SlideShare uma empresa Scribd logo

SourceFire IPS Overview

GuardEra Access Solutions, Inc.
GuardEra Access Solutions, Inc.

Sourcefire provides intrusion prevention systems (IPS) that use the Snort detection engine to analyze network traffic and prevent threats. Their IPS offerings include appliances of varying throughput levels, from 5Mbps up to 10Gbps. The IPS provides out-of-the-box protection policies and the ability to customize rules. Sourcefire's Adaptive IPS uses passive network monitoring to provide real-time network awareness and automatically tune the IPS based on the monitored network environment. This helps optimize IPS protection and reduce manual analysis of security events. The Defense Center provides centralized management of sensors and event analysis across the Sourcefire 3D system.

Tecnologia
1 de 7
Baixar para ler offline
Sourcefire IPS™ (Intrusion Prevention System) Unparalleled Intrusion Detection and Prevention It’s 3 am. A hacker is hard at work trying to break into your network. Not for kicks, but for dollars. Is your network secure? Learn why more organizations depend on Snort® than any other intrusion prevention technology worldwide, and why thousands of enterprises rely on Sourcefire’s award-winning, ICSA-certified IPS to secure networks before, during, and after an attack. Key Sourcefire IPS Capabilities EMBRACE THE NEXT GENERATION OF INTRUSION PREVENTION • Industry-standard Snort IPS Stop Threats in Their Tracks detection engine Built on Snort, the de facto standard for intrusion detection and prevention • Dynamic Snort ruleset offering protection from constantly- (IDS/IPS), the award-winning Sourcefire 3D® System provides customers with evolving vulnerabilities a “Discover, Determine, Defend” framework, enabling you to discover threats • Open rules language—view, edit, accurately as they occur, determine their impact and severity, and defend your & create network by stopping threats in their tracks. Whether deployed at the perimeter, • Inline IPS & passive IDS modes in the DMZ, in the core, or at critical network segments, and whether placed in • Reports, alerts, & dashboards inline or passive mode, Sourcefire’s IPS appliances protect your network against • Multiple default IPS policies worms, Trojans, spyware, port scans, buffer overflow attacks, zero-day attacks, • Third-party integration APIs and much, much more. • Packet-level forensics • Sophisticated, customizable Plug-n-Protect Simplicity workflows Today’s resource-tapped IT organizations must work smarter, not harder, to • LDAP & RADIUS support defend against today’s dynamic threat landscape. The plug-n-protect nature of • Plug-n-Protect features Sourcefire’s purpose-built IPS appliances enables customers to easily install and • High availability features configure their IPS, with minimal effort and training. For customers with limited IT security resources, the process of tuning an IPS can be fully automated to Plug-n-Protect Features ensure that each IPS is continuously optimized to protect your changing network • Purpose-built IPS appliance environment. • Easy installation & configuration • Adaptive IPS (automated IPS Sourcefire’s IPS Meets Your Needs—Today and Tomorrow tuning) Most providers offer a “one-size-fits-all” IPS, but Sourcefire is different. Our • Automated VRT rule updates solution is divided into three simple customer protection phases—IPS, Adaptive IPS, and Enterprise Threat Management (ETM)—with each phase building upon the benefits and features of the previous one, adding capabilities to optimize a “I’m convinced RNA was company’s network protection. the differentiating factor that made Sourcefire the obvious ENTERPRISE choice. Even without RNA, the THREAT Sourcefire IPS would have been MANAGEMENT our preference, but the RNA component makes us work ADAPTIVE much more efficiently. ” IPS Greg Clayton, Assistant VP and Network Security Manager, BankersBank Card Services IPS Figure 1. Unlike other IPS vendors that provide a “one-size-fits-all” IPS, Sourcefire’s solution is divided into three customer protection phases that scale with your organization’s needs.
IPS Key Benefits IPS—THE FOUNDATION OF THE SOURCEFIRE 3D SYSTEM • Best-in-class intrusion defense Snort – the De Facto Standard for Intrusion Prevention • Easy to use Designed for customers with basic intrusion • Extensive analytics prevention needs, Sourcefire’s IPS phase provides • Powerful reporting the foundation for all Sourcefire customer protection • Unrivaled scalability phases. Built on the legacy of the Snort rules-based detection engine, Sourcefire’s IPS uses a powerful Snort—the De Facto IPS combination of vulnerability- and anomaly-based Standard inspection methods to analyze network traffic and prevent critical threats from affecting your network. • Invented in 1998 by Martin Roesch, Sourcefire Founder & The Sourcefire IPS contains multiple default policies for out-of-the box blocking, CTO drawing from a vast library of open Snort rules. Open rules allow customers • Most widely-deployed IPS to verify that rules address the vulnerabilities for which coverage is claimed technology worldwide and to create new rules or modify existing ones to protect custom applications • Used by 82% of Fortune 100 and systems. Sourcefire’s IPS can be deployed in inline blocking and/or • Used by more than half of Fortune 500 passive alerting modes, and can remediate traffic to external devices, such as • Snort community has become an firewalls, routers, patch management systems, and more. Powered by the Snort entire ecosystem: detection engine, Sourcefire IPS excels with detailed packet-level forensics and » >3.7 million downloads sophisticated, customizable workflows for investigating security events as they » >225,000 registered users occur. » Dozens of Snort books published » Classes taught at colleges & Snort, created by Sourcefire, is the de facto standard for intrusion prevention universities » User groups with more than 3.7 million downloads and over 225,000 registered users. More » Discussion lists & forums organizations rely on Snort than any other intrusion prevention technology worldwide. Over the past decade, the Snort community has grown to become an entire ecosystem, from user groups, to books, to classes taught at hundreds Sourcefire Zero-Day Protection Example: of colleges and universities. More IT security professionals are familiar with Snort than any other IPS technology in the market. Sourcefire customers benefit Sourcefire Protects Against Conficker from this extensive Snort ecosystem on day one. Worm Over Two Years in Advance • August 7, 2006 – Microsoft Protection Against Known and Unknown Threats issues Security Bulletin MS06- The Sourcefire Vulnerability Research Team (VRT) works around the clock to 040 for remote code execution vulnerability in Microsoft ensure Sourcefire commercial customers and open source Snort users are Windows Server Service protected against both known and unknown threats. The VRT leads the IPS • August 9, 2006 – VRT issues rules industry in addressing Microsoft Tuesday vulnerabilities on the same day they protecting against all potential exploits of MS06-040 vulnerability are announced. • October 23, 2008 – Microsoft It’s often the unknown, zero-day threat that can be the most damaging. That’s issues Security Bulletin MS08- 067 for remote code execution why Sourcefire publishes vulnerability-based Snort rules. Snort rules offers vulnerability (similar to MS06-040) protection against any possible exploitation of a vulnerability. An IPS that relies in Microsoft Windows Server primarily on exploit-based signatures provides little-to-no protection against Service • October 23, 2008 – VRT issues zero-day threats. This was recently illustrated when Sourcefire protected its 3D rules protecting against all customers and open source Snort users more than two years in advance of the potential exploits of MS08-067 Conficker worm. vulnerability • November 21, 2008 – Conficker.A Sourcefire’s IPS appliances provide comprehensive threat protection against: worm identified, VRT rules published August 9, 2006 and • Worms • DoS attacks • Malformed traffic October 23, 2008 triggered • Trojans • Buffer overflows • Invalid headers • December 29, 2008 – Conficker.B • Backdoor attacks • P2P attacks • Blended threats worm identified, variant covered by VRT’s existing rules • Spyware • Statistical anomalies • Zero-day threats • March 4, 2009 – Conficker.C worm • Port scans • Protocol anomalies • TCP segmentation & identified, variant covered by IP fragmentation VRT’s existing rules • VoIP attacks • Application • IPv6 attacks anomalies 2
