Sourcefire Next-Generation IPS

Similar documents
Sourcefire Next-Generation IPS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Requirements When Considering a Next- Generation Firewall

SourceFireNext-Generation IPS

Adaptive IPS Security in a changing world. Dave Venman Security Engineer, UK & Ireland

How To Manage Sourcefire From A Command Console

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

How To Protect Your Network From A Threat From A Rogue Host Or A Rogue Server From A Hacker (For A Fee)

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Content-ID. Content-ID URLS THREATS DATA

McAfee Network Security Platform

Secure Cloud-Ready Data Centers Juniper Networks

Cisco Cybersecurity Pocket Guide 2015

IBM Advanced Threat Protection Solution

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Networking for Caribbean Development

Achieve Deeper Network Security and Application Control

Braindumps QA

STEALTHWATCH MANAGEMENT CONSOLE

Protection Against Advanced Persistent Threats

Content Security: Protect Your Network with Five Must-Haves

Deploying Next Generation Firewall with ASA and Firepower services

Firewall and UTM Solutions Guide

Introducing IBM s Advanced Threat Protection Platform

Next-Generation Firewalls: Critical to SMB Network Security

IBM Security Network Protection

WildFire. Preparing for Modern Network Attacks

Next-Generation Network Security: A Buyers Guide

End-user Security Analytics Strengthens Protection with ArcSight

ENABLING FAST RESPONSES THREAT MONITORING

Achieve Deeper Network Security

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

The Hillstone and Trend Micro Joint Solution

Cisco Web Security: Protection, Control, and Value

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

The Cisco ASA 5500 as a Superior Firewall Solution

Vulnerability Management

Top 10 Reasons Enterprises are Moving Security to the Cloud

Open Source in Government: Delivering Network Security, Flexibility and Interoperability

V1.4. Spambrella Continuity SaaS. August 2

Modular Network Security. Tyler Carter, McAfee Network Security

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Trend Micro. Advanced Security Built for the Cloud

IBM Security IBM Corporation IBM Corporation

McAfee Network Security Platform A uniquely intelligent approach to network security

SANS Top 20 Critical Controls for Effective Cyber Defense

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

Cisco Cloud Web Security

Applications erode the secure network How can malware be stopped?

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Open Source Software for Cyber Operations:

Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

How To Sell Security Products To A Network Security Company

Defending Against Cyber Attacks with SessionLevel Network Security

Meeting the Challenges of Virtualization Security

Superior protection from Internet threats and control over unsafe web usage

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Firewall Feature Overview

Information Technology Policy

WEBSENSE TRITON SOLUTIONS

Network Performance + Security Monitoring

Cisco Advanced Malware Protection for Endpoints

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Securing the Small Business Network. Keeping up with the changing threat landscape

Providing Secure IT Management & Partnering Solution for Bendigo South East College

SafeNet Content Security. esafe SmartSuite - Security that Thinks. Real-time, Smart and Simple Web and Mail Security Solutions.

RSA Security Analytics

Fight Malware, Malfeasance, and Malingering with F5

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

IBM Security Intrusion Prevention Solutions

Delivering Control with Context Across the Extended Network

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Cisco Advanced Malware Protection

IBM Security Intelligence Strategy

SecureVue Product Brochure

I D C A N A L Y S T C O N N E C T I O N

How To Manage Security On A Networked Computer System

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

IBM Security Network Protection

24/7 Visibility into Advanced Malware on Networks and Endpoints

Cisco Advanced Malware Protection for Endpoints

How To Buy Nitro Security

The Cloud App Visibility Blindspot

INFORMATION PROTECTED

Transcription:

