Sourcefire Next-Generation IPS

Similar documents
Sourcefire Next-Generation IPS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

How To Manage Sourcefire From A Command Console

Adaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

How To Protect Your Network From A Threat From A Rogue Host Or A Rogue Server From A Hacker (For A Fee)

Requirements When Considering a Next- Generation Firewall

SourceFireNext-Generation IPS

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Content-ID. Content-ID URLS THREATS DATA

McAfee Network Security Platform

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Secure Cloud-Ready Data Centers Juniper Networks

STEALTHWATCH MANAGEMENT CONSOLE

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Cisco Cybersecurity Pocket Guide 2015

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

V1.4. Spambrella Continuity SaaS. August 2

Next-Generation Network Security: A Buyers Guide

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Vulnerability Management

IBM Security Network Protection

McAfee Network Security Platform A uniquely intelligent approach to network security

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

The Cisco ASA 5500 as a Superior Firewall Solution

Content Security: Protect Your Network with Five Must-Haves

Achieve Deeper Network Security and Application Control

Braindumps QA

Deploying Next Generation Firewall with ASA and Firepower services

The SIEM Evaluator s Guide

Meeting the Challenges of Virtualization Security

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Firewall Feature Overview

SANS Top 20 Critical Controls for Effective Cyber Defense

Cisco Web Security: Protection, Control, and Value

IBM Advanced Threat Protection Solution

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Introducing IBM s Advanced Threat Protection Platform

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

WEBSENSE TRITON SOLUTIONS

Trend Micro. Advanced Security Built for the Cloud

Next-Generation Firewalls: Critical to SMB Network Security

WildFire. Preparing for Modern Network Attacks

IBM Security Intrusion Prevention Solutions

IBM Security IBM Corporation IBM Corporation

How To Manage Security On A Networked Computer System

Network Performance + Security Monitoring

Networking for Caribbean Development

Next Generation Enterprise Network Security Platform

AVeS Cloud Security powered by SYMANTEC TM

Achieve Deeper Network Security

Firewall and UTM Solutions Guide

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Open Source Software for Cyber Operations:

Open Source in Government: Delivering Network Security, Flexibility and Interoperability

How To Buy Nitro Security

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

ENABLING FAST RESPONSES THREAT MONITORING

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Defending Against Cyber Attacks with SessionLevel Network Security

Extreme Networks Security Analytics G2 Risk Manager

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

End-user Security Analytics Strengthens Protection with ArcSight

OVERVIEW. Enterprise Security Solutions

Moving Beyond Proxies

Delivering Control with Context Across the Extended Network

Intrusion Prevention System

McAfee Network Security Platform A uniquely intelligent approach to network security

Protection Against Advanced Persistent Threats

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

FISMA / NIST REVISION 3 COMPLIANCE

Palo Alto Networks Next-Generation Firewall Overview

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

Applications erode the secure network How can malware be stopped?

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

INFORMATION PROTECTED

McAfee Network Security Platform A uniquely intelligent approach to network security

Information Technology Policy

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

IBM Security QRadar Risk Manager

How To Protect Your Cloud From Attack

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Enterprise Security Solutions

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

IBM Security QRadar Risk Manager

SOURCEFIRE PRODUCT OVERVIEW. Sourcefire 3D System. Security for the real world. Discover. Determine. Defend.

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Modern IT Operations Management. Why a New Approach is Required, and How Boundary Delivers

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Transcription:

Sourcefire Next-Generation IPS Sourcefire Next-Generation IPS sets a new standard for advanced threat protection, integrating real-time contextual awareness, intelligent security automation, and unprecedented performance with industry-leading network intrusion prevention. No other solution offers the visibility, automation, flexibility and scalability to protect today s dynamic environments against increasingly sophisticated threats. TRUE NEXT-GENERATION IPS Key NGIPS Capabilities Snort IPS detection engine Network intelligence Impact assessment User identification Automated policy tuning Network behavior analysis Packet-level forensics Sensitive data filtering Application control URL filtering Gartner believes that changing threat conditions and changing business and IT processes will drive network security managers to increasingly look for next-generation network IPS capabilities at the next firewall or IPS refresh cycle. 1 John Pescatore, Gartner Greg Young, Gartner The Sourcefire Next-Generation Intrusion Prevention System (NGIPS) was built from the ground up to arm security teams with the protection they need in today s rapidly changing environments. Based on core competencies of contextual awareness and automation recognized by Gartner as key ingredients of a Next-Generation Network IPS and further fueled by the Sourcefire FirePOWER performance platform and sophisticated Sourcefire FireSIGHT network intelligence, Sourcefire s NGIPS stands apart, offering: Advanced Threat Protection The best threat prevention that money can buy as validated by independent third-party testing and thousands of satisfied customers around the world Real-time Contextual Awareness See and correlate extensive amounts of event data related to IT environments applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats Intelligent Security Automation Automated event impact assessment, IPS policy tuning, policy management, network behavior analysis, and user identification significantly lower the total cost of ownership and enhance the ability to keep pace with changing environments Unparalleled Performance and Scalability Purpose-built appliances incorporate a low-latency, single-pass design for unprecedented performance and scalability Application Control and URL Filtering Reduce the surface area of attack through optional granular control of over 1000 applications and 100s of millions of URLs in over 80 categories. In the real world, threats are constantly evolving. And so is your network. You ve got limited resources and a lot on your plate. You need an IPS that is agile one that can protect you today but also grow with your organization tomorrow. ADVANCED THREAT PROTECTION Sourcefire offers the best network protection that money can buy period. As the creator of Snort, the de facto standard for intrusion detection and prevention, our roots are in security. With over 4 million downloads and 325,000 registered Snort users and over half of Forbes Global 100 companies leveraging Sourcefire for intrusion prevention, more organizations rely on Sourcefire technology than any other on the market. 1 Source: Defining Next-Generation Network Intrusion Prevention, Gartner, 7 October 2011