The Industry’s First-Shipping 10Gbps IPS High Availability Features Sourcefire’s purpose-built, ICSA-certified 3D • Dual power supplies Sensors are available with throughputs from • Fail-open ports 5Mbps up to the industry’s first-shipping • RAID drives 10Gbps IPS appliance. Sourcefire 3D Sensors • High availability are available with critical fault-tolerant features, configuration options such as fail-open copper and fiber ports, dual power supplies, and RAID drives, and each 3D Sensor supports an array of high availability configuration options. MODEL 3D500 3D1000 3D2000 3D2100 Supported Line 5Mbps 45Mbps 100Mbps 250Mbps Speed (IDS/IPS) MODEL 3D2500 3D3500 3D4500 3D5800 Supported Line 4Gbps 500Mbps 1Gbps 2Gbps Speed (IDS/IPS) (3Gbps inline) MODEL 3D6500 3D9800 3D9900 Supported Line 4Gbps up to 10Gbps up to 10Gbps Speed (IDS/IPS) Table 1. Sourcefire 3D Sensor Product Family Centralized Event Aggregation and Analysis Sourcefire Defense Center Key Capabilities Sourcefire’s IPS phase is intended for customers with multiple Sourcefire 3D Sensors that require centralized event aggregation and analysis. Using the • Centralized event monitoring & sensor management feature-rich, yet easy-to-use Sourcefire Defense Center® (DC) management • Customizable dashboards with console, customers can analyze events, configure and push IPS policies, numerous widgets automatically download and apply Snort rule updates, and more. For larger • Email & SNMP alerts deployments, customers can leverage Sourcefire’s Master Defense Center • Sophisticated & customizable (MDC) technology to manage multiple DCs and hundreds of 3D Sensors across reporting their entire organization. • Automated VRT rules updates • Master Defense Center (MDC) Powerful Reports, Alerts, and Dashboards scalability Sourcefire Defense Center provides customers with powerful reports, alerts, and dashboards. Customers can leverage a variety of pre-defined report templates or create custom reports to meet the needs of any organization. They can receive alerts in the form of email messages or SNMP alerts. And customers can create fully customized dashboards with dozens of drag-n-drop “widgets” that display critical information in the form of tables and graphs. 3
“During our testing, we threw lots of different types of traffic at a couple of leading IPS vendors. One IPS vendor produced alerts on 80% of the traffic we threw at it, but Sourcefire didn’t produce a single alert. We brought the Sourcefire engineer in because we thought it wasn’t working, but he said that it wasn’t producing alerts because the boxes being attacked in the test weren’t vulnerable to what was being thrown at it...he showed me proof that it was working, which was nice. ” Jeremy Pratt, Network Manager, L.A. Times Figure 2. The Sourcefire Defense Center dashboard is fully customizable and provides numerous drag-n-drop widgets that display critical security event information. Figure 3. Sourcefire fully supports a Defense-in-Depth intrusion prevention strategy by allowing Sourcefire 3D Sensors to be positioned at the perimeter, in the DMZ, in the core, and at critical internal network segments. Sourcefire Defense Center orchestrates all event aggregation, analysis, and IPS policy management. 4
Adaptive IPS Key Benefits ADAPTIVE IPS—DYNAMIC DEFENSES FOR DYNAMIC NETWORKS • Know what’s on your network—in Sourcefire RNA®—Real-Time Passive Network Intelligence real time, all the time Although Sourcefire’s IPS phase provides exceptional network threat protection, • Save time by significantly the Adaptive IPS phase is where Sourcefire surpasses all other IPS systems. reducing quantity of “actionable” security events Sourcefire’s Adaptive IPS phase is designed to help IT organizations perform • Reduce risk by ensuring IPS is more optimally and is ideal for companies with small IT security staffs. IT always optimized to protect your security professionals don’t have time to constantly “tune” their IPSes as dynamically changing network their networks change. And they don’t have time to sift through hundreds or • Helps organizations with small thousands of security events each day to try to figure out which events matter network security staffs effectively protect their networks most. IT security organizations need dynamic, intelligent network defenses to defend their highly dynamic networks against today’s dynamic threats. Sourcefire RNA Key Capabilities The technology that provides context to the Sourcefire IPS is called Sourcefire RNA (Real-time Network Awareness). Analogous to passive SONAR on a ship, • 24x7, passive, real-time network RNA provides 24x7 passive network intelligence and presents a real-time intelligence inventory of all operating systems (OSes), services, protocols, and potential • Provides real-time network/ device, state & behavior context vulnerabilities that exist on your network. By adding the RNA module to your to IPS 3D Sensors, real-time/all-the-time network intelligence is incorporated into the • Contributes to automated impact IPS, and the process of tuning the IPS and assessing security events can be assessment fully automated. • Supports automated IPS tuning • Contributes to IT policy compliance Figure 4. Sourcefire RNA works like passive SONAR on a ship, enabling you to identify friendly and non-friendly network behavior through passive network discovery 24 hours a day, seven days a week. Automated IPS Tuning and Optimization “Events requiring manual reviews have been reduced Sourcefire is the only network security provider to offer an Adaptive IPS from over 20,000,000 per solution, which is why the company is regularly depicted by leading market month down to approximately research analysts as the most visionary leader in the IPS industry. The following 2,000 per month. By using table depicts key capabilities found in Sourcefire’s Adaptive IPS phase: the Sourcefire IPS, we have been able to reduce the time Impact Flag Assessments Threat intelligence is automatically correlated against real-time and number of staff who are target host intelligence to determine the relevance and impact of dedicated to analyzing IDS data, the attack. Actionable events are typically reduced by 99% or more. re-utilizing these SOC resources for other activities. ” RNA-Recommended Rules As your network evolves, Sourcefire takes the guesswork out of determining which Snort rules to enable and disable. RNA Network Security Analyst, recommends relevant Snort rules based on the network it’s Global 500 Software Provider protecting. Snort rules can be enabled with or without human intervention. Adaptive Traffic Profiling Prevents IPS evasions by enabling the IPS to model segmented and fragmented traffic in the same manner the host OS would see it. Non-Standard Port Handling If traffic using a non-standard port is detected, such as HTTP on port 8080 (rather than port 80), applicable Snort rules will automatically be re-configured to monitor related traffic using both standard and non-standard ports. Table 2. Sourcefire’s Adaptive IPS phase incorporates real-time network intelligence to prioritize security events and automate the process of tuning your IPS. 5 Figure 1. Sourcefire RNA works like passive SONAR, enabling you to identify friendly and non- friendly network behavior through passive network discovery 24 hours a day, seven days a week.