Sourcefire Next-Generation IPS Key NGIPS Capabilities Snort IPS detection engine Network intelligence Impact assessment User identification Automated policy tuning Network behavior analysis Packet-level forensics File type determination Application control URL filtering Advanced malware protection Gartner believes that changing threat conditions and changing business and IT processes will drive network security managers to increasingly look for next-generation network IPS capabilities at the next firewall or IPS refresh cycle. 1 John Pescatore, Gartner Greg Young, Gartner Sourcefire Next-Generation IPS sets a new standard for advanced threat protection, integrating real-time contextual awareness, intelligent security automation and unprecedented performance with industry-leading network intrusion prevention. No other solution offers the visibility, automation, flexibility and scalability to protect today s dynamic environments against increasingly sophisticated threats. True Next-Generation IPS The Sourcefire Next-Generation Intrusion Prevention System (NGIPS) was built from the ground up to arm security teams with the protection they need in today s rapidly changing environments. Based on core competencies of contextual awareness and automation recognized by Gartner as key ingredients of a Next-Generation Network IPS and further fueled by the Sourcefire FirePOWER high-performance platform and sophisticated Sourcefire FireSIGHT network intelligence, the Sourcefire NGIPS stands apart, offering: Real-time Contextual Awareness See and correlate extensive amounts of event data related to IT environments applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats Advanced Threat Protection Protect against the latest threats with the best threat prevention that money can buy as validated by independent third-party testing and thousands of satisfied customers around the world Intelligent Security Automation Significantly lower the total cost of ownership and enhance the ability to keep pace with changing environments with automated event impact assessment, IPS policy tuning, policy management, network behavior analysis and user identification 1 Source: Defining Next-Generation Network Intrusion Prevention, Gartner, 7 October 2011 Sourcefire Next-Generation IPS 1

Unparalleled Performance and Scalability Gain unprecedented performance and scalability with purpose-built appliances that incorporate a low-latency, single-pass design Optional Application Control, URL Filtering, and Advanced Malware Protection Reduce the surface area of attack through granular control of over 1800 applications and 100s of millions of URLs in over 80 categories. Discover, track and block the progression of suspect files and malware to prevent the spread of outbreaks and reinfection. In the real world, threats are constantly evolving. And so is your network. You ve got limited resources and a lot on your plate. You need an IPS that is agile one that can protect you today but also grow with your organization tomorrow. Real-Time Contextual Awareness You cannot protect what you cannot see. Imagine a U.S. Secret Service agent assigned to protect the President while wearing a blindfold? That s analogous granted, on a far lesser scale to a network security device configured with a default policy not optimized to protect your unique network environment. It can t properly defend your network because it simply doesn t know what it s protecting. But Sourcefire is different. Since 2003, Sourcefire has been aggregating network intelligence to provide context to network security defenses. Powered by Snort Open source, de facto IPS standard Invented in 1998 by Martin Roesch, Sourcefire Founder and CTO Most widely deployed IPS technology over 4m downloads Used by over half of the world s 100 largest companies Used by the 30 largest U.S. government agencies Snort community has become an entire ecosystem: Nearly 400,000 registered users Dozens of Snort books published Classes taught at colleges and universities User groups Discussion lists and forums Figure 1. FireSIGHT detection examples. And today, Sourcefire FireSIGHT affords users with total network visibility, including physical and virtual hosts, operating systems, applications, users, content, and potential host vulnerabilities. Context Explorer allows you to visualize and explore all of the contextual information that FireSIGHT provides, including top-used applications and hosts. It creates dynamically updated contextual views of your environment with easy drill-down for additional details. 2

