SourceFire 3D System
Today's networks are highly dynamic. New technologies add complexity, and the number and type of applications and systems on your network continues to grow. Information security risks multiply in number and scale as attackers become more sophisticated—and stealthy. Employees and contractors come and go, while customers and business partners demand ever more online access to applications, breaking down traditional barriers and enforcement points. Security specialists focus more time, energy, and budget to protect sensitive corporate resources—yet network breaches continue to occur.
The problem? While networks are increasingly dynamic, most security systems remain dangerously static.
These static systems don't understand the context of the networks they protect—leaving administrators to sort through a growing number of alerts and alarms to determine which are relevant, let alone a real risk. Static systems require constant manual tweaking and tuning to address changing threats and network resources. Plus, they lack an understanding of who is using the network and which individuals are affected by security incidents.
Sourcefire has leveraged years of experience in protecting some of the largest and most demanding network environments in the world to develop the industry's first—and only—adaptive intrusion prevention solution, the Sourcefire 3D® System. The 3D System uniquely identifies and responds to changes in network infrastructure. With a detailed understanding of the devices, applications, and services deployed on the network, and their potential vulnerabilities, the 3D System escalates warnings of meaningful attacks, while suppressing unimportant and irrelevant events—allowing security analysts to focus their time and attention on the attacks that represent a real threat.
The award-winning Sourcefire 3D System is comprised of three purpose-built appliance product lines—Sourcefire Defense Center®, Sourcefire 3D® Sensors, and Sourcefire SSL Appliances:
The Sourcefire Defense Center is a powerful, yet easy-to-use centralized management console that correlates threats against network and vulnerability intelligence. Defense Center provides centralized command and control of 3D Sensors, including centralized event aggregation and 3D Sensor policy administration.
Sourcefire 3D Sensors are fault-tolerant, purpose-built appliances available with throughputs from 5Mbps up to 10Gbps. 3D Sensors passively aggregate network and user intelligence while defending the network against internal and external threats. Each 3D Sensor is capable of running Sourcefire IPS™, RNA® (Real-time Network Awareness), RUA® (Real-time User Awareness), and NetFlow Analysis modules.
Sourcefire Appliances decrypt Secure Sockets Layer (SSL) traffic at 1Gbps line rate to enable existing security appliances to effectively inspect SSL traffic. The SSL Appliance operates transparently on the network and supports both passive and inline network configurations. Plus, the plug-and-protect approach minimizes deployment and operational costs while closing the security loophole that SSL creates.
In addition to traditional physical appliances, the 3D System is also available in virtual appliance form. The Sourcefire Virtual Defense Center™ and Sourcefire Virtual 3D Sensor™ bring Sourcefire network security functionality to VMware virtual environments. As an added benefit, 3D virtual components are completely interoperable with their physical counterparts, enabling maximum flexibility in deployment and operation. 3D Sensor Software Modules Each Sourcefire 3D Sensor is capable of running any combination of the following four software components:
Sourcefire IPS (Intrusion Prevention System) provides best-in-class intrusion detection and prevention by harnessing the power of the industry-standard Snort® rules-based detection engine. Backed by the acclaimed Sourcefire Vulnerability Research Team™ (VRT), Sourcefire delivers its customers unrivaled protection against known and unknown threats.
Sourcefire RNA (Real-time Network Awareness) passively monitors networks 24x7 to deliver real-time, comprehensive network intelligence, including operating systems, services, applications, protocols, and potential vulnerabilities. RNA automates key IPS functions while fueling additional Sourcefire network security solutions, including Network Visibility, Network Behavior Analysis (NBA), and IT Policy Compliance.
Sourcefire RUA (Real-time User Awareness) correlates Active Directory and LDAP usernames with host IP addresses involved in security and compliance events. RUA dramatically reduces the time needed to uncover user identity and contact information by 95% or more. Security teams can resolve security and compliance incidents more quickly, when time is of the essence.