Sourcefire Next-Gen Firewall Delivers Context-Aware IPS, Threat Blocking

Intrusion-prevention system expert Sourcefire is expanding into the next-generation firewall market with a new context-aware appliance that analyzes applications on the network.

Sourcefire is expanding its network-security portfolio with a new next-generation firewall to provide context awareness and deep packet-inspection capabilities.

The new product line combines next-generation firewall, context-aware technologies, integrated application control and intrusion-prevention systems into a single appliance, the company said Dec. 5. Expected to ship Dec. 23, the two appliances provide enterprises with visibility, adaptive security and advanced threat protection, the company said.

The 3D8140 NGFW Edition is a 1U appliance with up to 10G bps firewall stateful packet inspection and 6G bps threat inspected throughput. The 3D8250 NGFW Edition is 2U in size, and provides up to 20G bps of packet inspection and 10G bps threat-inspected throughput. The appliances combine the company's existing intrusion-prevention system with the new firewall capabilities. The company plans to expand the next-generation firewall line by integrating the capabilities into the existing IPS platform, the 3D7000.

"As enterprises seek to increase their protection efforts, they are looking for solutions that offer the agility to be effective in the face of modern threats," said Martin Roesch, Sourcefire founder and CTO.

Organizations are beginning to question the efficiency of traditional firewalls, which generally scan and block traffic on the port level, Roesch wrote on the Sourcefire blog. Customers were interested in the application controls available with next-generation firewalls, but "were hesitant" to make the shift due to performance and quality concerns, Roesch said. Existing products "cobble together inferior components" that are linked to traditional firewalls and are "bolted on" to basic intrusion-detection systems, according to Roesch.

The new Sourcefire appliances can be a next-generation firewall, intruder-prevention system, or an IPS with application control. "Large organizations need flexibility and scalability in their organizations and that doesn't just come down to speeds and feeds," Roesch wrote.

Sourcefire announced their plans to enter the firewall space just over a year ago. Next-generation firewalls add filtering capabilities for the application layer to give administrators some context for the packets flowing across the network. The IPS market is expected to reach $2 billion by 2014, and the market for next-generation firewalls will reach $4 billion, Sourcefire said.

The next-generation firewall provides increased protection for Sourcefire customers by combining the ability to identify and provide granular controls for more than 1,000 applications, Sourcefire said. Despite the importance of application controls and threat-prevention capabilities, Sourcefire does not downplay the need for firewalls, Roesch said.

Customers are expected to gradually deploy context-aware controls to understand what kinds of applications are being used even while they keep traditional firewalls in place, according to Sourcefire.

Companies want "true integration at the engine level," Roesch wrote.

An optional URL Filtering Service provides granular control over Website access and content. The FireSIGHT intelligence technology provides context awareness to give administrators and security professionals total visibility of what is happening on the network as well as to take advantage of intelligent security automation to block threats. The Sourcefire 3DS system split out the packet-filtering classification from the decision and analysis components in the firewall so that it can be load-balanced across multiple processors.