The use of Sourcefire’s Adaptive IPS results in massive elimination of false positives and false negatives, less manual event investigation and IPS tuning by your IT security staff, lower potential for network downtime, and lower cost of operations. By having real-time knowledge of what’s running on your network, the 3D System saves you time and effort and maximizes protection of your dynamically changing network. ETM Key Benefits ENTERPRISE THREAT MANAGEMENT (ETM)—FULL DEFENSE BEFORE, DURING, AND AFTER THE ATTACK • Quickly link users to security & compliance events ETM—A Fully Integrated Approach for Complete Protection • Easily monitor & enforce Sourcefire’s Enterprise Threat Management (ETM) solution provides full IT policy compliance with compliance white lists functionality to defend your network before, during, and after an attack. ETM • Detect internal anomalies to is the combination of the world’s most powerful attack detection engine, baselined “normal” traffic enhanced by real-time network intelligence provided by RNA, completed by • Monitor bandwidth consumption a system that gives you round-the-clock knowledge of any behavioral change of your critical systems. ETM allows the Sourcefire IPS to filter out the noise • Troubleshoot network outages & performance degradations and tune itself so you can quickly react to network changes and compromises. Just enable certain RNA features and add Sourcefire RUA™ (Real-time User Awareness) to your 3D Sensors, and you have a complete solution to protect Sourcefire RUA Key Capabilities your network at any point of the attack continuum. • Links users to security & Sourcefire RUA—Link User Identity to Security and Compliance Events compliance events Sourcefire is the only IPS provider to link user identity to security and • Support for Active Directory & LDAP compliance events. Rather than sifting through Active Directory, LDAP and, • Provides full names, contact DHCP log files to determine the owner of a host under attack, Sourcefire RUA info, & more links both Active Directory and LDAP usernames to IP addresses involved in • Resolve incidents in a fraction security and compliance events. By clicking on the username, the security of the time analyst is presented with the user’s full name, department, and contact information. By leveraging Sourcefire’s ETM approach, RUA enables incidents to be resolved in a fraction of the time it would take with an IP address alone. Reduce Risk Before the Attack With the ETM phase, customers can reduce the risk in multiple ways before the attack occurs. First, with RNA’s change management capability and powerful Policy and Response (P&R) engine, IT can be notified when a new host appears on the network and/or when an existing host changes its approved configuration. Second, once RNA has inventoried network assets into its Network Map, users can create compliance white lists of approved host assets by indicating the OSes, services, applications, and protocols that can and/or cannot be used on a particular network, plus create custom compliance rules to monitor and enforce your IT acceptable-use policies. And last, by narrowing the list of approved applications and attributes, IT can better defend against both known and unknown attacks. By leveraging Sourcefire’s compliance capabilities, fueled by RNA, IT can harden network assets by shutting down unapproved systems, turning off unnecessary ports, and by applying key patches and service packs before the attack occurs. Improve Network Security and Protect Your Organization Not all threats pass through your network’s perimeter. Some threats are hand- carried on laptops right through the front door of your building. An IPS can only protect what it can see. By leveraging RNA to baseline “normal” traffic on your network, you can leverage Sourcefire to detect anomalies, such as malware propagating from host to host. ETM also enables customers to monitor bandwidth consumption and troubleshoot network outages and performance degradations. 6
TAKE THE NEXT STEP TO PROTECT YOUR NETWORK “Mapping a username to an IP address was taking us Sourcefire is the only IPS provider offering dynamic defenses against away from a backlog of other the dynamic threats aimed at your dynamic network. Sourcefire’s unique important tasks. By using capabilities include: Sourcefire RUA, what used to • A three-phased customer protection solution (IPS, Adaptive IPS, and take up to an hour now takes Enterprise Threat Management) that scales with the needs of your just a second or two. I feel company’s requirements much better knowing that I can • Best-in-class intrusion defense contact a user immediately in the event they are affected by a • 24x7 passive network intelligence through Sourcefire RNA , network attack. ” • Real-time, automated intrusion event impact assessment Tamara Fisher, Security Engineer, • Automated IPS tuning based on actual network assets protected through AutoTrader.com Adaptive IPS • User identity tracking through Sourcefire RUA • An integrated system managed from a single, easy-to-use Sourcefire Defense Center management console Sourcefire 3D System • “Manager of managers” enterprise-class scalability through Sourcefire’s Components Master Defense Center technology • Sourcefire 3D Sensor » Sourcefire IPS Module IPS ADAPTIVE IPS ETM » Sourcefire RNA Module • Best-in-class intrusion All IPS benefits, plus: All Adaptive IPS benefits, plus: » Sourcefire RUA Module defense • Know what’s on your • Quickly link users to • Sourcefire Defense Center • Easy to use for both novice network—in real time, all security & compliance & experienced users the time events • Extensive packet-level • Save time by significantly • Easily monitor & enforce forensics reducing quantity of IT policy compliance with “actionable” events compliance white lists “Sourcefire’s 3D System offers • Fully customizable reports, alerts, & dashboards • Reduce risk by ensuring • Detect internal anomalies a highly sophisticated intrusion IPS is always optimized to to baselined “normal” protection solution, which we protect your dynamically traffic, monitor bandwidth found particularly easy to install changing network consumption, & and deploy. We were very troubleshoot network outages & performance impressed with the extensive degradations policy-based responses on offer and the remarkable amount Table 3. Sourcefire Customer Protection Phase Benefits. Sourcefire’s solution is available in three of information it is capable of protection phases, with each phase adding capabilities to optimize a company’s network protection. gathering about internal and external systems. ” To learn more about Sourcefire’s award-winning IPS solutions, visit our Web Dave Mitchell, Product Reviewer, site at www.sourcefire.com or contact Sourcefire or a member of the Sourcefire Computing Security Magazine Product Review Solutions Network™ today. ©2009 Sourcefire, Inc. All rights reserved. SOURCEFIRE®, Snort®, the Sourcefire logo, the Snort and Pig logo, SOURCEFIRE 3D®, RNA®, SOURCEFIRE DEFENSE CENTER®, CLAMAV®, SECURITY FOR THE REAL WORLD™, SOURCEFIRE RUA™, DAEMONLOGGER™, SOURCEFIRE SOLUTIONS NETWORK™, and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. 7 WWW.SOURCEFIRE.COM 6.09 | REV 2

