Sourcefire Tool Promises IPS Flexibility

The Sourcefire 3D System enables users to optimize their IPS systems based on what assets are on the network.

Sourcefire is rolling out the latest version of Sourcefire 3D System, affording customers a new level of protection with what it calls an adaptive intrusion prevention system.

Unlike traditional IPS products, 3D System Version 4.7, announced Sept. 17, enables users to optimize the security and performance of their IPS systems based on the actual network assets they are protecting, said Sourcefire officials. The company has also released two other new products: Sourcefire RUA (Real-Time User Awareness) and Sourcefire NetFlow Analysis.

Sourcefire RUA links user identity to security and compliance events, pairing user names with host IP addresses involved in security and compliance events. Sourcefire NetFlow Analysis extends the reach of the companys Sourcefires NBA (Network Behavior Analysis) tool to corners of the network where Sourcefire Real-Time Network Awareness Sensors do not exist.

Steve Piper, director of product marketing at Sourcefire, headquartered in Columbia, Md., said the technology will allow the company to leapfrog ahead of the competition.


Click here to read about Sourcefires acquisition of ClamAV.

"Most of our IPS competitors provide a one-size-fits-all default IPS policy for use by everyone," he said. "In contrast, Sourcefires IPS constantly adapts to customer networks, through our RNA-Recommended Rules capability, so that the IPS is always optimized with rules that are aligned with the resources being protected."

Hence the title, Adaptive IPS technology. Organizations can tighten network security by leveraging endpoint intelligence aggregated by Sourcefire RNA, Nessus, Nmap and other endpoint intelligence tools to propose, enable or disable Snort IPS rules based on the actual assets protected on the network, Sourcefire officials said.

"For example, if a customer doesnt have any Macintosh computers on the network, then why consume IPS resources by enabling rules for Macs?" Piper asked. "But if one day a Mac suddenly appeared on the network, RNA would detect it, and then recommend Snort IPS rules to protect Macs."

The Sourcefire 3D System 4.7 release, including Sourcefire RUA and Sourcefire NetFlow Analysis, is available now through Sourcefire or through Sourcefire Solutions Network channel partners, company officials said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.