Sourcefire Builds Out IPS Technology

The Sourcefire 3D System will offer expanded intrusion prevention capabilities.

Sourcefire is building on the management and automation features of its flagship Sourcefire 3D System as the company looks to win over more customers to its intrusion prevention technology.

With Sourcefire 3D System 4.8, the company has built out its intrusion prevention capabilities with technology meant to automatically configure rules to monitor traffic on standard and nonstandard ports in use on the network as well as to thwart attempts to disguise attacks. The latter feature, dubbed Adaptive Traffic Profiles, improves the security and effectiveness of the IPS (intrusion prevention system) by processing segmented and fragmented traffic in the same manner as the targeted host operating system.

"We know more about the network; we know more about the threats; we know more about the users on the system. So we can just be a better IPS in general," said Michele Perry, the company's chief marketing officer. "It's just a smarter system across the board."

Listed in the Leader's Quadrant in Gartner's "Magic Quadrant for Network Intrusion Prevention System Appliances, 1H08", Sourcefire nonetheless reported a loss for fiscal year 2007. CEO Wayne Jackson announced in February that he would step down but remain on until the company found a new leader.

Sourcefire may be bouncing back-revenue in the first quarter of fiscal 2008 showed a 31 percent year-over-year increase from the same period in 2007. However, in its first-quarter 2008 earnings, the company still reported a net loss of $3.5 million.

"We see Sourcefire as well positioned to take on others in the highly competitive IPS market, including TippingPoint [Technologies], IBM ISS [Internet Security Systems] and McAfee, because its Sourcefire 3D System has solid attack detection and prevention technology and throughput options of up to 10G bps," said Charlotte Dunlap, an analyst with Current Analysis.

Sourcefire's adaptive IPS functionality is also important because it leverages endpoint intelligence through Sourcefire RNA (real-time network analysis), and automates the process of giving impact ratings to events based on the characteristics of a network, Dunlap explained.

Click here to read more about Sourcefire's adaptive IPS.

According to Perry, the company's technology profiles the user's network. The RNA-recommended rules can be used to help administrators determine what rules they should have governing a network.

Sourcefire has automated the process of downloading, importing and applying Snort rule updates.

The product includes a new customizable dashboard interface for monitoring security and compliance events. The dashboard features a library of more than two dozen drag-and-drop widgets for monitoring IPS events, compliance violations, 3D Sensor performance, license usage and version information, company officials said.

It also includes an RSS Feed Widget for receiving security advisories from Sourcefire, The SANS Institute and other sources, as well as a Top 10 Widget Builder that lets users create new widgets to monitor aspects of the 3D System.

The company has also added GRE (generic routing encapsulation) and BitTorrent decoding and improved the product's packet-level forensic capabilities to allow deeper application layer insight.

Sourcefire 3D System 4.8 is slated to be generally available in the third quarter.