Figure 2. Context Explorer Advanced Threat Protection Sourcefire helps you fight the latest threats to your network with FirePOWER. IP reputation blacklisting prevents connections to botnets, attackers, spam sources and other malicious IP addresses. The Advanced Malware Protection for Network subscription, optional for FirePOWER appliances, enables malware detection/blocking, continuous analysis, retrospective alerting and leverages Sourcefire s Collective Security Intelligence. Simply software-enable these additional protections when you re ready. Through a combination of vulnerability-based IPS rules, custom IPS rule creation, security intelligence for IP and file reputation capabilities as well as advanced malware protection, Sourcefire customers have more ways to defend their systems than with any other IPS provider. But don t take our word for it. Sourcefire is the leader in NSS Lab s 2012 Security Value Map for IPS based on security effectiveness and total cost of ownership (TCO). Figure 3 is a summary of our latest test results in comparison to the Figure 3. NSS Labs 2012 Network IPS Product Analysis Report average industry average (10 vendors tested). Sourcefire NGIPS is backed by the esteemed Sourcefire VRT (Vulnerability Research Team), a group of leading security experts that develop and maintain the official Snort rules used by the Sourcefire NGIPS. The Sourcefire VRT: Discovers, assesses, and responds to the latest trends in hacking activities, intrusion attempts, and vulnerabilities to stay ahead of threats Develops vulnerability-based rules to protect you before exploits are in the wild Delivers same-day protection for critical Microsoft vulnerabilities FireSIGHT Detection Physical/virtual hosts Operating systems Applications Smart phones and tablets VoIP phones Network printers Routers Potential vulnerabilities Network flow and bandwidth Network anomalies User identity File type and protocol Malicious connections 2 Source: NSS Labs 2012 Network IPS Product Analysis Report average from 10 tested vendors 3

Sourcefire s NGIPS offers the most comprehensive threat prevention in the industry, including: Worms Triojans Backdoor attacks Spyware Port Scans VoIP attacks IPv6 attacks DoS attacks Buffer overflows P2P attacks Intelligent Security Automation Statistical anomalies Protocol anomalies Application anomalies Malformed traffic Invalid headers Blended threats Rate-based threats Zero-day threats TCP segmentations and IP fragmentation Mapping a username to an IP address was taking us away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two. I feel much better knowing that I can contact a user immediately in the event they are affected by a network attack. Tamara Fisher, Security Engineer, AutoTrader.com Automation is critical to keep pace with advanced threats despite resource limitations. IT security teams must constantly strive to work smarter not harder to meet business demands. The Sourcefire NGIPS uses contextual awareness to fuel intelligent automation in the following ways: Optimize defenses and system performance by automating Sample Automation Threat prevention rule and policy updates Threat impact assessment Linking users to events Event correlation of user, device, service and application Exporting events to SIEMs Generating reports protection policy updates based on network changes Reduce the number of actionable security events by up to 99% by correlating threats against target operating systems and applications and their inherent vulnerabilities Know instantly who to contact when an internal host is affected by a client-side attack Be alerted when a host violates a configuration policy or attempts to access an unauthorized system Detect the spread of malware by baselining normal network traffic and detecting network anomalies FireSIGHT ensures network protections are deployed appropriately, and maintained automatically, as networks and threats change over time. FireSIGHT enhances the quality of network security while helping to deliver the lowest possible operational expense. $144,000 $24,300 Impact Assessment of Security Events $72,000 $18,000 Automated Policy Tuning $59,400 $3,000 User Identification Lower TCO Through Automation Organizations can save tens of thousands of dollars every year by automating common threat prevention functions. Manual processes Automated processes Figure 4. Annual cost of maintenance 4

