sourcefire product overviewcyber-edge.com/wp-content/uploads/2016/08/sourcefire... · 2016. 8....

Discover. Determine. Defend.

SOURCEFIRE PRODUCT OVERVIEW

Sourcef i re 3D System

Security for the real world.

Threat Intelligence

Snort—the de facto standardfor intrusion prevention

Sourcefire VulnerabilityResearch Team (VRT) —seasoned industry expertsproviding coverage inadvance of actual threats

Detect and prevent spyware,worms, attacks, DoS, andmore

Endpoint Intelligence

Passive asset discovery

Targeted active scanning

Asset-based businesscontext

Network Intelligence

Comprehensive andpersistent network discovery

Network Behavior AnomalyDetection (NBAD)

Network flow analysis

Discover


NETWORK SECURITY TODAY: DAUNTING, FRUSTRATING, ANDNEVER-ENDING

You have made quite an investment into firewall technology, antivirus packages, securitysoftware, staff, and consultants. Yet even with your best efforts, security breachescontinue to threaten your revenue, reputation, and ability to adhere to regulations.Detecting and responding to attacks just at the perimeter is no longer effective orsufficient.

How can you confidently and proactively protect all networks, systems, applications,data, and entry points—short of blocking all traffic?

You need a multi-layered, integrated process that will help you protect against threatsacross all vectors, all the time, in real-time.

You need the Sourcefire 3D System.

DDeessppiittee tthhee ffaacctt tthhaatt mmoorree tthhaann $$2200 bbiilllliioonn wwaass ssppeenntt oonn sseeccuurriittyy pprroodduuccttss oovveerr tthhee llaasstt yyeeaarr,, tthhee tthhrreeaattssaanndd vvuullnneerraabbiilliittiieess kkeeeepp ccoommiinngg –– jjuusstt aaddddiinngg aannootthheerr ppaattcchh wwoonn’’tt eennssuurree nneettwwoorrkk pprrootteeccttiioonn..

2

We are committed to makingsure our products andtechnology remain on theleading edge and protect all ofyour online assets and networkentry points all the time.Validating our commitment,various industry organizationshave given us numerousawards, certifications, andrecognition for our innovationand capabilities.

One award, the NSS Goldaward, has only been presented four other timesbefore Sourcefire.

Staying Ahead


REV. 1 | 12.2004

TRUE, UNIFIED, INTRUSION PREVENTION

With the Sourcefire 3D System, all of your security applications and technologies finallywork together and benefit from each other’s capabilities. You have a common frameworkfor decision making and collaborative security functionality that uses rules andautomation—24 hours a day, seven days a week. The Sourcefire 3D System bringstogether policy, behavior, rules, technology, and automation to complement the seven-step process advocated by Gartner for true, unified, intrusion prevention:

Policy definition—asset inventory policies, port/protocol policies, security configuration policiesAt this stage, the Sourcefire 3D System helps you define IT security policies basedon business needs and required access to applications, files, IP addresses,protocols, services, and more.

Baseline/discovery—endpoint intelligence, Network Behavior Anomaly Detection (NBAD)Here, the Sourcefire 3D System discovers context and endpoint intelligence aboutnetwork components, eliminating ambiguity and dangerous assumptions so that youbenefit from more accurate blocking decisions.

Policy enforcement—block all services not explicitly allowedBased on user-defined policies, the Sourcefire 3D System knows which protocolsand services to allow or block. Updates to the IT infrastructure are implementedthrough change management processes.

Inspection—defragmentation, reassemblyThe Sourcefire 3D System goes beyond inspection at the network perimeter withblocking decisions that can be automated—enabling inspection across theenterprise and at the core of the network seamlessly and simultaneously. Its focusat this stage includes behavioral and anomaly analysis so that suspicious targetedand internal activity can be logged, alarmed, or blocked based on its relative threatto your organization.

Threat blocking—signature match, protocol analysis, anomaly detection, behavior analysisAt this step, the Sourcefire 3D System will contain, quarantine, or block criticalthreats via a myriad of techniques including dropping traffic, disrupting sessionsbetween devices, replacing malicious content with benign content, and integratingwith network devices such as firewalls, routers, and switches.

