|
Intrusion Detection Systems from Sourcefire
Armana Security are partners of Sourcefire. To discuss your intrusion detection system requirements with one of our consultants, please
call 01344 780000 or complete our online form.
Securing Real Networks in Real Time
Perimeter defences alone are no longer enough to
secure your network. An abundance of mobile devices,
laptops, wireless networks, PDAs, outsourcing, even
offshore partnerships – all these multiple entry
points to the network represent another opportunity
for compromise.
Today, the realities of a dissolving perimeter and
the limitations of traditional intrusion detection systems (IDS) and intrusion prevention
systems (IPS) are driving organizations to recast
their network security paradigms and embrace a new,
more effective approach.
Sourcefire’s ground-breaking 3D approach – Discover,
Determine, Defend – is the first and only
comprehensive intelligent network defence system
that unifies intrusion and vulnerability management
technologies to provide customers with the most
effective, real-time network security for today’s
real world challenges.
Sourcefire’s 3D approach is a fully integrated,
real-time process of discovering risks,
vulnerabilities and threats; determining their
business impact; and taking the most precise,
appropriate action to defend the network.
With the Sourcefire 3D approach, customers are able
to more easily access the condition of the network
in real-time … update and enforce policies … monitor
and manage vulnerabilities … and respond quickly to
security threats based on priorities.
The Sourcefire 3D System , including Sourcefire
Intrusion Sensors and Agents, Sourcefire RNA Sensors
and the Sourcefire Defense Center, offers the most
all-around effective security available. In fact,
all Sourcefire appliances are Plug-n-Protect™ for
the lowest total cost of ownership. Each appliance
includes hardware, software, operating system and
database – pre-installed for ease of deployment,
tuned for peak performance, and self-maintaining for
low overhead.
Sourcefire Intrusion Sensors
Built on the legacy of the open source Snort®
rules-based detection engine, Sourcefire Intrusion
Sensors use a powerful combination of signature,
protocol, and anomaly-based inspection methods to
achieve the maximum attack detection and prevention
capability.
Every aspect of the sensor can be configured and
customized to ensure that users detect and prevent
the events most important to them. Flexibility in
the rules language and the numerous configuration
options (port density, interface types, deployment
modes for example) allow users to easily define new
ways to identify and prevent threats and enforce
policies specific to their individual environment.
Sourcefire RNA Sensors™
Using a revolutionary combination of passive network
discovery, behavioral profiling and integrated
vulnerability management technologies, Sourcefire
RNA (Real-time Network Awareness™) Sensors provide
the most comprehensive view of security events, and
the ideal basis for the most effective network
defense.
RNA Sensors continually monitor all network assets,
(servers, routers, PC’s, firewalls, wireless access
points) presenting a real-time view and
highly-detailed profiles of all network assets
including their configuration, behavior, potential
vulnerabilities, and associated changes.
This degree of insight and intelligence not only
allows organizations to protect their networks with
more confidence; it greatly reduces the ongoing
costs associated with managing and responding to
network threats.
Sourcefire Intrusion Agents
Sourcefire Intrusion Agents for Snort allow open
source Snort users to benefit from the Sourcefire 3D
approach while protecting and maximizing their
investment in open source Snort deployments. All the
intrusion event information from Snort sensors can
be aggregated directly into the Sourcefire Defense
Center with data from both Sourcefire Intrusion
Sensors and Sourcefire RNA Sensors to trigger the
ABC’s of Defense -- Alert, Block and Correct.
The Sourcefire Defense Center – The Heart of the
3D System
By closely integrating and correlating the threat
information provided by Sourcefire Intrusion Sensors
and Agents with the network intelligence provided by
Sourcefire RNA Sensors, the Sourcefire Defense
Center prioritizes the millions of security events
to determine the most critical events to an
organization’s business, and takes the appropriate
actions.
These actions allow users to leverage the ABCs of
Defense – Alert, Block, and Correct -- all in
real-time, against all network threats.
| |
 |
Alert.
Automated warnings to individuals or other
management systems via SYSLOG, email, SNMP
traps, etc. ensure attack warnings are
rapidly addressed.
|
| |
|
Block.
Critical threats are not only blocked, but
actually contained or quarantined via
techniques including dropping traffic,
disrupting sessions between devices, and
integrating with access control devices such
as firewalls, routers and switches.
|
| |
|
Correct.
New vulnerabilities and threats can be
automatically mitigated by integrating with
patch or configuration management systems to
apply configuration or code changes to
eliminate possible exploitation.
|
This high level of contextual intelligence allows
customers to determine why a change occurred,
whether an attack poses a serious threat to a
target, and how to best prioritise and shape the
response.
The Sourcefire Defense Center allows security
administrators to more effectively secure their
networks by providing:
| |
|
A single,
central point of administration analysis and
reporting |
| |
|
Rapid response
to potential attacks according to the ABC’s
of Defence |
| |
|
More
consistent management and enforcement of
security policies and compliance
requirements |
|
|
 |
