. Predefined report templates include top 10 attacker last 1 hour, top 10 victims last 1 hour, and attacks over last 1 hour.
Yes
Yes
Customizable Reports
User can create customized reports based on specified time frame and filter criteria such as attacker IP address, victim IP address, victim port, signature, Risk Rating, Threat Rating, signature, and action taken.
Yes
Yes
Customizable Graphs
User can specify graph types (pie chart or bar graph) for personalized reporting.
Yes
Yes
Report Save
User can save report to PDF or RTF format for compliance reporting or record keeping.
Yes
Yes
Setup and Help
Startup Wizard
Intuitive Startup Wizard provides step-by-step instructions on setting up an IPS, including network settings, time setting, and interface configuration.
Yes
No
Administrator Password Requirements
User can specify minimum administrator password requirements, including number of attempts, minimum number of characters, minimum character types, and number of historical passwords.
Yes
No
Video Help
Video help provides visual step-by-step guide on using primary features in Cisco IPS Manager Express.
Yes
Yes
*Only supported in the IPS sensors listed in Table 3.
Table 2. Minimum System Requirements
Component
Minimum Requirements
System Hardware
• IBM PC-compatible 2-GHz or faster processor
• Color monitor with at least 1024x768 resolution and a video card capable of 16-bit colors
Hard Drive
• 100 GB
Memory (RAM)
• 2 GB
Supported Operating Systems
• Windows Vista Business and Ultimate (32-bit only)
• Windows XP Professional (32-bit only)
• Windows 2003 server
Note: Cisco IPS Manager Express supports only the 32-bit U.S. English version of Windows.
Table 3. Supported IPS Sensors and IPS sensor software
IPS Sensor
IPS Sensor software
IPS Manager Express (IME)
• Cisco IPS 4240, 4255, 4260, 4270
• Security Services Module 10, 20, and 40 (AIP-SSM-10, AIP-SSM-20, and AIP-SSM-40)
• Cisco IPS Advanced Integration Module (AIM)
• Cisco Catalyst® 6500 Series Intrusion Detection System (IDSM-2) Services Module