Management—device management, vulnerability management, compliance managementThe Sourcefire 3D System makes it easy to manage rule sets, filters, softwareupdates, configurations, and changes in users, applications, and usage. Much of thepolicy and configuration information comes from the system’s vulnerabilitymanagement process.

Monitoring—alerts, log events, QoS/ShapingDuring this last step, the Sourcefire 3D System collects and logs data on attacksand blocking actions. You should be using this data to intervene, report trends, andfine tune the overall process and policies.

For the first time, you can enjoy true intrusion prevention across your highly switchedinternal networks, as well as at the perimeter.

3

"The full 3D System is the mostcomprehensive IPS on themarket. Five out of five stars forDocumentation, Ease of Use,Features, Performance,Support, Value for Money, andOverall rating. Our Best BuyAward goes to Sourcefire.”

SC Magazine


THE SOURCEFIRE 3D SYSTEM: DISCOVER, DETERMINE, AND DEFEND

With the Sourcefire 3D System you will:

Discover risks, vulnerabilities, and threats through Sourcefire Intrusion Sensors, SourcefireRNA™ (Real-Time Network Awareness), and Sourcefire Intrusion Agents. SourcefireIntrusion Sensors use the award-winning Snort® rules-based detection engine to bring you allthe benefits of signature, protocol, and anomaly-based inspection methods to all of yournetwork traffic at speeds up to 8 gigabits per second. In addition, Sourcefire RNA Sensorswill passively monitor your network to deliver highly detailed, real-time profiles of all yournetwork assets including their configuration, behavior, potential vulnerabilities, andassociated changes.

Determine the business impact of any risk. By tightly integrating and correlating the threatinformation provided by Sourcefire Intrusion Sensors and Agents with the endpoint andnetwork intelligence provided by Sourcefire RNA Sensors, the Sourcefire Defense Center willeasily prioritize the millions of security events to determine the most critical events to yourbusiness and take the appropriate actions.

Defend your online assets with the ABCs of Defense—Alert, Block, Correct—all in real time.Send alerts through email, SNMP, Syslog, and trouble ticket systems. Block attacks throughfirewalls, IPSs, switches, and routers. Correct the situation through patch or configurationmanagement.

C

O

R

R

E

L

A

T

E

P

R

I

O

R

I

T

I

Z

E

C

O

M

P

L

I

A

N

C

E

ThreatIntelligence

ThreatIntelligence

NetworkIntelligence

NetworkIntelligence

EndpointIntelligence

EndpointIntelligence

DISCOVER DETERMINE DEFEND

Alert

Correct

Block

4

Endpoint Intelligence

Know all the machines on yournetwork—all the time

Easily detect on the spot if amachine begins to rebroadcastSPAM

Detect spyware compromiseand quickly quarantineinfected machines

Instantly detect new machinesentering your network—ifpolicy dictates, sandbox themuntil clean

Know if a new device isbehaving maliciously despitehaving passed access controlsto check for antivirus andfirewall protection

Network Intelligence

Detect and shutdown illegalmail servers

Detect and shutdown roguedesktop applications includingdesktop web servers

Enforce corporate policies forP2P restrictions such as Kazaaand instant messaging

Maximize networkintelligence integrity

RNA Benefits at a Glance


SOURCEFIRE RNA—ALWAYS ON, ALWAYS ALERT

Imagine being able to know that an infected laptop has joined your network right when ithappens—not after you have applied a patch on Friday and the infected laptop connectson Monday or when it is discovered months later by some network audit.

This is just one example of how Sourcefire RNAprovides always on, real time visibility throughpassive network discovery methods similar topassive sonar. With passive network discovery,there are no required agents, superfluoustraffic, or network asset disruptions. RNA

provides a layer of intelligence to network monitoring that has never been seen beforewithin the network security industry.

