| |
The Sourcefire
3D System
Discover. Determine. Defend.
Single-product defences alone are no longer enough to secure your
network. Threats are growing in number and sophistication. Attackers
are launching more attacks designed to bring corporate networks down
or to steal customer or corporate proprietary information. Mobile
devices, laptops, wireless networks, partner networks and PDAs are
all potential points of entry.
As the quantity and severity of threats increase, and as new
regulatory compliance requirements are introduced, IT budgets are
growing rapidly year after year. In response, organizations are
faced with purchasing a myriad of point products that don't share
intelligence and don't see all the assets on a network.
Today, the limitations of traditional single-product solutions are
driving organizations to embrace a new, more effective methodology.
Sourcefire's ground-breaking 3D approach – Discover, Determine,
Defend – is the first and only Enterprise Threat Management (ETM)
solution that unifies IPS, NBA, NAC and vulnerability assessment
technologies to provide customers with the most effective, real-time
network security for today's real world challenges.
Discover threat, network and asset information using Sourcefire IPS™
and Sourcefire RNA™. Sourcefire IPS uses the industry standard SNORT
vulnerability-based detection engine to bring the benefits of
signature, protocol, and anomaly-based inspection methods to your
network at speeds up to 8 gigabits per second. Sourcefire RNA
passively monitors your network to deliver highly detailed,
real-time profiles of your network assets, including their
configuration, behaviour, potential vulnerabilities, and associated
changes.
Determine policy violations, the impact of security events and the
appropriate response. By correlating threat information provided by
Sourcefire IPS appliances and Intrusion Agents with endpoint and
network information provided by RNA, the Defense Center prioritizes
security events to determine the most critical events to your
business enabling you to take appropriate action.
Defend your network assets. The 3D System gives users the capability
to defend their networks before attacks by proactively patching
discovered vulnerabilities, during attacks by blocking, and after
attacks have occurred by remediation to other devices to minimize
damage.
Sourcefire IPS
Sourcefire IPS provides vulnerability-based intrusion prevention
built on the foundation of Snort®, the world's most popular
intrusion prevention software. Sourcefire IPS uses a rules-based
language—a powerful combination of signature, protocol, and
anomaly-based inspection methods—to examine packets for attacks.
Attacks protected against include worms, Trojans, port scans, buffer
overflow attacks, spyware, Voice Over IP (VoIP) attacks, IPv6
attacks, protocol anomalies, malformed traffic, invalid headers,
denial of service attacks, and zero-day attacks. The Snort rules
language is the industry standard, used by a community of hundreds
of thousands of security practitioners. Unlike competing systems,
Sourcefire IPS allows users to create, edit, and view detection
rules, and full packet payloads are logged for every event so users
can see exactly what threatening traffic has been detected.
Sourcefire IPS can block threats directly and stop attackers by
integrating with access control devices such as firewalls, routers,
and switches. With inline or passive deployment options, line speeds
from five megabits per second (Mbps) to eight gigabits per second (Gbps)
and fully redundant configurations, Sourcefire IPS appliances are
architected to meet your network's needs.
Sourcefire RNA
Sourcefire RNA is a strategic component to Sourcefire's ETM value
proposition. RNA provides native NBA, NAC and Vulnerability
Assessment capabilities, affording the Sourcefire 3D System with
valuable threat, endpoint and network intelligence. RNA provides an
always-on, real-time view of what is transpiring in a user's
network. By listening, RNA assembles a database of network assets,
their operating systems, services and communicating applications—and
identifies potential vulnerabilities on these devices. Unlike
competitors' approaches, RNA's passive endpoint discovery requires
no agent installations or potentially destructive scans, although
RNA can leverage the power of targeted active scanning to find even
more detailed information about hosts. RNA can use this information
to determine whether the services, operating systems, and
applications that endpoints are running are compliant with
organizational policy. RNA also monitors communications behavior
among endpoints on a network, baselining traffic, watching for
deviances from typical traffic levels or connection patterns, and
alerting administrators to these changes. The contextual information
provided by RNA not only allows organizations to protect their
networks with more confidence, but also reduces the ongoing costs
associated with managing and responding to network threats.
Sourcefire Intrusion Agent for Snort
Sourcefire Intrusion Agents allow users of open-source Snort sensors
to gain many of the benefits available with the Sourcefire 3D
System, including impact flags for intelligent prioritization of
threat events against network and business risks. Intrusion Agents
are available for Linux and Solaris.
Sourcefire Defense Center
Sourcefire Defense Center is the nerve center of the Sourcefire 3D
system. Defense Center unifies critical network security functions
including event monitoring, correlation, and prioritization for
forensic analysis, trends analysis, and management reporting. The
highly effective user interfaces have been designed by security
analysts for security analysts with an intuitive lay-out and
presentation, and user-definable workflows. Defense Center has an
open architecture which allows it to interface with existing
management consoles, such as IBM Tivoli and HP OpenView. Using
Defense Center, customers can control multiple 3D Sensors from a
single management console and combine security and compliance event
data from IPS, RNA and open source Snort to get the most
comprehensive view of event activity on their networks.
By discovering security and network information, determining its
business impact, and defending networks before, during, and after
the attack, the Sourcefire 3D System fully addresses the enterprise
threat management challenge.
|
|
|
|