Powered by Snort Open source, de facto IPS standard Invented in 1998 by Martin Roesch, Sourcefire Founder and CTO Most widely deployed IPS technology over 4m downloads Used by over half of the world s 100 largest companies Used by the 30 largest U.S. government agencies Snort community has become an entire ecosystem: Over 325,000 registered users Dozens of Snort books published Classes taught at colleges and universities User groups Discussion lists and forums Through a combination of vulnerability-based IPS rules, custom IPS rule creation, IT policy compliance whitelists and basic data loss prevention (DLP) capabilities, Sourcefire customers have more ways to defend their systems than any other IPS provider. But don t take our word for it. Since NSS Labs conducted its first-ever comparison test in 2009, Sourcefire has been ranked #1 in threat prevention among all leading network security providers. Figure 1 is a summary of our latest test results in comparison to industry averages. Sourcefire NGIPS is backed by the esteemed Sourcefire Vulnerability Research Team (VRT), a group of leading security experts that develop and maintain the official Snort rules used by the Sourcefire NGIPS. The Sourcefire VRT : Discovers, assesses, and responds to the latest trends in hacking activities, intrusion attempts, and vulnerabilities to stay ahead of threats Develops vulnerability-based rules to protect you before exploits are in the wild Delivers same-day protection for critical Microsoft vulnerabilities Sourcefire s NGIPS offers the most comprehensive threat prevention in the industry, including: Worms Triojans Backdoor attacks Spyware Port Scans VoIP attacks IPv6 attacks Figure 1. Graphical depiction of Sourcefire s default and tuned protection in comparison to industry averages in NSS Labs latest comparative test results 2 DoS attacks Buffer overflows P2P attacks Statistical anomalies Protocol anomalies Application anomalies Malformed traffic Invalid headers Blended threats Rate-based threats Zero-day threats TCP segmentations and IP fragmentation REAL-TIME CONTEXTUAL AWARENESS You cannot protect what you cannot see. Imagine a U.S. Secret Service agent assigned to protect the President while wearing a blindfold? That s analogous granted, on a far lesser scale to a network security device configured with a default policy not optimized to protect your unique network environment. It can t properly defend your network because it simply doesn t know what it s protecting. But Sourcefire is different. Since 2003, Sourcefire has been aggregating network intelligence to provide context to network security defenses. And today, Sourcefire FireSIGHT TM affords users with total network visibility, including physical and virtual hosts, operating systems, applications, users, content, and potential host vulnerabilities. By having the utmost visibility into what s running on your network, NGIPS significantly lowers the total cost of ownership through intelligent security automation. 2 Source: Network Intrusion Prevention Systems 2010 Comparative Test Results, NSS Labs, December 2010. 2

FireSIGHT Detection Physical/virtual hosts Operating systems Applications Consumer devices Mobile phones VoIP phones Network printers Routers Potential vulnerabilities Network flow and bandwidth Network anomalies User identity Figure 2. Sample FireSIGHT detection. INTELLIGENT SECURITY AUTOMATION Mapping a username to an IP address was taking us away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two. I feel much better knowing that I can contact a user immediately in the event they are affected by a network attack. Tamara Fisher, Security Engineer, AutoTrader.com Automation is critical to keep pace with advanced threats despite resource limitations. IT security must constantly strive to work smarter not harder to meet business demands. The Sourcefire NGIPS uses contextual awareness to fuel intelligent automation in the following ways: Optimize defenses and system performance by automating protection policy updates based on network changes Reduce the number of actionable security events by up to 99% by correlating threats against target operating systems and applications and their inherent vulnerabilities Know instantly who to contact when an internal host is affected by a clientside attack Be alerted when a host violates a configuration policy or attempts to access an unauthorized system Detect the spread of malware by baselining normal network traffic and detecting network anomalies Sample Automation Threat prevention rule and policy updates Threat impact assessment Linking users to events Event correlation of user, device, service and application Exporting events to SIEMs Generating reports Figure 3. Annual cost of maintenance FireSIGHT ensures network protections are deployed appropriately, and maintained automatically, as networks and threats change over time. FireSIGHT enhances the quality of network security while helping to deliver the lowest possible operational expense. 3