Sourcefire RNA provides continuous visibility into:

Flow data, where you can analyze traffic patterns and composition for a variety of purposesincluding trend analysis

Network asset profiles, including IP address, OS and version, services and versions, and ports

Asset behavior profiles, including traffic flow and traffic type

Network profiles, including hop count, TTL parameters, and security vulnerabilities

Change events for new assets, changed assets, and behaviorally anomalous assets

All Internet peering points

This information, coupled with the RNA vulnerability database, allows you to (1) know allthe possible vulnerabilities on your network—in real time—and (2) take the appropriateaction automatically if you choose. You can use this information before and after a threatto remediate an attack as well as to tune Intrusion Sensors—making them more efficient

and less likely togenerate falsepositives or falsenegatives.

Sourcefire RNAtechnology isdeployed threedifferent ways: as aPlug-n-Protectdedicated applianceanywhere on yournetwork, as softwareon a SourcefireIntrusion Sensor, oron other third-partyservers distributedthroughout yourenvironment.TThhee RRNNAA VViissuuaalliizzaattiioonn MMoodduullee aalleerrttss yyoouu wwhheenn aannoommaalloouuss bbeehhaavviioorr iiss ddeetteecctteedd

oonn tthhee nneettwwoorrkk.. WWhheenn tthhaatt hhaappppeennss,, tthhee ssppeecciiffiicc nnooddee bbeeggiinnss ttoo bblliinnkk..

“Sourcefire RNA is like a magiceye that watches everythinghappening on your network.”

Network World

5

“This is the level ofperformance where we wouldlike to see all IDS and IPSproducts aspire.”

NSS Group

“Providing endpoint andnetwork intelligence tonetwork security productssignificantly improves theircapabilities and limits theobstacles to a successfuldeployment. Organizationsdeploying network securityproducts should look for theirintegration with vulnerabilityassessment and networkintelligence solutions.”

Gartner


Targeted Active Scanning for Timely Endpoint Intelligence

Through the integration with Nessus, the open source active scanning tool, the Sourcefire3D System also enables you to take advantage of targeted active scanning with pre-defined flexible scanning policies that automatically respond to network change. You getthe best of both scanning worlds—passive and active. For example, if RNA detects that anew port has been opened on a network asset, Nessus can be triggered to inspect justthat port through a surgical scan. The Nessus Scan Input Module also allows you toautomatically populate your Vulnerability Database with Nessus Scan data and thenmaintain the data in real-time via the RNA 24x7 vulnerability feeds.

Network Behavior Anomaly Detection (NBAD)

Building on the innovation of its RNA technology, the Sourcefire 3D System is the firstintrusion prevention system to integrate Network Behavior Anomaly Detection (NBAD)capabilities into an IPS. With a single integrated IPS, you can continually analyzepackets, assets, and the flow of data over your network for increased threat andvulnerability management.

With NBAD, the Sourcefire 3D System continually monitors network based on rules and policies thatyou set. The Sourcefire 3D System then identifies and tracks anomalies—such as distributed denial ofservice (DDoS) attacks, worms, and zero-day threats—and provides an alert or takes automaticaction. You set the thresholds to measure anomalous activities, customize alerts, and automateresponses.

With the Sourcefire 3D System, you are in a better position to quickly address andresolve threats before network performance is disrupted and customers complain.

AAddmmiinniissttrraattoorrss ccaann ttrraacckk aanndd cchhaarrtt aa vvaarriieettyy ooff hhoosstt aanndd nneettwwoorrkk mmeettrriiccss wwiitthh AAddvvaannccee FFlloowwVViissuuaalliizzaattiioonn.. DDrriilllliinngg ddoowwnn iiss eeaassyy aanndd mmeettrriiccss aanndd cchhaarrtt ttyyppeess ccaann bbee cchhaannggeedd wwiitthh aa ssiimmpplleemmoouussee cclliicckk..

6

“You can write your own rulesor modify existing ones, and youcan keep your database of rulescurrent through automaticdownloads from Sourcefire’ssupport site. Overall, Sourcefire3D is one of the best intrusion-detection/ intrusion-preventionproducts.”