Unparalleled Performance And Scalability Sourcefire NGIPS takes advantage of the best hardware technology in the industry, providing IPS inspected throughput options ranging from 50Mbps to 40+Gbps. At the heart of the FirePOWER Series appliances lies breakthrough acceleration technology, providing marketleading performance with greater energy efficiency. The Sourcefire FirePOWER 8000 Series appliances offer high-throughput, network modularity, expandability and scalability. High-throughput keeps pace with the performance requirements of even the most demanding environments. Network modularity provides a low entry-price and enables you to choose the number of ports and media type for your network and swap out interface types as needed. Expandability gives you the option to pay for network interfaces as you grow. Scalability enables you to add additional processing power through appliance stacking. The Sourcefire FireSIGHT Management Center is the central nervous system of Sourcefire s network security solutions. It s here where all protection and access policies are configured and where all security and compliance events are evaluated. FireSIGHT Management Center also offers a powerful reporting engine with a selection of report templates to meet the needs of any organization. And Sourcefire offers the most customizable dashboard in the business, featuring an intuitive portallike interface equipped with a library of drag-and-drop widgets for monitoring security and compliance events as well as the health and performance of your FirePOWER appliances. FireSIGHT Management Center Capabilities Centralized event monitoring Manages physical and virtual Sourcefire FirePOWER appliances Customizable dashboards with numerous widgets Role-based administration and workflow Syslog, email, and SNMP alerts Sophisticated and customizable reporting Third-party integration APIs LDAP, AD and RADIUS support Automated threat prevention updates Additional Protection with Application Control, URL Filtering and Advanced Malware Protection Sourcefire NGIPS takes protection to the next level with optional Application Control, URL Filtering and Advanced Malware Protection (AMP) capabilities. Exploiting applications is one of the most common threat vectors for attackers today. Organizations can go beyond identifying applications to gain even greater protection by granularly controlling application usage and access. Additionally, organizations can mitigate sophisticated client-side attacks and improve employee productivity by controlling access to more than 280 million URLs in over 80 categories. Finally, Sourcefire provides its NGIPS customers the ability to gain protection against sophisticated network malware, advanced persistent threats (APTs) and targeted attacks through its Advanced Malware Protection (AMP) for Network offering. Using continuous monitoring, big data analytics, retrospective security and malware file trajectory analysis, Sourcefire enables organizations to gain unparalleled visibility and control over these increasingly serious threats. 5

Through granular control of applications and web access, organizations can improve their overall network security posture by reducing their surface area of attack. By adding the continuous monitoring, retrospective alerting and network file trajectory capabilities available with Sourcefire s AMP for Network solution, NGIPS customers get a new and unique approach to security one that provides them protection before, during and after an attack. Seamless Third-Party Integration Because of its open source flexibility and extensive interfaces (APIs), Sourcefire NGIPS integrates quickly and easily with a variety of third-party technologies including vulnerability management systems, security information and event management (SIEM) applications, network access control (NAC), network forensics and more. System interoperability provides numerous benefits: Extends your investment without major effort or upgrades Simplifies your security deployment and planning activities Provides the flexibility to interoperate security in any IT environment Protection For Physical & Virtual Environments Sourcefire offers an impressive line of purpose-built Network Security Appliances with inspected threat prevention throughputs ranging from 50Mbps to 40+Gbps. All FirePOWER NGIPS Appliances come standard with programmable bypass (can fail open or closed) copper and/or fiber interfaces, and most models come equipped with additional fault-tolerant features, including dual power supplies, RAID drives and lights out management (LOM). During our testing, one vendor produced alerts on 80% of the traffic we threw at it, but Sourcefire didn t produce a single alert. We brought the Sourcefire engineer in because we thought it wasn t working, but he said that it wasn t producing alerts because the boxes being attacked in the test weren t vulnerable to what was being thrown at it...he showed me proof that it was working, which was nice. Jeremy Pratt, Network Manager, L.A. Times Sourcefire also offers security solutions for VMware platforms. Sourcefire Virtual Appliances provide the capability to inspect VM-to-VM communications, providing the same control and protection as their physical counterparts. Remove Network Blind Spots Through SSL Decryption The use of SSL encryption is exploding due to cloud computing and the rise of Webenabled applications. The Sourcefire SSL Appliance can decrypt and reencrypt SSL traffic, allowing unimpeded security inspection that scales in concert with your network performance requirements. It s also easier to centrally manage keys for varying security functions (e.g., IPS, DLP, Network Forensics) within a single appliance deployment. Figure 5. Sourcefire SSL Appliance 8200 6

Take The Next Steps Toward Agile Security To learn more about Sourcefire Next-Generation IPS and other solutions that provide Agile Security, contact a member of the Sourcefire Global Security Alliance today to view a demonstration, request an onsite evaluation or schedule a meeting. Visit www.sourcefire.com for more information. SSL is an easy vehicle for cybersecurity attacks: Inbound attacks Spyware and malware Viruses and worms Phishing Identity theft Information leaks 2013 Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, Agile Security and the Agile Security logo, Before, During, and After, ClamAV, FireAMP, FirePOWER, FireSIGHT and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. 7.13 REV4B 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information