Recomendados

IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best PracticesHeather Axworthy
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
Presentation cisco cloud security strategy
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategyxKinAnx
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 

Recomendados

IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best PracticesHeather Axworthy
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
Presentation cisco cloud security strategy
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategyxKinAnx
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMPCisco Canada
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for merakiCisco Canada
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco Canada
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Sylvain Martinez
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Why ips slide share
Why ips slide shareWhy ips slide share
Why ips slide shareTravis Abrams
 

Mais conteúdo relacionado

Mais procurados

Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...BGA Cyber Security
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueCisco Canada
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Decisions
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for merakiCisco Canada
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...Chrysostomos Christofi
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco Canada
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation SecurityBGA Cyber Security
 

Mais procurados (20)

Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
The World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the RescueThe World Against the Bad, Cisco AMP Solution to the Rescue
The World Against the Bad, Cisco AMP Solution to the Rescue
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services
 
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
 
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
apl5iy2ftxiwofbhsmxj-signature-584e2459f99b5370bda435f09b42cc84cc8c063b8cd454...
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2
 

Semelhante a SourceFire IPS Overview

Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...IJCNCJournal
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceChristopher Gerritz
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemIRJET Journal
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityIvanti
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Chris Sistrunk
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkCisco Security
 

Semelhante a SourceFire IPS Overview (20)

Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Why ips slide share
Why ips slide shareWhy ips slide share
Why ips slide share
 
UEBA
UEBAUEBA
UEBA
 
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECUR...
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
Aensis idps 1000 v ext_eng
Aensis idps 1000 v ext_engAensis idps 1000 v ext_eng
Aensis idps 1000 v ext_eng
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Detect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection SystemDetect Network Threat Using SNORT Intrusion Detection System
Detect Network Threat Using SNORT Intrusion Detection System
 
AXENT-Everything-IDS
AXENT-Everything-IDSAXENT-Everything-IDS
AXENT-Everything-IDS
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
OSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint SecurityOSB180: Learn More About Ivanti Endpoint Security
OSB180: Learn More About Ivanti Endpoint Security
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Idps technology starter v2.0
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
 

Mais de GuardEra Access Solutions, Inc.

Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.
 

Mais de GuardEra Access Solutions, Inc. (20)

HIPAA Regs
HIPAA RegsHIPAA Regs
HIPAA Regs
 
HITECH Modifications to HIPAA
HITECH Modifications to HIPAAHITECH Modifications to HIPAA
HITECH Modifications to HIPAA
 
Patrick Notley1
Patrick Notley1Patrick Notley1
Patrick Notley1
 
Awarenesstechnologies Intro Document
Awarenesstechnologies Intro DocumentAwarenesstechnologies Intro Document
Awarenesstechnologies Intro Document
 
Mx Pb En 100929
Mx Pb En 100929Mx Pb En 100929
Mx Pb En 100929
 
Rp 2010 data-breach-report-en_xg
Rp 2010 data-breach-report-en_xgRp 2010 data-breach-report-en_xg
Rp 2010 data-breach-report-en_xg
 
Deepwater Horizon
Deepwater HorizonDeepwater Horizon
Deepwater Horizon
 
Cloud Computing Payback
Cloud Computing PaybackCloud Computing Payback
Cloud Computing Payback
 
10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets10844 5415 The Value Of Corporate Secrets
10844 5415 The Value Of Corporate Secrets
 
Security Breach Laws
Security Breach LawsSecurity Breach Laws
Security Breach Laws
 
2010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V12010 New Guidelines Hipaa Checklist V1
2010 New Guidelines Hipaa Checklist V1
 
2010 Hipaa Rules 011310
2010 Hipaa Rules 0113102010 Hipaa Rules 011310
2010 Hipaa Rules 011310
 
Og Disparate It Mgmt Tool Impact Report
Og Disparate It Mgmt Tool Impact ReportOg Disparate It Mgmt Tool Impact Report
Og Disparate It Mgmt Tool Impact Report
 
Accel Ops Brochure0609
Accel Ops Brochure0609Accel Ops Brochure0609
Accel Ops Brochure0609
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security Update
 
HITECH Act
HITECH ActHITECH Act
HITECH Act
 
EMR Yes- No
EMR Yes- NoEMR Yes- No
EMR Yes- No
 
Closing the Clinical IT Chasm
Closing the Clinical IT ChasmClosing the Clinical IT Chasm
Closing the Clinical IT Chasm
 
Valiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & CostValiente Balancing It SecurityCompliance, Complexity & Cost
Valiente Balancing It SecurityCompliance, Complexity & Cost
 