Federal Computer Week


SOURCEFIRE INTRUSION SENSORS™

The best prevention begins with the best detection and knowledge. With SourcefireIntrusion Sensors, you enjoy the highest attack detection and prevention rate on themarket through Snort, the world’s most popular rules-based detection engine, created andmanaged by Sourcefire.

Snort uses a rules-based language—a powerful combination of signature, protocol, andanomaly-based inspection methods—to examine packets at both the IP protocol andapplication level. You can set it to look for specific occurrences of attacks against aprotocol or the conditions of an attack. By using the flexibility of the Snort ruleslanguage, you can block, contain, or quarantine critical threats with techniques such asdropping traffic, disrupting sessions between devices, or integrating with access controldevices such as firewalls, routers, and switches. When deployed inline, the Sourcefire 3DSystem allows you toreplace maliciouscontent with benigncontent. The flexibilityin the rules languageand numerousconfiguration options(port density, interfacetypes, deploymentmodes), allows you toeasily define newways to identify andprevent threats andenforce policiesspecific to yourindividualenvironment.

Every organization is different, with some network traffic considered legitimate forcertain firms, and threatening to others. Sourcefire Intrusion Sensors allow you to enable,disable or modify individual rules so that they are exactly appropriate for yourenvironment and your business. Of course, you can also create custom rules, all withoutaffecting the level of threat coverage provided to the remainder of the network.

With line speeds from five megabits per second (Mbps) to eight gigabits per second(Gbps) and flexibility up to 14 or more CPU units, Sourcefire Intrusion Sensors come in avariety of capacities to meet a variety of needs. Most come with hot-swap and highavailability for all main system components including power supplies, interface cards,disk drives, and processors and the industry’s best latency of less than 100 microseconds.

WWiitthh SSoouurrcceeffiirree IInnttrruussiioonn SSeennssoorrss,, yyoouu ggeett tthhee wwiiddeesstt rraannggee ooff ddeeffeennssee——bblloocckkiinngg,, rreeppllaacciinngg,, aalleerrttiinngg,, oorr mmoonniittoorriinngg wwhheenn ssuussppiicciioouuss aaccttiivviittyy iissddeetteecctteedd.. YYoouu ccaann ddeeppllooyy tthhee sseennssoorrss iinnlliinnee aass aann IIPPSS oorr ppaassssiivveellyy aass aann IIDDSS..

7


SOURCEFIRE INTRUSION AGENTSTM

Sourcefire Intrusion Agents allow you to do more than just detect intrusions; they enablea single Sourcefire Defense Center to aggregate event information from one or more opensource Snort sensors alongside data from Sourcefire Intrusion Sensors and SourcefireRNA Sensors. This allows:

Sophisticated data analysis

Comprehensive reporting

Impact assessment and prioritization of events

Integration with third-party tools

Real-time response to actual attacks

Sourcefire Intrusion Agents transmit events generated by open source Snort sensors tothe Sourcefire Defense Center, where it can be tightly integrated with the network andvulnerability information provided by Sourcefire RNA Sensors to create a persistent,comprehensive view of the security events on your network.

SSoouurrcceeffiirree IInnttrruussiioonn SSeennssoorr TThhrroouugghhppuutt

IS500 5Mbps

IS1000 45Mbps

IS2000 100Mbps

IS2100 250Mbps

IS3000 1Gbps

IS3800 1.5Gbps

IS5800 up to 8Gbps

8


SOURCEFIRE DEFENSE CENTER™

The “Plug-n-Protect” Sourcefire Defense Center isthe brains of the 3D System. It unifies and centrallymanages critical network security functions,including event monitoring, correlation, andprioritization for incident response, forensicanalysis, trends analysis, and managementreporting so that you can make the most of adistributed sensor infrastructure.

Designed to scale to enterprise-wide deployments,Sourcefire Defense Center has the only datamanagement solution capable of handling hundredsof millions of events for identification of long-termsecurity trends, while also allowing in-depth forensicanalysis down to the individual packet level.