Defense Center Capabilities Centralized event monitoring Manages physical and virtual Sourcefire 3D Appliances Customizable dashboards with numerous widgets Role-based administration and workflow Syslog, email, and SNMP alerts Sophisticated and customizable reporting Third-party integration APIs LDAP, AD and RADIUS support Automated threat prevention updates Master Defense Center (MDC) During our testing, one vendor produced alerts on 80% of the traffic we threw at it, but Sourcefire didn t produce a single alert. We brought the Sourcefire engineer in because we thought it wasn t working, but he said that it wasn t producing alerts because the boxes being attacked in the test weren t vulnerable to what was being thrown at it...he showed me proof that it was working, which was nice. Jeremy Pratt, Network Manager, L.A. Times UNPARALLELED PERFORMANCE AND SCALABILITY Sourcefire NGIPS takes advantage of the best hardware technology in the industry, providing IPS inspected throughput options ranging from 20Gbps down to 5Mbps. The new Sourcefire 3D8000 Series appliances, our highestthroughput sensors, offer interface modularity, expandability, and scalability. Modularity provides a low entry-price and enables you to choose the number of ports and media type for your network and swap out interface types as needed. Expandability gives you the option to pay for network interfaces as you grow. Scalability enables you to add additional processing power through appliance stacking. At the heart of the new 3D8000 Series appliances lies the breakthrough FirePOWER acceleration technology, providing market-leading performance with greater energy efficiency. Sourcefire s central management console, called Sourcefire Defense Center, is the central nervous system of Sourcefire s network security solutions. It s here where all protection and access policies are configured and where all security and compliance events are evaluated. Defense Center also offers a powerful reporting engine with a selection of report templates to meet the needs of any organization. And Sourcefire offers the most customizable dashboard in the business, featuring an intuitive portal-like interface equipped with a library of drag-and-drop widgets for monitoring security and compliance events and the health and performance of your 3D Appliances. But performance and manageability aren t the only aspects that set Sourcefire s NGIPS solution apart. Sourcefire offers unparalleled scalability and ease of management through the Sourcefire Master Defense Center (MDC) capability. This hierarchical approach allows a MDC to centrally manage up to 10 subordinate DCs. This offers our customers unprecedented scalability, whereas security and compliance events can be filtered up to the MDC, while protection and access policies can be pushed down to subordinate DCs and 3D Appliances. ADDITIONAL PROTECTION WITH APPLICATION CONTROL & URL FILTERING Sourcefire NGIPS customers can take contextual awareness to the next level with optional Application Control and URL Filtering capabilities. Exploiting applications is one of the most common threat vectors for attackers today. Organizations can go beyond identifying applications to gain even greater protection by granularly controlling application usage and access. Additionally, organizations can mitigate sophisticated client-side attacks and improve employee productivity by controlling access to more than 280 million URLs in over 80 categories. Through granular control of applications and web access, organizations can improve their overall network security posture by reducing their surface area of attack. SEAMLESS THIRD-PARTY INTEGRATION Because of its open source flexibility and extensive interfaces (APIs), Sourcefire NGIPS solutions integrate quickly and easily with a variety of third-party technologies including vulnerability management systems, security information and event management (SIEM) applications, network access control (NAC), network forensics, and more. System interoperability provides numerous benefits: 4

Extends your investment without major effort or upgrades Simplifies your security deployment and planning activities Provides the flexibility to interoperate security in any IT environment PROTECTION FOR PHYSICAL & VIRTUAL ENVIRONMENTS Sourcefire offers an impressive line of purpose-built Network Security Appliances with inspected threat prevention throughputs ranging from 20Gbps down to 5Mbps. All Sourcefire Appliances come standard with programmable, fail-open copper and/or fiber interfaces, and most models come equipped with additional fault-tolerant features, including dual power supplies, RAID drives and lights out management (LOM). Sourcefire also offers security solutions for VMware, Xen and Red Hat virtual platforms. Sourcefire Virtual Sensors provide the capability to inspect VMto-VM communications, providing the same control and protection as their physical counterparts. REMOVE NETWORK BLIND SPOTS THROUGH SSL DECRYPTION SSL is an easy vehicle for cybersecurity attacks: Inbound attacks Spyware and malware Viruses and worms Phishing Identity theft Information leaks Sourcefire SSL Appliance 2000 The use of SSL encryption is exploding due to cloud computing and the rise of Web-enabled applications. The Sourcefire SSL Appliance can decrypt and re-encrypt SSL traffic, allowing unimpeded security inspection that scales in concert with your network performance requirements. It s also easier to centrally manage keys for varying security functions (e.g., IPS, DLP, Network Forensics) within a single appliance deployment. TAKE THE NEXT STEPS TOWARD AGILE SECURITY To learn more about Sourcefire s Next-Generation IPS and other solutions that provide Agile Security, contact a member of the Sourcefire Global Security Alliance today to view a demonstration, request an onsite evaluation, or schedule a meeting, or visit us www.sourcefire.com for more information. 2012 Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, ClamAV, FireAMP, FirePOWER, FireSIGHT and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. 4.12 rev2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information