The Sourcefire Defense Center® management console is the “nerve center” of Sourcefire's network security solutions. It provides a powerful, easy-to-use interface for categorizing events, generating recurring reports, scheduling automated Snort rule updates, configuring policies, and displaying customizable dashboards to quickly communicate sensor feedback.
We offer a range of Next-Generation IPS (NGIPS) and Next-Generation Firewall (NGFW) solutions to address different network needs across physical and virtual environments, and we complement these solutions with tailored Defense Center management consoles that offer robust features, including:
Aggregating and Monitoring Events for Centralized Network Defense: All intrusion events are sent securely from Sourcefire sensors to the Defense Center for centralized storage and analysis. Each Defense Center correlates attacks with real-time network and vulnerability intelligence to assign an “Impact Flag” rating denoting the relevance and severity of the attack. This enables IT Security to weed out false positives and irrelevant attacks, dramatically reducing—by up to 99%—the number of alerts requiring analysis, saving considerable time and effort.
Customizable Dashboards, Context Explorer, Reports, and Alerts: Each Defense Center features an individually customizable, portal-like dashboard with dozens of pre-defined and customizable drag-and-drop “widgets” displaying critical information in the form of tables and graphs. Dashboard benefits include interactive drill-down, granular administrative privileges, and dashboard tab cycling. Users can tailor the dashboard to their role within the organization and share their dashboard with peers. Using Context Explorer the Defense Center enables users to visualize and explore a range of contextual information including top-used applications and hosts. Defense Center also provides customers with fully customizable reports and alerts. Users can choose from a variety of pre-defined report templates or create custom reports to meet their reporting needs. Reports can be generated in PDF, HTML, and CSV formats, while alerts can be sent via syslog, SNMP, and email.
Centralized Policy Management: With Defense Center, users have complete control over policies and configuration of up to 150 Appliances from a single management console. Policies can be distributed down to all underlying appliances, to individual appliances, or to appliance groups. The policy management facility on the Defense Center gives users the ability to create, modify, and review policies. Locating individual rules for examination is aided by an expanded keyword search capability, and understanding changes between two policy versions occurs with a side-by-side comparison view that highlights changes. Our innovative policy layering enables users to make changes that affect many or all policies. It also enables users to determine a hierarchy of policy layers that is most relevant for their organization and network.
Powerful Integration with Third-party Systems: Sourcefire makes integration with other best-of-breed technologies possible through four powerful, feature-rich Application Program Interfaces (APIs). Our remediation API can communicate with firewalls, routers, vulnerability scanners, patch managers, and other systems based on triggered events. The eStreamer™ API can stream security, compliance, and sensor health events to SIEMs, log managers, and network management systems. Additionally, our event database can be accessed via a JDBC connector to generate reports from third-party reporting tools such as Crystal Reports™. The host input API can accept endpoint intelligence into its RNA host database to improve accuracy. Sourcefire also provides a selection of other third-party interfaces, including syslog, SNMP, and more.
Sourcefire Master Defense Center for Enterprise Scalability: For large enterprises or organizations with distributed IT personnel, a single Defense Center appliance can be configured in Master Defense Center (MDC) mode to manage up to 10 subordinate Defense Centers, effectively enabling the management of hundreds of Sourcefire appliances from a single management console.
Malware has changed dramatically since the first PC viruses appeared nearly 25 years ago. Today, malware is more sophisticated and evolving more quickly than ever before. Many customers find it impossible to keep up. Recent Sourcefire research suggests that as many as 75% of new attacks are seen on a single system.
Sourcefire FireAMP is the only solution that provides the visibility and control you need to stop threats missed by other security layers. FireAMP is an intelligent, enterprise-class advanced malware analysis and protection solution that uses big data to discover, understand and block advanced malware outbreaks, advanced persistent threats (APTs) and targeted attacks. For the first time customers can get answers to questions like:
• Where did the attack start?
• How did it spread?
• How can the outbreak be controlled?
FireAMP uses more than 400 characteristics associated with each file for advanced malware analysis and malware protection.
AMPlify Your Security
Visibility: See more than ever before. Identify the root cause of the threat, how it has spread, and the specific behavior of the malware.
Control: Contain outbreaks and block future attacks. FireAMP offers Outbreak Control to tag and quarantine malware and Cloud Recall™ for malware removal on affected systems without a full scan.
Enterprise-ready: Scale protection. FireAMP works with existing security layers, for example intrusion detection and prevention (IDS/IPS), next-generation firewall (NGFW), and other anti-malware solutions, as part of a defense-in-depth strategy and delivers the performance, manageability, and scalability that organizations require.
Living in the world of cybersecurity is tough. Threats are growing, and the good guys are often out-gunned. With attack vectors becoming more sophisticated and network bandwidth exploding, you find yourself in need of smarter security appliances and greater throughput. Unfortunately the more appliances you buy, the more power and rack space you’re consuming. It’s expensive, and you’d like to make sure your network is running as efficiently as possible. How can security solutions manage these seemingly contradictory requirements?
Unmatched Performance: Consider a technology that delivers unmatched performance—industry-leading performance capable of supporting the most demanding networks with <150µs latency.
Energy Efficient: What if you could have this unmatched performance packed into an energy-efficient security solution with more processing power and throughput per rack unit so you can do more with less?
Flexible Security Architecture: What if this technology also gave you a flexible, enterprise security architecture, the smartest way to buy the best network threat protection available, with the capability to deliver and accelerate any network security technology you need:
• Intrusion Prevention Systems (IPS)
• Next-generation IPS (NGIPS) with contextual awareness
• Next-generation firewall (NGFW)
• And more!
Advanced Threat Protection: And to help you fight the latest threats to your network, what if it also delivered advanced malware protection with a software-enabled supscription add-on to support malware detection/blocking, continuous analysis, and retrospective alterting with the ability to leverage Sourcefire's vast cloud security intelligence?
Introducing FirePOWER Technology from Sourcefire
FirePOWER is a unique technology that supports a range of Sourcefire security solutions with unmatched performance, threat protection and energy efficiency.
You can't protect what you can't see. Network security solutions that are configured to standard “default” policies are blind to changes on the network. As new systems and applications emerge, most security systems won't even notice, let alone respond. Network behavior—such as unexpected connections and sessions, an important sign of a possible breach—passes unnoticed.
Sourcefire is different. We realized long ago that in order to be agile and provide required protection, security solutions need total network visibility, including physical and virtual hosts, operating systems, applications, services, protocols, users, content, network behavior as well as network attacks and malware.
Sourcefire FireSIGHT technology is built into all Sourcefire next-generation security solutions—NGIPS and NGFW—to provide the network intelligence and "context" you need to respond to changing conditions and threats. The visibility and automation provided by FireSIGHT technology make networks more secure and reduce operational costs.
The Power of FireSIGHT Technology—Control in Context
• Optimize defenses and system performance by automating protection policy updates based on network changes
• Reduce the number of "actionable" security events by up to 99% by correlating threats against target operating systems and applications and their inherent vulnerabilities
• Know instantly who to contact when an internal host is affected by a client-side attack
• Be alerted when a host violates a configuration policy or attempts to access and unauthorized system
• Detect the spread of malware by baselining “normal” network traffic and detecting network anomalies
Next Generation Firewall
“Next-generation network IPS will be incorporated within a next-generation firewall, but most next-generation firewall products currently include first-generation IPS capabilities.”
-- “Defining Next-Generation Network Intrusion Prevention,” Gartner, 7 October 2011
The rate of change in IT environments is unprecedented. At the same time, attacks are coming at a rapid pace and with an increasing level of sophistication. In an attempt to provide effective protection, NGFWs have added application control to the access control capabilities provided by traditional firewalls. This isn’t enough.
With the Sourcefire Next-Generation Firewall, Sourcefire extends the power of Agile Security® and its leadership in Next-Generation IPS (NGIPS) to NGFWs. For the first time, customers can support access and application control policies today without sacrificing protection tomorrow.
The Sourcefire NGFW is the only solution of its kind to add best-in-class threat prevention and robust access and application control to advanced firewall capabilities. In fact, because our roots are in threat prevention we deliver the first NGFW based on an industry-leading NGIPS. In NSS Labs' 2012 NGFW Product Analysis Report, Sourcefire set a new standard in security effectiveness, protecting against 99 percent of all attacks and demonstrating superior performance and total cost of ownership.
What a Next-Generation Firewall Should Be
Designed for organizations that want ultimate flexibility to deploy appliances to match their infrastructure needs and scale over time, the Sourcefire NGFW delivers unique advantages to combat threats in today’s real world:
• Total Network Visibility: Sourcefire realized long ago that you can’t protect what you can’t see. Our FireSIGHT™ technology gives you passive, real-time visibility of hosts, applications, operating systems, users, content, attacks, and more.
• Advanced Threat Protection: Protecting for the latest threats, Sourcefire delivers the best threat prevention that money can buy as validated by independent third-party testing and thousands of satisfied customers around the world.
• Control Without Compromise: With NGIPS built-in, you get third-party validated, best-in-class threat prevention as part of your NGFW. When combined with granular application and URL access control down to the individual user, you’ve got the total network protection you need today and tomorrow.
• Intelligent Security Automation: Because there aren’t enough hours in the day or people on staff to keep pace with changing environments and threats, Sourcefire NGFW allows you to automate more administrative functions than any other NGFW solution.
• Unparalleled Performance and Scalability: You need more protection but you also need to maintain network performance. Our appliances, based on single-pass architecture and FirePOWER™ technology, deliver stateful firewall inspected throughput options ranging from 40Gbps down to 1Gbps with minimal degradation as security functions are added.
• Advanced Malware Protection for FirePOWER™ (Optional): Defeat malware across the network with malware detection/blocking, continuous analysis and retrospective alerting that leverage Sourcefire's vast cloud intelligence. Available via a subscription add-on to FirePOWER NGFW appliances. Simply software-enable these additional protections when you're ready - no need for limited-purpose malware appliances that add further complexity.
Next Generation IPS
Sourcefire 3D® System
Addressing Today's Highly Dynamic Networks
Today's networks are highly dynamic. New technologies add complexity, and the number and type of applications and systems on your network continues to grow. Information security risks multiply in number and scale as attackers become more sophisticated—and stealthy. Employees and contractors come and go, while customers and business partners demand ever more online access to applications, breaking down traditional barriers and enforcement points. Security specialists focus more time, energy, and budget to protect sensitive corporate resources—yet network breaches continue to occur.
The problem? While networks are increasingly dynamic, most security systems remain dangerously static.
These static systems don't understand the context of the networks they protect—leaving administrators to sort through a growing number of alerts and alarms to determine which are relevant, let alone a real risk. Static systems require constant manual tweaking and tuning to address changing threats and network resources. Plus, they lack an understanding of who is using the network and which individuals are affected by security incidents.
Sourcefire has leveraged years of experience in protecting some of the largest and most demanding network environments in the world to develop the industry’s first—and only—adaptive intrusion prevention solution, the Sourcefire 3D® System. The 3D System uniquely identifies and responds to changes in network infrastructure. With a detailed understanding of the devices, applications, and services deployed on the network, and their potential vulnerabilities, the 3D System escalates warnings of meaningful attacks, while suppressing unimportant and irrelevant events—allowing security analysts to focus their time and attention on the attacks that represent a real threat.
The award-winning Sourcefire 3D System is comprised of three purpose-built appliance product lines—Sourcefire Defense Center®, Sourcefire 3D® Sensors, and Sourcefire SSL Appliances:
Sourcefire Defense Center is a powerful, yet easy-to-use centralized management console that correlates threats against network and vulnerability intelligence. Defense Center provides centralized command and control of 3D Sensors, including centralized event aggregation and 3D Sensor policy administration.
Sourcefire 3D Sensors are fault-tolerant, purpose-built appliances available with throughputs from 5Mbps up to 10Gbps. 3D Sensors passively aggregate network and user intelligence while defending the network against internal and external threats. Each 3D Sensor is capable of running Sourcefire IPS™, RNA® (Real-time Network Awareness), RUA® (Real-time User Awareness), and NetFlow Analysis modules.
Sourcefire SSL Appliances decrypt Secure Sockets Layer (SSL) traffic at 1Gbps line rate to enable existing security appliances to effectively inspect SSL traffic. The SSL Appliance operates transparently on the network and supports both passive and inline network configurations. Plus, the plug-and-protect approach minimizes deployment and operational costs while closing the security loophole that SSL creates.
In addition to traditional physical appliances, the 3D System is also available in virtual appliance form. The Sourcefire Virtual Defense Center™ and Sourcefire Virtual 3D Sensor™ bring Sourcefire network security functionality to VMware virtual environments. As an added benefit, 3D virtual components are completely interoperable with their physical counterparts, enabling maximum flexibility in deployment and operation. 3D Sensor Software Modules Each Sourcefire 3D Sensor is capable of running any combination of the following four software components:
Sourcefire IPS™ (Intrusion Prevention System) provides best-in-class intrusion detection and prevention by harnessing the power of the industry-standard Snort® rules-based detection engine. Backed by the acclaimed Sourcefire Vulnerability Research Team™ (VRT), Sourcefire delivers its customers unrivaled protection against known and unknown threats.
Sourcefire RNA® (Real-time Network Awareness) passively monitors networks 24x7 to deliver real-time, comprehensive network intelligence, including operating systems, services, applications, protocols, and potential vulnerabilities. RNA automates key IPS functions while fueling additional Sourcefire network security solutions, including Network Visibility, Network Behavior Analysis (NBA), and IT Policy Compliance.
Sourcefire RUA® (Real-time User Awareness) correlates Active Directory and LDAP usernames with host IP addresses involved in security and compliance events. RUA dramatically reduces the time needed to uncover user identity and contact information by 95% or more. Security teams can resolve security and compliance incidents more quickly, when time is of the essence.
Sourcefire NetFlow Analysis is an optional component of Sourcefire's NBA solution. By aggregating and analyzing NetFlow from routers and switches, NetFlow Analysis affords IT Security additional means for uncovering inside threats and Network Operations additional means for evaluating bandwidth provisioning and troubleshooting network outages and performance degradations.