The Sourcefire 3DSystem provides intelligent, dynamic network security products that adapt to real-time threats and changes, enabling you to fully protect your network before, during, and after an attack.
Today’s networks are highly dynamic. New technologies add complexity, and the number and type of applications and systems on your network continues to grow. Information security risks multiply in number and scale as attackers become more sophisticated—and stealthy. Employees and contractors come and go, while customers and business partners demand ever more online access to applications, breaking down traditional barriers and enforcement points. Security specialists focus more time, energy, and budget to protect sensitive corporate resources—yet network breaches continue to occur.
The problem? While networks are increasingly dynamic, most security systems remain dangerously static.
These static systems don’t understand the context of the networks they protect—leaving administrators to sort through a growing number of alerts and alarms to determine which are relevant, let alone a real risk. Static systems require constant manual tweaking and tuning to address changing threats and network resources. Plus, they lack an understanding of who is using the network and which individuals are affected by security incidents.
Sourcefire has leveraged years of experience in protecting some of the largest and most demanding network environments in the world to develop the industry’s first—and only—adaptive intrusion prevention solution, the Sourcefire 3D System. The 3D System uniquely identifies and responds to changes in network infrastructure. With a detailed understanding of the devices, applications, and services deployed on the network, and their potential vulnerabilities, the 3D System escalates warnings of meaningful attacks, while suppressing unimportant and irrelevant events—allowing security analysts to focus their time and attention on the attacks that represent a real threat.
Sourcefire 3D Sensors are fault-tolerant, purpose-built appliances available with throughputs from 5Mbps up to 10Gbps. 3D Sensors passively aggregate network and user intelligence while defending the network against internal and external threats. Each 3D Sensor is capable of running Sourcefire IPS, RNA (Real-time Network Awareness), RUA (Real-time User Awareness), and NetFlow Analysis modules
Intrusion Prevention System (IPS System):
Built on the foundation of the award-winning Snort rules-based detection engine, Sourcefire IPS (Intrusion Prevention System) uses a powerful combination of vulnerability- and anomaly-based inspection methods—at throughputs up to 10 Gbps—to analyze network traffic and prevent critical threats from damaging your network. Whether deployed at the perimeter, in the DMZ, in the core, or at critical network segments, and whether placed in inline or passive mode, Sourcefire’s easy-to-use IPS appliances provide comprehensive threat protection.
Sourcefire RNA (Real-time Network Awareness):
Sourcefire RNA (Real-time Network Awareness) is an innovative, passive sensing technology that provides real-time network intelligence to the Sourcefire 3D System. RNA enables organizations to confidently protect their dynamic networks through a unique, patented combination of passive network discovery, network flow analysis, and targeted vulnerability assessment technologies.
Sourcefire RUA (Real-time User Awareness):
Sourcefire RUA (Real-time User Awareness) enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information—equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. Much more than a stand-alone user identity product, RUA enhances the Sourcefire 3D System by directly correlating individual user IDs with specific IP addresses, traffic, and events.
RUA empowers administrators to mitigate risk, block users or user activity, and take action to protect others from disruption—tightening security without hindering business operations or employee productivity. These capabilities also will significantly improve customers' audit controls, enhance regulatory compliance, and enable remediation policies to be set based on user identity.
RUA uses LDAP and Active Directory domains as its sources of data to build user intelligence. It eliminates the manual efforts to track users, shortens the time it takes to track down the location of exploited hosts, has no network impact, and uses the same data collection sensors as Sourcefire IPS (Intrusion Prevention System) and Sourcefire RNA (Real-time Network Awareness).
Sourcefire NetFlow Analysis:
The best approach to network security is one of layered defenses, commonly referred to as "Defense in Depth." Relying on perimeter-based firewalls and IPSes alone does nothing to guard against attacks that originate from the inside—whether an attack is initiated by a malicious insider or a worm is unknowingly propagated by a trusted employee. Fortunately, a new approach to defending the internal network has emerged. An approach that not only augments existing Information Security defenses, but also offers collateral benefits to solving everyday Network Operations challenges.
Network Behavior Analysis, or NBA, was originally fueled by rampant outbreaks of computer-based worms (e.g., Zotob, AnnaKournikova, Mydoom, Sasser). NBA technology has evolved over time to augment a company’s IT compliance enforcement capabilities, while providing new capabilities for monitoring bandwidth utilization and troubleshooting network outages and performance degradations. As a result, NBA technology is bridging the gap between Information Security and Network Operations by providing a unified framework for solving daily challenges faced by both organizations.