2009 Databreach Report
2009 Databreach Report2009 Databreach Report
2009 Databreach Report
 

Último

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 

Último (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

SourceFire IPS Overview

  • 1. Sourcefire IPS™ (Intrusion Prevention System) Unparalleled Intrusion Detection and Prevention It’s 3 am. A hacker is hard at work trying to break into your network. Not for kicks, but for dollars. Is your network secure? Learn why more organizations depend on Snort® than any other intrusion prevention technology worldwide, and why thousands of enterprises rely on Sourcefire’s award-winning, ICSA-certified IPS to secure networks before, during, and after an attack. Key Sourcefire IPS Capabilities EMBRACE THE NEXT GENERATION OF INTRUSION PREVENTION • Industry-standard Snort IPS Stop Threats in Their Tracks detection engine Built on Snort, the de facto standard for intrusion detection and prevention • Dynamic Snort ruleset offering protection from constantly- (IDS/IPS), the award-winning Sourcefire 3D® System provides customers with evolving vulnerabilities a “Discover, Determine, Defend” framework, enabling you to discover threats • Open rules language—view, edit, accurately as they occur, determine their impact and severity, and defend your & create network by stopping threats in their tracks. Whether deployed at the perimeter, • Inline IPS & passive IDS modes in the DMZ, in the core, or at critical network segments, and whether placed in • Reports, alerts, & dashboards inline or passive mode, Sourcefire’s IPS appliances protect your network against • Multiple default IPS policies worms, Trojans, spyware, port scans, buffer overflow attacks, zero-day attacks, • Third-party integration APIs and much, much more. • Packet-level forensics • Sophisticated, customizable Plug-n-Protect Simplicity workflows Today’s resource-tapped IT organizations must work smarter, not harder, to • LDAP & RADIUS support defend against today’s dynamic threat landscape. The plug-n-protect nature of • Plug-n-Protect features Sourcefire’s purpose-built IPS appliances enables customers to easily install and • High availability features configure their IPS, with minimal effort and training. For customers with limited IT security resources, the process of tuning an IPS can be fully automated to Plug-n-Protect Features ensure that each IPS is continuously optimized to protect your changing network • Purpose-built IPS appliance environment. • Easy installation & configuration • Adaptive IPS (automated IPS Sourcefire’s IPS Meets Your Needs—Today and Tomorrow tuning) Most providers offer a “one-size-fits-all” IPS, but Sourcefire is different. Our • Automated VRT rule updates solution is divided into three simple customer protection phases—IPS, Adaptive IPS, and Enterprise Threat Management (ETM)—with each phase building upon the benefits and features of the previous one, adding capabilities to optimize a “I’m convinced RNA was company’s network protection. the differentiating factor that made Sourcefire the obvious ENTERPRISE choice. Even without RNA, the THREAT Sourcefire IPS would have been MANAGEMENT our preference, but the RNA component makes us work ADAPTIVE much more efficiently. ” IPS Greg Clayton, Assistant VP and Network Security Manager, BankersBank Card Services IPS Figure 1. Unlike other IPS vendors that provide a “one-size-fits-all” IPS, Sourcefire’s solution is divided into three customer protection phases that scale with your organization’s needs.
  • 2. IPS Key Benefits IPS—THE FOUNDATION OF THE SOURCEFIRE 3D SYSTEM • Best-in-class intrusion defense Snort – the De Facto Standard for Intrusion Prevention • Easy to use Designed for customers with basic intrusion • Extensive analytics prevention needs, Sourcefire’s IPS phase provides • Powerful reporting the foundation for all Sourcefire customer protection • Unrivaled scalability phases. Built on the legacy of the Snort rules-based detection engine, Sourcefire’s IPS uses a powerful Snort—the De Facto IPS combination of vulnerability- and anomaly-based Standard inspection methods to analyze network traffic and prevent critical threats from affecting your network. • Invented in 1998 by Martin Roesch, Sourcefire Founder & The Sourcefire IPS contains multiple default policies for out-of-the box blocking, CTO drawing from a vast library of open Snort rules. Open rules allow customers • Most widely-deployed IPS to verify that rules address the vulnerabilities for which coverage is claimed technology worldwide and to create new rules or modify existing ones to protect custom applications • Used by 82% of Fortune 100 and systems. Sourcefire’s IPS can be deployed in inline blocking and/or • Used by more than half of Fortune 500 passive alerting modes, and can remediate traffic to external devices, such as • Snort community has become an firewalls, routers, patch management systems, and more. Powered by the Snort entire ecosystem: detection engine, Sourcefire IPS excels with detailed packet-level forensics and » >3.7 million downloads sophisticated, customizable workflows for investigating security events as they » >225,000 registered users occur. » Dozens of Snort books published » Classes taught at colleges & Snort, created by Sourcefire, is the de facto standard for intrusion prevention universities » User groups with more than 3.7 million downloads and over 225,000 registered users. More » Discussion lists & forums organizations rely on Snort than any other intrusion prevention technology worldwide. Over the past decade, the Snort community has grown to become an entire ecosystem, from user groups, to books, to classes taught at hundreds Sourcefire Zero-Day Protection Example: of colleges and universities. More IT security professionals are familiar with Snort than any other IPS technology in the market. Sourcefire customers benefit Sourcefire Protects Against Conficker from this extensive Snort ecosystem on day one. Worm Over Two Years in Advance • August 7, 2006 – Microsoft Protection Against Known and Unknown Threats issues Security Bulletin MS06- The Sourcefire Vulnerability Research Team (VRT) works around the clock to 040 for remote code execution vulnerability in Microsoft ensure Sourcefire commercial customers and open source Snort users are Windows Server Service protected against both known and unknown threats. The VRT leads the IPS • August 9, 2006 – VRT issues rules industry in addressing Microsoft Tuesday vulnerabilities on the same day they protecting against all potential exploits of MS06-040 vulnerability are announced. • October 23, 2008 – Microsoft It’s often the unknown, zero-day threat that can be the most damaging. That’s issues Security Bulletin MS08- 067 for remote code execution why Sourcefire publishes vulnerability-based Snort rules. Snort rules offers vulnerability (similar to MS06-040) protection against any possible exploitation of a vulnerability. An IPS that relies in Microsoft Windows Server primarily on exploit-based signatures provides little-to-no protection against Service • October 23, 2008 – VRT issues zero-day threats. This was recently illustrated when Sourcefire protected its 3D rules protecting against all customers and open source Snort users more than two years in advance of the potential exploits of MS08-067 Conficker worm. vulnerability • November 21, 2008 – Conficker.A Sourcefire’s IPS appliances provide comprehensive threat protection against: worm identified, VRT rules published August 9, 2006 and • Worms • DoS attacks • Malformed traffic October 23, 2008 triggered • Trojans • Buffer overflows • Invalid headers • December 29, 2008 – Conficker.B • Backdoor attacks • P2P attacks • Blended threats worm identified, variant covered by VRT’s existing rules • Spyware • Statistical anomalies • Zero-day threats • March 4, 2009 – Conficker.C worm • Port scans • Protocol anomalies • TCP segmentation & identified, variant covered by IP fragmentation VRT’s existing rules • VoIP attacks • Application • IPv6 attacks anomalies 2
