Cisco Secure IPS (NGIPS)
Intrusion detection and prevention systems (IDPS)
Network security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Cisco Secure IPS (NGIPS) and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Information technology and software
- Banking and insurance
- Media and communications
What is Cisco Secure IPS (NGIPS)
Cisco Secure IPS (NGIPS) is a network-based intrusion prevention system designed to detect and block malicious traffic using signature-based detection, protocol analysis, and contextual information. It is typically deployed at network perimeters or internal segments to protect enterprise networks and data centers. The product is commonly managed through Cisco’s security management tooling and integrates with Cisco threat intelligence and other Cisco security controls. It is used by network and security teams that need inline prevention and policy-based control over network traffic.
Cisco ecosystem integrations
Cisco Secure IPS (NGIPS) integrates with Cisco security products and services for centralized policy, event handling, and threat intelligence enrichment. This can simplify operations for organizations standardized on Cisco networking and security platforms. Integration can also support coordinated response workflows across network controls. These capabilities are most effective when the broader Cisco stack is in use.
Inline prevention for network traffic
The product supports inline deployment to actively block exploits, malware callbacks, and policy violations at the network layer. This fits environments that require prevention rather than passive monitoring. It can be applied at key choke points (internet edge, data center, segmentation boundaries) to reduce exposure across many hosts. It complements endpoint-focused controls by enforcing network-level protections.
Granular policy and inspection
The solution provides configurable intrusion policies, application/protocol inspection, and rule tuning to match different network segments and risk profiles. This helps teams balance security coverage with acceptable latency and false-positive rates. It supports use cases such as protecting exposed services, monitoring east-west traffic, and enforcing segmentation policies. The policy model is oriented toward network security engineering workflows.
Operational tuning and upkeep
Like many NGIPS tools, it typically requires ongoing tuning to manage false positives and align signatures with the organization’s applications and traffic patterns. Signature and policy maintenance can be resource-intensive for small teams. Changes often need testing to avoid unintended blocking of business traffic. Organizations without dedicated network security engineering capacity may find day-to-day upkeep challenging.
Hardware and throughput planning
Inline IPS deployments require careful sizing to meet throughput and latency requirements, especially for encrypted traffic and high-bandwidth links. Performance depends on inspection depth and enabled features, which can constrain headroom. Scaling may require additional appliances or redesigning traffic paths. This can increase cost and deployment complexity compared with purely out-of-band monitoring approaches.
Encrypted traffic visibility limits
As network traffic shifts to TLS, inspection effectiveness can be reduced without decryption capabilities or complementary telemetry sources. Implementing TLS decryption introduces additional infrastructure, certificate management, and privacy considerations. Without decryption, detection relies more heavily on metadata and known indicators rather than full payload inspection. This can limit efficacy for some modern attack techniques that operate over encrypted channels.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Base / Control (Core NGIPS capabilities) | Not published on Cisco site — contact Cisco/partner for pricing | Classic NGIPS base/control functionality is licensed as device- or module-based Classic licenses (see Cisco Network Security Ordering Guide). Requires appropriate hardware/virtual PID. Subscriptions available in 1‑, 3‑, and 5‑year terms. cite |
| Protection (Threat / IPS) subscription ("T") | Not published on Cisco site — contact Cisco/partner for pricing | Threat (Security Intelligence + IPS) subscription required to enable IPS and Security Intelligence features; sold as 1, 3, or 5 year subscriptions (Threat = "T"). Part numbers and subscription PIDs listed in the Ordering Guide. cite |
| Malware (AMP / M) subscription | Not published on Cisco site — contact Cisco/partner for pricing | Optional AMP (Malware defense) subscription; requires Threat/IPS subscription as prerequisite for some platforms. 1, 3, 5 year terms. PIDs in ordering guide / datasheets. cite |
| URL Filtering (C) subscription | Not published on Cisco site — contact Cisco/partner for pricing | Optional URL/category filtering subscription; often bundled as TAC/TAMC/etc. 1, 3, 5 year terms. PIDs listed in ordering guide. cite |
| Hardware / Appliance bundles (e.g., Firepower 2100/4100/9300 with NGIPS image) | Not published as public list prices on Cisco site — contact Cisco/partner for pricing | Ordering guide lists appliance bundle part numbers (e.g., FPR2130-BUN, FPR4115-BUN, FPR9K-FTD-BUN) and shows which bundles support NGIPS/IPS—prices are not shown; Cisco directs customers to Cisco Commerce/partners for pricing. Subscription add‑ons are chosen during ordering. cite |
| Virtual NGIPS (NGIPSv / FirePOWER virtual) subscriptions and SKUs | Not published on Cisco site — contact Cisco/partner for pricing | Virtual appliance SKUs and subscription PIDs are listed (e.g., FP-VMW-IPS-BUN and FP-VMW-TA-1Y etc.), with 1/3/5 year subscription options; no public USD list prices on product pages/ordering guide. cite |
Notes:
- Cisco publicly lists part numbers (PIDs) and subscription terms on official product datasheets and the Cisco Network Security Ordering Guide, but does not publish public USD list prices for NGIPS subscriptions and appliance bundles on those pages; Cisco directs buyers to Cisco Commerce or Cisco partners for pricing/quotes. cite
Seller details
Cisco Systems, Inc.
San Jose, California, USA
1984
Public
https://www.cisco.com/
https://x.com/Cisco
https://www.linkedin.com/company/cisco/
