Cisco Catalyst 2940 Series Manual page 40

Modular Switches: Cisco Catalyst 6500 Series
Traffic Anomaly Detector Services Module
This module helps large organizations protect
against distributed denial-of-service (DDoS) or
other cyber attacks, enabling users to quickly
initiate mitigation services and block the attack
before business is adversely affected. It utilizes the
latest behavioral analysis and attack recognition
technology to proactively detect and identify all
types of cyber assaults.
• Monitors and processes attack traffic at full
Gigabit line rates, delivering a high-performance
solution that detects DDoS attacks without
consuming valuable switch or router resources.
• Identifies and blocks all types and sizes of
assaults, including those launched by hundreds
of thousands of distributed zombie hosts,
providing complete protection against the widest
range of attacks.
Anomaly Guard Services Module
This module mitigates DDoS and other cyber
attacks. It effectively stops the DDoS attack
while allowing legitimate traffic to continue to
its destination, thereby maintaining continuous
business operations.
• Monitors and processes attack traffic at full
Gigabit line rates, delivering a high-performance
solution that detects DDoS attacks without
consuming valuable switch or router resources.
• Multi-verification process (MVP) architecture
utilizes advanced anomaly recognition, source
verification and anti-spoofing technologies to
identify and block individual attack flows without
affecting legitimate transactions.
Intrusion Detection Services Module (IDSM-2)
This module helps detect, classify, and stop
threats including worms, spyware/adware, network
viruses, and application abuse. The Cisco IDSM-2
combines inline prevention services with innovative
technologies that improve accuracy, allowing you
to stop more threats without dropping legitimate
network traffic.
• Accurate inline prevention technologies offer
intelligent, automated, contextual analysis of your
data and help ensure you are getting the most
out of your intrusion prevention solution.
• Offers 600 Mbps performance per module,
providing the high bandwidth detection
capabilities required for larger networks.
74
• Scales through clustering in a single chassis to
support multi-gigabit performance, providing
maximum protection for the largest enterprise
and service provider environments or for
individual vulnerable zones.
• Automatic learning builds baseline profiles of
normal operating conditions, enabling rapid
identification of anomalous or unusual activity
that indicates an attack.
• Supports real-time monitoring of individual
devices and protected zones with web-based
graphical manager, as well as historical attack-
level reports showing specific attack types seen
and associated statistics.
• Dynamic diversion redirects and cleans only
traffic destined for targeted devices, allowing
unaffected traffic to flow freely and ensuring
business continuity.
• Automatic learning builds baseline profiles of
normal operating conditions, enabling rapid
identification of anomalous or unusual activity
that indicates an attack.
• Identifies and blocks all types and sizes of
assaults, including those launched by hundreds
of thousands of distributed zombie hosts,
providing complete protection against the widest
range of attacks.
• Multivector threat identification protects your
network from policy violations, vulnerability
exploitations, and anomalous activity through
detailed inspection of traffic in Layers 2–7.
• Unique network collaboration enhances
scalability and resiliency through network
collaboration, including efficient traffic capture
techniques, load-balancing capabilities, and
visibility into encrypted traffic.
IPSec VPN Shared Port Adapter
This module delivers scalable and cost-effective
VPN performance with Data Encryption Standard
(DES), Triple Data Encryption Standard (3DES), plus
next-generation Advanced Encryption Standard
(AES) technology, including all key sizes (128-, 192-,
and 256-bit keys) for ultimate in IPSec VPN security
and interoperability.
• Provides up to 2.5 Gbps of AES and 3DES IPSec
throughput with large packets and 1.6 Gbps with
Internet mix (IMIX) traffic.
Network Analysis Module
This module provides traffic monitoring services for
visibility into network and application usage, helping
network managers troubleshoot delivery issues,
improve the utilization of network resources, and
ease the deployment of new network services. The
NAM is available in two hardware versions, NAM-1
and NAM-2, to meet diverse network analysis needs
in scalable switching environments.
• Includes an embedded, web-accessible
Traffic Analyzer interface that presents both
configuration menus and real-time and historical
reports.
SSL Services Module
This module offloads processor-intensive tasks
related to securing traffic with Secure Sockets
Layer (SSL), increases the number of secure
connections supported by a web site, and reduces
the operational complexity of high performance
web server farms.
• Ensures high availability when installed in a
redundant Cisco Catalyst 6500 configuration,
maintaining SSL sessions if hardware failures
occur.
• Simplifies security management while
encrypting user data to the web servers,
providing privacy, confidentiality, and
authentication using a wide range of certificates,
including Netscape and VeriSign.
• Up to 10 Cisco IPSec VPN SPAs can be
installed in a system, scaling to 25 Gbps of total
throughput for wire-speed security transport for
native 10 Gigabit Ethernet (10GbE) interfaces.
• Using the Cisco Services SPA Carrier-400,
each slot of the Cisco Catalyst 6500 supports
up to two IPSec VPN SPAs, increasing total
performance per slot.
• Provides visibility into what applications
are running on the network and how they're
performing, tracking response times and
identifying whether issues are server- or
network-related.
• Offers web-based captures and decodes for
anytime, anywhere troubleshooting.
• Analyzes the performance of IP-based services,
including VoIP, video, and QoS.
• An integrated Content Switching Module or
external load-balancing appliance can load
balance secure HTTPS content requests
to multiple Cisco SSL services modules,
maximizing SSL termination performance and
providing SSL scalability.
• Provides the best price/performance ratio of
any SSL accelerator on the market. Cost of
maintenance is included in the maintenance
contract of the Cisco Catalyst chassis, providing
cost savings on annual service contracts. And
by offloading the processing-intensive SSL
termination burden from the web servers, the
SSL Service Module eliminates the need to
purchase additional servers.
75 75