  • 3. The Industry’s First-Shipping 10Gbps IPS High Availability Features Sourcefire’s purpose-built, ICSA-certified 3D • Dual power supplies Sensors are available with throughputs from • Fail-open ports 5Mbps up to the industry’s first-shipping • RAID drives 10Gbps IPS appliance. Sourcefire 3D Sensors • High availability are available with critical fault-tolerant features, configuration options such as fail-open copper and fiber ports, dual power supplies, and RAID drives, and each 3D Sensor supports an array of high availability configuration options. MODEL 3D500 3D1000 3D2000 3D2100 Supported Line 5Mbps 45Mbps 100Mbps 250Mbps Speed (IDS/IPS) MODEL 3D2500 3D3500 3D4500 3D5800 Supported Line 4Gbps 500Mbps 1Gbps 2Gbps Speed (IDS/IPS) (3Gbps inline) MODEL 3D6500 3D9800 3D9900 Supported Line 4Gbps up to 10Gbps up to 10Gbps Speed (IDS/IPS) Table 1. Sourcefire 3D Sensor Product Family Centralized Event Aggregation and Analysis Sourcefire Defense Center Key Capabilities Sourcefire’s IPS phase is intended for customers with multiple Sourcefire 3D Sensors that require centralized event aggregation and analysis. Using the • Centralized event monitoring & sensor management feature-rich, yet easy-to-use Sourcefire Defense Center® (DC) management • Customizable dashboards with console, customers can analyze events, configure and push IPS policies, numerous widgets automatically download and apply Snort rule updates, and more. For larger • Email & SNMP alerts deployments, customers can leverage Sourcefire’s Master Defense Center • Sophisticated & customizable (MDC) technology to manage multiple DCs and hundreds of 3D Sensors across reporting their entire organization. • Automated VRT rules updates • Master Defense Center (MDC) Powerful Reports, Alerts, and Dashboards scalability Sourcefire Defense Center provides customers with powerful reports, alerts, and dashboards. Customers can leverage a variety of pre-defined report templates or create custom reports to meet the needs of any organization. They can receive alerts in the form of email messages or SNMP alerts. And customers can create fully customized dashboards with dozens of drag-n-drop “widgets” that display critical information in the form of tables and graphs. 3
  • 4. “During our testing, we threw lots of different types of traffic at a couple of leading IPS vendors. One IPS vendor produced alerts on 80% of the traffic we threw at it, but Sourcefire didn’t produce a single alert. We brought the Sourcefire engineer in because we thought it wasn’t working, but he said that it wasn’t producing alerts because the boxes being attacked in the test weren’t vulnerable to what was being thrown at it...he showed me proof that it was working, which was nice. ” Jeremy Pratt, Network Manager, L.A. Times Figure 2. The Sourcefire Defense Center dashboard is fully customizable and provides numerous drag-n-drop widgets that display critical security event information. Figure 3. Sourcefire fully supports a Defense-in-Depth intrusion prevention strategy by allowing Sourcefire 3D Sensors to be positioned at the perimeter, in the DMZ, in the core, and at critical internal network segments. Sourcefire Defense Center orchestrates all event aggregation, analysis, and IPS policy management. 4
  • 5. Adaptive IPS Key Benefits ADAPTIVE IPS—DYNAMIC DEFENSES FOR DYNAMIC NETWORKS • Know what’s on your network—in Sourcefire RNA®—Real-Time Passive Network Intelligence real time, all the time Although Sourcefire’s IPS phase provides exceptional network threat protection, • Save time by significantly the Adaptive IPS phase is where Sourcefire surpasses all other IPS systems. reducing quantity of “actionable” security events Sourcefire’s Adaptive IPS phase is designed to help IT organizations perform • Reduce risk by ensuring IPS is more optimally and is ideal for companies with small IT security staffs. IT always optimized to protect your security professionals don’t have time to constantly “tune” their IPSes as dynamically changing network their networks change. And they don’t have time to sift through hundreds or • Helps organizations with small thousands of security events each day to try to figure out which events matter network security staffs effectively protect their networks most. IT security organizations need dynamic, intelligent network defenses to defend their highly dynamic networks against today’s dynamic threats. Sourcefire RNA Key Capabilities The technology that provides context to the Sourcefire IPS is called Sourcefire RNA (Real-time Network Awareness). Analogous to passive SONAR on a ship, • 24x7, passive, real-time network RNA provides 24x7 passive network intelligence and presents a real-time intelligence inventory of all operating systems (OSes), services, protocols, and potential • Provides real-time network/ device, state & behavior context vulnerabilities that exist on your network. By adding the RNA module to your to IPS 3D Sensors, real-time/all-the-time network intelligence is incorporated into the • Contributes to automated impact IPS, and the process of tuning the IPS and assessing security events can be assessment fully automated. • Supports automated IPS tuning • Contributes to IT policy compliance Figure 4. Sourcefire RNA works like passive SONAR on a ship, enabling you to identify friendly and non-friendly network behavior through passive network discovery 24 hours a day, seven days a week. Automated IPS Tuning and Optimization “Events requiring manual reviews have been reduced Sourcefire is the only network security provider to offer an Adaptive IPS from over 20,000,000 per solution, which is why the company is regularly depicted by leading market month down to approximately research analysts as the most visionary leader in the IPS industry. The following 2,000 per month. By using table depicts key capabilities found in Sourcefire’s Adaptive IPS phase: the Sourcefire IPS, we have been able to reduce the time Impact Flag Assessments Threat intelligence is automatically correlated against real-time and number of staff who are target host intelligence to determine the relevance and impact of dedicated to analyzing IDS data, the attack. Actionable events are typically reduced by 99% or more. re-utilizing these SOC resources for other activities. ” RNA-Recommended Rules As your network evolves, Sourcefire takes the guesswork out of determining which Snort rules to enable and disable. RNA Network Security Analyst, recommends relevant Snort rules based on the network it’s Global 500 Software Provider protecting. Snort rules can be enabled with or without human intervention. Adaptive Traffic Profiling Prevents IPS evasions by enabling the IPS to model segmented and fragmented traffic in the same manner the host OS would see it. Non-Standard Port Handling If traffic using a non-standard port is detected, such as HTTP on port 8080 (rather than port 80), applicable Snort rules will automatically be re-configured to monitor related traffic using both standard and non-standard ports. Table 2. Sourcefire’s Adaptive IPS phase incorporates real-time network intelligence to prioritize security events and automate the process of tuning your IPS. 5 Figure 1. Sourcefire RNA works like passive SONAR, enabling you to identify friendly and non- friendly network behavior through passive network discovery 24 hours a day, seven days a week.
