Sourcefire Defense Center
The Sourcefire Defense Center® (DC) management console is the "nerve center" of the Sourcefire 3D® System. It provides a powerful, yet easy-to-use, interface for aggregating and monitoring security and compliance events, generating reports and configuring alerts, and managing policies and distributing them to underlying Sourcefire 3D® Sensors.
Each DC features an individually customizable, portal-like dashboard with dozens of pre-defined and customizable drag-and-drop "widgets" displaying critical information in the form of tables and graphs. Dashboard benefits include interactive drill-down, granular administrative privileges, and dashboard tab cycling. Users can tailor the dashboard to their role within the organization and share their dashboard with peers.
*No single sensor larger than Sourcefire 3D2100
Aggregating and Monitoring Events for Centralized Network Defense
All intrusion events are sent securely from 3D Sensors to Defense Center for centralized storage and analysis. Each DC correlates attacks with real-time network and vulnerability intelligence to assign an "Impact Flag" rating denoting the relevance and severity of the attack. This enables IT Security to weed out false positives and irrelevant attacks, dramatically reducing—by up to 99%—the number of alerts requiring analysis, saving considerable time and effort.
Customizable Reports and Alerts
Defense Center provides customers with fully customizable reports and alerts. Users can choose from a variety of pre-defined report templates or create custom reports to meet their reporting needs. Reports can be generated in PDF, HTML, and CSV formats, while alerts can be sent via syslog, SNMP, and email.
Centralized Policy Management
With Defense Center, users have complete control over policies and configuration of up to 100 3D Sensors from a single management console. Sourcefire IPS™ (Intrusion Prevention System) and Sourcefire RNA® (Real-time Network Awareness) policies can be distributed down to all underlying sensors, to individual sensors, or to sensor groups. Defense Center's streamlined Policy Management facility makes it simple for both experienced administrators and novices to create, modify, and review Sourcefire IPS policies. Locating individual rules for examination is easy with an expanded keyword search capability, and understanding changes between two policy versions is simple with a side-by-side comparison view that highlights changes. Sourcefire's innovative Policy Layering makes it easy for users to make changes that affect many or all Sourcefire intrusion policies. It also enables users to determine a hierarchy of policy layers that is most relevant for their organization and network.
Powerful Integration with Third-party Systems
Sourcefire offers more ways to integrate with third-party security and network management products than any other IPS vendor. Sourcefire's Remediation API can direct calls to firewalls, routers, vulnerability scanners, patch managers, and other systems based on triggered events. Its eStreamer™ interface can stream security, compliance, and sensor health events to SIEMs, log managers, and network management systems. And Sourcefire's Host Input API can input externally compiled endpoint intelligence into its RNA Host Database. Sourcefire also provides a selection of other third-party interfaces, including syslog, SNMP, and more.
Sourcefire Master Defense Center for Enterprise Scalability
For large enterprises or organizations with distributed IT personnel, a single DC3000 appliance can be configured in Master Defense Center (MDC) mode to manage up to 10 subordinate DCs, effectively allowing the management of hundreds of 3D Sensors from a single management console.