By tightly integrating the threat intelligence provided by Sourcefire Intrusion Sensors andAgents with the endpoint and network intelligence provided by Sourcefire RNA,Sourcefire Defense Center correlates and analyzes events in real-time to determine:

The relevance of the event to your network

The impact an event will have on your network

If the impact is critical to your business

The Sourcefire 3D System also provides greater endpoint intelligence and support forthird party remediation tools in response to threats or increased data to other networksecurity products. In addition to built-in modules for Cisco PIX and Check Point® firewalls,Sourcefire can now interface with the Shavlik Patch Management System toautomatically trigger the application of patches.

9

Sourcefire Defense Center’s policy and response engine is unmatched in its power andcapabilities. For the first time, you can build or customize policies that combine threat,network, and vulnerability management. Sourcefire Defense Center allows you toconfidently protect your network by analyzing events in real-time and enabling automatedresponses according to the ABCs of Defense:

Alert - automated warnings to individuals and other managementsystems, via messages sent using SYSLOG, email, SNMP traps, ortrouble tickets ensure attack warnings are addressed.

Block - critical threats can not only be blocked but also contained orquarantined via techniques such as dropping traffic, disrupting sessionsbetween devices, and integrating with network devices such asfirewalls, routers, and switches.

Correct - new vulnerabilities and threats can be automaticallymitigated by integrating with patch or configuration managementsystems to apply configuration or code changes to eliminate possibleexploitation.

Sourcefire Defense Center includes an easy-to-use, yet extremelypowerful, web-based analysis interface, for real-time forensic reporting and analysis.Customizable workflows enable you to tailor the interface to fit the way you investigateand analyze security events. In addition, you can easily create standard or customizedreports in PDF, HTML, and CSV formats that can be automatically emailed for easydistribution.

PLUG-N-PROTECT

All Sourcefire appliances come preconfigured, designed to be up and running in less than15 minutes. No software installation is required. These “Plug-n-Protect” appliances comewith built-in data management and hardened operating systems.

The user interfaces have been designed by security engineers for security engineers. Thisapproach enables you to jump into patch management, system integrity verification,system isolation, and custom remediation activities quickly. To start, simply connect tothe network and boot. And going forward, you are assured of low overhead and the besttotal cost of ownership in network security.

10Discover. Determine. Defend.


HAVING CONTEXT MEANS SMARTER—AND BETTER—DECISIONS

Unless tuned by knowledgeable administrators, most intrusion prevention systems haveno knowledge of the true context and composition of the network they are responsible fordefending. This lack of endpoint intelligence leaves intrusion technologies guessing inmany areas of processing—especially with regard to packet handling. The intrusionprevention systems are ripe for evasion: attackers can actually know more about thenetwork than you, the defenders.

The endpoint intelligence that the Sourcefire 3D System offers eliminates ambiguity anddangerous assumptions—enabling better real-time decisions. With the endpoint andnetwork intelligence provided by RNA, the Sourcefire 3D System has the smartestintrusion technology on the market. Relevant and non-relevant threats receive the precisepriority and attention they deserve. System profiling also precisely emulates thebehaviors of the target, foiling even the most sophisticated hackers once and for all.

Without Sourcefire

IPS is noise generatorPlethora of falsepositivesGartner – ‘99 out of100 alerts meannothing’Confidence level low– only small amountof threats can besafely blocked. Lackof precision.

With Sourcefire

IPS driving real-timedefenseKnow that events arereal Know the criticality ofeventsKnow if critical assetshave beencompromisedAutomate time-consuming manualprocesses

11


ABOUT SNORT AND THE SOURCEFIRE VULNERABILITYRESEARCH TEAM (VRT)

Open source Snort was created by Martin Roesch, the founder and Chief TechnologyOfficer of Sourcefire. Sourcefire owns the Snort IP and manages the open source project.Over the past few years, Sourcefire has contributed increasing resources to advancingSnort into a mature, feature-rich technology that offers the most flexible and accuratethreat detection and prevention available. That commitment has lead to gigabitperformance capability, the integration of the Snort inline technology, portscan detection,protocol anomaly detectors, normalization and detection, documentation, and so much more.

With over 2,000,000 downloads and 100,000+ active users, and integration into hundredsof third-party solutions, Snort has become the de facto standard for intrusion detectionand prevention. Gartner has recognized the mainstream acceptance of Snort in its OpenSource Hype Cycle, describing Snort as “widely available, used by mainstream companies

and supported by many vendors.”

The power and reach of Snort is duein large part to the power and reachof the Snort user community. Aside

from the seasoned developers atSourcefire, there are literally thousandsof experienced users providing

invaluable real-world testing of featuresand rules as well as a global early

warning system for new threats. Byleveraging the “many eyeballs” theory that

was popularized by Eric Raymond and used tolaunch Linux to success in the operatingsystem market, people in the open sourceSnort community worldwide can detect and

respond to bugs and other security threatsmore quickly and efficiently than in a “closed”

environment.

SSttaayyiinngg AAhheeaadd ooff tthhee ZZoottoobb WWoorrmm

8/12/05 - Sourcefire VRT responds to a Microsoft Windows Plug-and-Play (PnP)vulnerability announcement that came out a few days earlier—issuingan advisory and releasing a number of rules to detect all attemptedexploits against the PnP vulnerability.

8/14/05 - The Zotob worm is identified in the wild.

8/15/05 - After thorough analysis of the worm, Sourcefire notifies customers thatrules were already in place to detect Zotob activity.

8/17/05 - Variants of Zotob as well as other attacks emerge. The VRT verifies thatall are covered by original rules update.

8/19/05 - Sourcefire publishes instructions on how to leverage the power of RNAand the 3D Policy and Response engine for further Zotob detection.

12

“In the Visa/MC PCI standard, itstates we must use networkintrusion detection systems,host-based intrusion detectionsystems, and/or intrusionprevention systems to monitorall network traffic and alertpersonnel to suspectedcompromises. After ouranalysis, we were fullyconvinced that Sourcefire ledthe way. They just providedmore value.”

BankersBank Card Services

“By implementing the Sourcefiresolution we have protected ournetwork better. We would alsorecommend this solution foradded HIPAA compliance.Sourcefire provides proof thatwe are monitoring andprotecting our systems. If thereis suspicious activity on ournetwork, we will know about it.”

Sisters of Charity Providence Hospitals

Compliance

Ensure compliance withpolicy-based alerting andreporting

Automate compliancereporting


The Sourcefire Vulnerability Research Team (VRT), comprised of leading edge intrusiondetection and prevention experts, works to discover, assess, and respond to the latesttrends in hacking activity, intrusion attempts, and vulnerabilities. The robustness of theSnort rules language enables the VRT to write complex rules that focus on detecting anyattempts to exploit an underlying vulnerability. This means you can detect new variants ofknown worms—stay ahead of the threats—without the need to update your system.

ENSURING THE STRONGEST POLICY COMPLIANCE

Security policies are only as effective as their monitoring and enforcement.

Now you can enforce, manage, enhance, and tune your security policies based on yourcombined threat, network, and vulnerability management data. The policy and responseengine of the Sourcefire 3D System is the first technology to give you such power andconfidence. Flow data events can also be included in your compliance policy rules. Withthe Sourcefire 3D System, you can set security policies specifically for your network andknow immediately when those policies are violated.

For example, you can easily prevent unauthorized servers, P2P applications such asKazaa, and rogue applications such as web servers running on desktops.

Moreover, you can thoroughly document your organization’s compliance with the FederalInformation Security Management Act (FISMA), the Gramm-Leach-Bliley (GLB) Act, theHealth Insurance Portability and Accountability Act (HIPAA), the Sarbanes Oxley (SOX)Act, the Security Breach Information Act (SB1386), or the Visa/MC Processing CardIndustry’s (PCI) Data Security Standard.

AAddmmiinniissttrraattoorrss ccaann bbuuiilldd ppoowweerrffuull rruulleess ttoo tteesstt ffoorr aa vvaarriieettyy ooff ttrraaffffiicc aanndd ccoonnnneeccttiioonn sscceennaarriiooss..

13


ENTERPRISE NEEDS, ENTERPRISE SCALABILITY

Sourcefire offers a highly scalable intrusion detection and prevention solution, whichincludes a built-in high performance database capable of handling millions of events inreal time. This solution, the Sourcefire 3D System, provides all the threat, endpoint, andnetwork intelligence features you need for large scale, enterprise deployments. In fact,Sourcefire received the highest score of “Exceptional” from Network World for scalability.

The Sourcefire 3D System provides automated failover support by offering a highavailability mode that allows two Defense Centers to manage the same sensor or groupof sensors.

In addition, this system offers dynamic load balancing across Intrusion Sensors that aredeployed on the same network segment. You can easily create groups and apply commonpolicies across the sensor group.

The Sourcefire 3D System offers several levels of user-specific access, enabling you todetermine exactly what access to allow, including maintenance access, data access,restricted data access, rule access, and admin access.

14


YOU NEED MORE THAN AN INTRUSION PREVENTION TOOL, YOU NEED AN INTRUSION PREVENTION PROCESS

The days of responding to an attack when it occurs are over. Attacks don’t just happen atthe perimeter any more. Attacks can come from a variety of network entry points. Addinga new security product to address that threat is not the answer. Blocking all networktraffic is not the answer either. You need a solution—a process—that will protect allnetwork entry points, systems, applications, and data all the time.

You need to protect your online assets before, during, and after an attack. To get aheadof the attacks, you have got to continually monitor, assess, and react to potential risks,hidden vulnerabilities, and suspicious behavior and anomalies.

If you had to stake your career on your intrusion prevention system and level of networksecurity protection, you would want a system that is:

Comprehensive—integrating threat, endpoint, and network intelligence. Perhaps you would wantthe one recognized as the most comprehensive—and the best value—IPS on the market by SCMagazine.

Highly automated—giving you context for smarter, better decisions and automation when youwant it.

Policy driven—with a multi-level, integrated approach that ensures thorough complianceenforcement and documentation.

Infrastructure agnostic—allowing you to leverage your existing investment and not lock you intoone approach.

Built on a proven technology—Snort, the de facto standard for intrusion detection and preventiontechnology, created by Sourcefire.

That only leaves you with one choice—the Sourcefire 3D System.

15



www.sourcefire.com

US Headquarters9770 Patuxent Woods Drive

Columbia, MD 21046800.917.4134 | 410.290.1616

US Virginia Sales Office8000 Towers Crescent Drive

Suite 1550Vienna, VA 22182

800.501.6008

European Sales Office400 Thames Valley Park Drive

Thames Valley ParkReading RG6 1PT

+44 (0) 118 965 3555

©2006 Sourcefire, Inc. Sourcefire, Sourcefire 3D System, Intrusion Sensor, RNA Sensor, DefenseCenter and Snort are trademarks or registered trademarks of Sourcefire. All rights reserved.

REV. 2 | 3.2006

Sourcefire, Inc., the world leader in intrusion prevention, is transforming the way organizations manage andminimize network security risks with its 3D Approach - Discover, Determine, Defend - to securing realnetworks in real-time. The company's ground-breaking network defense system unifies intrusion andvulnerability management technologies to provide customers with the most effective network security

available. Founded in 2001 by the creator of Snort®, Sourcefire is headquartered in Columbia, MD and has beenconsistently recognized for its innovation and industry leadership by customers, media, and industry analysts

alike – with more than 16 awards and accolades since January 2005 alone. Most recently, the companywas positioned in the Leaders Quadrant of Gartner’s “Magic Quadrant for Network Intrusion Prevention

System Appliances” report and the Sourcefire 3D System was named “Best Security Solution,” at the 2006 SCMagazine Awards. At work in leading Fortune 1000 and government agencies, the names Sourcefire and

founder Martin Roesch have grown synonymous with innovation and intelligence in network security.

ABOUT SOURCEFIRE

sourcefire product overviewcyber-edge.com/wp-content/uploads/2016/08/sourcefire... · 2016. 8....

Documents