  • 6. The use of Sourcefire’s Adaptive IPS results in massive elimination of false positives and false negatives, less manual event investigation and IPS tuning by your IT security staff, lower potential for network downtime, and lower cost of operations. By having real-time knowledge of what’s running on your network, the 3D System saves you time and effort and maximizes protection of your dynamically changing network. ETM Key Benefits ENTERPRISE THREAT MANAGEMENT (ETM)—FULL DEFENSE BEFORE, DURING, AND AFTER THE ATTACK • Quickly link users to security & compliance events ETM—A Fully Integrated Approach for Complete Protection • Easily monitor & enforce Sourcefire’s Enterprise Threat Management (ETM) solution provides full IT policy compliance with compliance white lists functionality to defend your network before, during, and after an attack. ETM • Detect internal anomalies to is the combination of the world’s most powerful attack detection engine, baselined “normal” traffic enhanced by real-time network intelligence provided by RNA, completed by • Monitor bandwidth consumption a system that gives you round-the-clock knowledge of any behavioral change of your critical systems. ETM allows the Sourcefire IPS to filter out the noise • Troubleshoot network outages & performance degradations and tune itself so you can quickly react to network changes and compromises. Just enable certain RNA features and add Sourcefire RUA™ (Real-time User Awareness) to your 3D Sensors, and you have a complete solution to protect Sourcefire RUA Key Capabilities your network at any point of the attack continuum. • Links users to security & Sourcefire RUA—Link User Identity to Security and Compliance Events compliance events Sourcefire is the only IPS provider to link user identity to security and • Support for Active Directory & LDAP compliance events. Rather than sifting through Active Directory, LDAP and, • Provides full names, contact DHCP log files to determine the owner of a host under attack, Sourcefire RUA info, & more links both Active Directory and LDAP usernames to IP addresses involved in • Resolve incidents in a fraction security and compliance events. By clicking on the username, the security of the time analyst is presented with the user’s full name, department, and contact information. By leveraging Sourcefire’s ETM approach, RUA enables incidents to be resolved in a fraction of the time it would take with an IP address alone. Reduce Risk Before the Attack With the ETM phase, customers can reduce the risk in multiple ways before the attack occurs. First, with RNA’s change management capability and powerful Policy and Response (P&R) engine, IT can be notified when a new host appears on the network and/or when an existing host changes its approved configuration. Second, once RNA has inventoried network assets into its Network Map, users can create compliance white lists of approved host assets by indicating the OSes, services, applications, and protocols that can and/or cannot be used on a particular network, plus create custom compliance rules to monitor and enforce your IT acceptable-use policies. And last, by narrowing the list of approved applications and attributes, IT can better defend against both known and unknown attacks. By leveraging Sourcefire’s compliance capabilities, fueled by RNA, IT can harden network assets by shutting down unapproved systems, turning off unnecessary ports, and by applying key patches and service packs before the attack occurs. Improve Network Security and Protect Your Organization Not all threats pass through your network’s perimeter. Some threats are hand- carried on laptops right through the front door of your building. An IPS can only protect what it can see. By leveraging RNA to baseline “normal” traffic on your network, you can leverage Sourcefire to detect anomalies, such as malware propagating from host to host. ETM also enables customers to monitor bandwidth consumption and troubleshoot network outages and performance degradations. 6
  • 7. TAKE THE NEXT STEP TO PROTECT YOUR NETWORK “Mapping a username to an IP address was taking us Sourcefire is the only IPS provider offering dynamic defenses against away from a backlog of other the dynamic threats aimed at your dynamic network. Sourcefire’s unique important tasks. By using capabilities include: Sourcefire RUA, what used to • A three-phased customer protection solution (IPS, Adaptive IPS, and take up to an hour now takes Enterprise Threat Management) that scales with the needs of your just a second or two. I feel company’s requirements much better knowing that I can • Best-in-class intrusion defense contact a user immediately in the event they are affected by a • 24x7 passive network intelligence through Sourcefire RNA , network attack. ” • Real-time, automated intrusion event impact assessment Tamara Fisher, Security Engineer, • Automated IPS tuning based on actual network assets protected through AutoTrader.com Adaptive IPS • User identity tracking through Sourcefire RUA • An integrated system managed from a single, easy-to-use Sourcefire Defense Center management console Sourcefire 3D System • “Manager of managers” enterprise-class scalability through Sourcefire’s Components Master Defense Center technology • Sourcefire 3D Sensor » Sourcefire IPS Module IPS ADAPTIVE IPS ETM » Sourcefire RNA Module • Best-in-class intrusion All IPS benefits, plus: All Adaptive IPS benefits, plus: » Sourcefire RUA Module defense • Know what’s on your • Quickly link users to • Sourcefire Defense Center • Easy to use for both novice network—in real time, all security & compliance & experienced users the time events • Extensive packet-level • Save time by significantly • Easily monitor & enforce forensics reducing quantity of IT policy compliance with “actionable” events compliance white lists “Sourcefire’s 3D System offers • Fully customizable reports, alerts, & dashboards • Reduce risk by ensuring • Detect internal anomalies a highly sophisticated intrusion IPS is always optimized to to baselined “normal” protection solution, which we protect your dynamically traffic, monitor bandwidth found particularly easy to install changing network consumption, & and deploy. We were very troubleshoot network outages & performance impressed with the extensive degradations policy-based responses on offer and the remarkable amount Table 3. Sourcefire Customer Protection Phase Benefits. Sourcefire’s solution is available in three of information it is capable of protection phases, with each phase adding capabilities to optimize a company’s network protection. gathering about internal and external systems. ” To learn more about Sourcefire’s award-winning IPS solutions, visit our Web Dave Mitchell, Product Reviewer, site at www.sourcefire.com or contact Sourcefire or a member of the Sourcefire Computing Security Magazine Product Review Solutions Network™ today. ©2009 Sourcefire, Inc. All rights reserved. SOURCEFIRE®, Snort®, the Sourcefire logo, the Snort and Pig logo, SOURCEFIRE 3D®, RNA®, SOURCEFIRE DEFENSE CENTER®, CLAMAV®, SECURITY FOR THE REAL WORLD™, SOURCEFIRE RUA™, DAEMONLOGGER™, SOURCEFIRE SOLUTIONS NETWORK™, and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. 7 WWW.SOURCEFIRE.COM 6.09 | REV 2