Sourcefire Launches First-Ever Adaptive IPS

Sourcefire announces general availability of Sourcefire 3D System 4.7

Dark Reading Staff, Dark Reading

September 17, 2007

4 Min Read

COLUMBIA, Md. -- Open source innovator and SNORT ® creator, Sourcefire, Inc. (Nasdaq: FIRE), today announced the availability of the Sourcefire 3D™ System version 4.7 release, affording customers with the industry’s first-ever Adaptive IPS. While traditional IPS vendors have subscribed to a “one size fits all” model, the 3D System 4.7 release sets Sourcefire apart, enabling customers to optimize the security and performance of their IPS systems based on the actual network assets they are protecting.

Sourcefire is also announcing the general availability of two other new products—Sourcefire RUA™ (Real-time User Awareness), which links user identity to security and compliance events, and Sourcefire NetFlow Analysis, which extends the reach of Sourcefire’s Network Behavior Analysis (NBA) solution to corners of the network where Sourcefire RNA™ (Real-time Network Awareness) Sensors do not exist.

The 3D System 4.7 release encompasses over 30 new and improved capabilities, including:

  • RNA-Recommended Rules – A key component of Sourcefire’s Adaptive IPS strategy, RNA can now recommend which Snort IPS rules to enable and disable based on actual network assets protected

  • Sourcefire RUA™ (Real-time User Awareness) – Links Active Directory and LDAP users to security and compliance events, enabling customers to resolve incidents more quickly when time is of the essence

  • Sourcefire NetFlow Analysis – Extends Sourcefire’s NBA capabilities by aggregating and analyzing NetFlow traffic on network segments where Sourcefire RNA Sensors do not currently exist

  • Nmap® Integration – The popular open source scanning tool from Insecure.Org is now integrated within the Sourcefire 3D System, extending Sourcefire’s ability to collect endpoint intelligence for Impact Flag and compliance assessment

  • Host Input API – Ability to integrate a variety of third-party active scanning, patch management and vulnerability assessment solutions into the Sourcefire 3D System

  • Custom Service Detection – Sourcefire customers can create custom service “fingerprints” to leverage RNA to detect virtually any network service

  • Usability and Performance Enhancements – Includes new setup wizard, latency thresholding, improved compliance reporting and more

Sourcefire’s new Adaptive IPS technology provides users with increased network protection by leveraging endpoint intelligence aggregated by Sourcefire RNA, Nessus, Nmap and other endpoint intelligence solutions to propose Snort IPS rules to enable and/or disable based on the actual assets protected on the network. RNA-Recommended Rules can be generated on an ad-hoc or scheduled basis. RNA’s recommendations can be manually approved or implemented without human intervention. For the first time, IPS technology can actually “adapt” to the network it is protecting, thus maximizing security, minimizing false positives and negatives, and optimizing IPS hardware resources.

Sourcefire RUA, announced by Sourcefire earlier this year, is also now available, enabling customers to link user identity to security and compliance events. RUA leverages existing investments in Active Directory or LDAP systems by pairing usernames with host IP addresses involved in security and compliance events. Additional user attributes—including first name, last name, email address, phone number and department—are also available at your fingertips. Now security and compliance events can be addressed quicker than ever, when time is of the essence.

Strengthening Sourcefire’s position as a leading NBA provider, the Sourcefire 3D System now aggregates NetFlow data, extending the reach of Sourcefire’s NBA solution to corners of the network where Sourcefire RNA Sensors don’t currently exist. The combination of RNA and NetFlow data provides customers with the ability to baseline “normal” network traffic across the enterprise, enabling security analysts to detect suspicious deviations (i.e., worm propagation) from established baselines. Further, the ability to analyze NetFlow also provides network managers with the network usage intelligence required to identify performance bottlenecks and/or areas of the network where too much bandwidth has been allocated.

“The Sourcefire 3D System 4.7 release is our largest product release yet, significantly expanding the capabilities of our IPS and NBA Enterprise Threat Management (ETM) solutions,” said Martin Roesch, CTO and Founder of Sourcefire. “Sourcefire has a strong history of innovation and we are again stepping out in front of the competition with our new Adaptive IPS technology and our new Sourcefire RUA and Sourcefire NetFlow Analysis products. These new capabilities, combined with our tightly integrated management framework, afford Sourcefire customers with unparalleled protection against both internal and external threats.”

Sourcefire Inc. (Nasdaq: FIRE)

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights