The Sourcefire 3D System will offer expanded intrusion prevention capabilities.Sourcefire is building on the management and automation features of its
flagship Sourcefire 3D System as the company looks to win over more customers
to its intrusion prevention technology.
With Sourcefire 3D System 4.8, the company has built out its intrusion
prevention capabilities with technology meant to automatically configure rules
to monitor traffic on standard and nonstandard ports in use on the network as
well as to thwart attempts to disguise attacks. The latter feature, dubbed
Adaptive Traffic Profiles, improves the security and effectiveness of the IPS
(intrusion prevention system) by processing segmented and fragmented traffic in
the same manner as the targeted host operating system.
"We know more about the network; we know more about the threats; we
know more about the users on the system. So we can just be a better IPS
in general," said Michele Perry, the company's chief marketing officer.
"It's just a smarter system across the board."
Listed in the Leader's Quadrant in Gartner's "Magic Quadrant for
Network Intrusion Prevention System Appliances, 1H08", Sourcefire
nonetheless reported a loss for fiscal year 2007. CEO
Wayne Jackson announced in February that he would step down but remain on until
the company found a new leader.
Sourcefire may be bouncing backrevenue in the first quarter of fiscal 2008
showed a 31 percent year-over-year increase from the same period in 2007.
However, in its first-quarter 2008 earnings, the company still reported a
net loss of $3.5 million.
"We see Sourcefire as well positioned to take on others in the highly
competitive IPS market, including
TippingPoint [Technologies], IBM ISS
[Internet Security Systems] and McAfee, because its Sourcefire 3D System has
solid attack detection and prevention technology and throughput options of up
to 10G bps," said Charlotte Dunlap, an analyst with Current Analysis.
Sourcefire's adaptive IPS functionality
is also important because it leverages endpoint intelligence through Sourcefire
RNA (real-time network analysis), and
automates the process of giving impact ratings to events based on the
characteristics of a network, Dunlap explained.
Click here to read more about Sourcefire's adaptive IPS.
According to Perry, the company's technology profiles the user's network.
The RNA-recommended rules can be used
to help administrators determine what rules they should have governing a
network.
Sourcefire has automated the process of downloading, importing and applying
Snort rule updates.
The product includes a new customizable dashboard interface for monitoring
security and compliance events. The dashboard features a library of more than
two dozen drag-and-drop widgets for monitoring IPS
events, compliance violations, 3D Sensor performance, license usage and version
information, company officials said.
It also includes an RSS Feed Widget for receiving security advisories from
Sourcefire, The SANS Institute and other sources, as well as a Top 10 Widget Builder
that lets users create new widgets to monitor aspects of the 3D System.
The company has also added GRE (generic routing encapsulation) and
BitTorrent decoding and improved the product's packet-level forensic
capabilities to allow deeper application layer insight.
Sourcefire 3D System 4.8 is slated to be generally
available in the third quarter.
Network Security & Hardware 
