Sourcefire Takes IPS Plunge

With the introduction of its 3D Product Suite, the company is taking the plunge into intrusion prevention systems, where it hopes to challenge NAI.

The intrusion prevention market was once the province of a smattering of small players, all fighting to make a name for themselves and attract the attention of customers and potential acquisition partners.

That strategy worked for many companies, and Network Associates Technology Inc. and Cisco Systems Inc. now stand as the top two IPS vendors, having entered the market through acquisitions.

Still, there are a handful of independent companies making noise in the market, and this week one of them, Sourcefire Inc., is taking the plunge into intrusion prevention systems with the introduction of its 3D Product Suite.

The bundle is a leap forward for the company, which until now has specialized in intrusion detection and vulnerability management. But Sourcefire wont have the attention of IT managers all to itself, as NAI also is announcing major upgrades to both its IPS products this week.

The biggest advance in the NAI releases is in IntruShield 2.1, the companys network IPS appliance, which can now find and stop attacks in SSL (Secure Sockets Layer) traffic.

To do this, the IntruShield box holds the SSL decryption key and decrypts and inspects all incoming traffic. It drops malicious packets and forwards the good packets to their destinations.

Typically, network IPS and IDS (intrusion detection system) boxes simply allow SSL traffic to pass through uninspected because they dont have the ability to decrypt it. This, in turn, has allowed attackers to hide malicious traffic in encrypted streams.

IntruShield 2.1 also includes an internal firewall capable of blocking traffic on internal network segments and a virtual firewall that can be configured to protect VLAN (virtual LAN) segments or individual servers. Entercept 5.0, the host IPS offering, now has silent agent deployment, as well as an integrated process firewall designed to be a last line of defense between the Internet and the host.

NAI, based in Santa Clara, Calif., with its new releases will integrate event management from IntruShield and Entercept into one console.

"The integration is something I would expect them to do—they have to. But they also should be differentiating on their product portfolio," said Pete Lindstrom, an analyst at Spire Security LLC, in Malvern, Pa. "Theyre the only ones with both host and network IPS. That could be used to set up a kind of IPS perimeter."

/zimages/1/28571.gifClick here for a column on intrusion protection.

Meanwhile, Sourcefire is hoping to give NAI a run for its money with its 3D Product Suite, which includes its Intrusion Sensor 4.0, RNA Sensors and the Defense Center management console. The new Intrusion Sensors benefit from an update to the Snort rules language that allows any rule to drop malicious packets or replace them with harmless ones.

The suite components are in beta now, and the full solution will be available next quarter, officials said.

/zimages/1/28571.gifCheck out eWEEK.coms Security Center at for the latest security news, reviews and analysis.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page