Sourcefire Next-Generation Firewall - Westcon Next-Generation... · The Sourcefire Next-Generation…

  • Published on

  • View

  • Download

Embed Size (px)


  • Sourcefire Next-Generation Firewall offers advanced firewall capabilities, integrated application control, and the worlds most powerful IPS in a universal, high-performance security appliance. No other solution brings together control and effective prevention in a flexible, high-performance engine to satisfy the larger need for complete enterprise visibility, adaptive security, and advanced threat protection.

    AGILE SECURITY FOR THE REAL WORLD The Sourcefire Next-Generation Firewall (NGFW) is the first of its kind to combine best-of-breed threat prevention with robust access and application control capabilities. Designed for enterprises that wish to enforce application usage policies and block sophisticated threats, Sourcefires NGFW delivers unique advantages not available in competing offerings, including:

    Passive, real-time visibility of hosts, applications, operating systems, users, content, attacks, and more

    Achieve granular network and application access control without compromising threat prevention

    Leverage rich contextual awareness to automate key security functions, including impact assessment, user identification and policy tuning

    Sourcefires purpose-built appliances incorporate FirePOWER technology for unprecedented performance and scalability

    In the real world, threats are constantly evolving. And so is your network. Youve got limited resources and a lot on your plate. You need a network security solution that is agileone that can support your access control policies today without sacrificing protection tomorrow.

    TOTAL NETWORK VISIBILITY How can you protect what you cannot see? Imagine a U.S. Secret Service agent assigned to protect the President while wearing a blindfold? Thats analogousgranted, on a far lesser scaleto a network security device configured with a default policy not optimized to protect your unique network environment. It cant properly defend your network because it simply doesnt know what its protecting.

    But Sourcefire is different. Since 2003, Sourcefire has been aggregating network intelligence to provide context to network security defenses. And today, Sourcefire FireSIGHT (formerly Sourcefire RNA and RUA) affords users with total network visibility, including physical and virtual hosts, operating systems, applications, users, content, and potential host vulnerabilities.

    Sourcefire Next-Generation Firewall

    Key NGFW Capabilities

    Stateful firewall inspection Routing, Layer 2-4 switching Static and Dynamic NAT Access control Application control NGIPS threat prevention Network behavior analysis User identification URL filtering Sensitive data filtering

    Context awareness helps make security an enabler, not

    be an inhibitor, of dynamic business requirements. Begin the transformation to context-aware and adaptive security infrastructure now as you

    replace legacy static security infrastructure.1

    Neil MacDonald, Gartner

    1Source: The Future of Information Security is Context Aware and Adaptive, Gartner, 14 May 2010

  • 2

    Sourcefire NGFW customers leverage this context in a myriad of ways. Here are just a few examples:

    Optimize defenses and system performance by automating protection policy updates based on network changesReduce the number of actionable security events by up to 99% by correlating threats against target operating systems and applicationsKnow instantly who to contact when an internal host is affected by a client-side attackBe alerted when a host violates a configuration policy or attempts to access an unauthorized systemDetect the spread of malware by baselining normal network traffic and detecting network anomalies

    FireSIGHT ensures network protections are deployed appropriately, and maintained automatically, as networks and threats change over time. FireSIGHT enhances the quality of network security while helping to deliver the lowest possible operational expense.

    CONTROL WITHOUT COMPROMISEOrganizations are rapidly turning to NGFWs to monitor, and in many instances control, how systems are accessed and how applications are used. But the promise of an NGFW is to combine granular access control with effective threat prevention onto one unified platform. Unfortunately, as acknowledged by Gartner, most NGFW vendors are bolting on inferior intrusion prevention technology that is ill-equipped to defend against todays sophisticated threats.

    Sourcefire is different. Our roots are in threat prevention. Simply put, Sourcefire offers the best threat prevention that money can buy, as validated by NSS Labs and thousands of satisfied customers around the world. And now with Sourcefires NGFW, we offer you the granular access control you need without compromising security.

    And when we say granular, we mean it. Here are a few examples:

    Want to control Facebook? How about making Facebook read-only so users can view updates but not make them? Or disable Farmville or just Facebook Chat?Want to restrict employee Web access to only safe websites? No problem.Want to ensure that only authorized users can access the payroll system? Thats easy.Need to configure custom threat prevention rules to defend your proprietary system? Weve been doing that for over a decade.

    FireSIGHT Detection

    Physical/virtual hosts Operating systems Applications Consumer devices Mobile phones VoIP phones Network printers Routers Potential vulnerabilities Network flow and bandwidth Network anomalies User identity

    Mapping a username to an IP address was taking

    us away from a backlog of other important tasks. What used to take up to an hour now takes just a second

    or two. I feel much better knowing that I can contact a user immediately in the

    event they are affected by a network attack.

    Tamara Fisher, Security Engineer,

    Figure 1. Sample FireSIGHT detection

  • 3

    Implementing thoughtful access control policies is a powerful step toward reducing network security risk, achieving regulatory compliance, and ensuring a safe and productive workplacebut only if the effectiveness of your threat prevention is not sacrificed. Since NSS Labs conducted its first-ever comparison test in 2009, Sourcefire has been ranked #1 in threat prevention among all leading network security providers. The following is a summary of our latest test2 results:

    INTELLIGENT SECURITY AUTOMATIONNo matter how much your operating budget is increased, or how many new resources youre able to hire next year, all IT security managers face the same challenges there are never enough hours in the day and there are never enough resources to go around. Thus, IT security must constantly strive to work smarternot harderto meet the demands of the business.

    Automation is key to keeping pace. Our NGFW includes many innovative ways to automate network security functions and simplify managementmany of which our competitors have not even contemplated. Here are a few examples:

    Reduce the number of actionable security events by up to 99% by correlating threats with vulnerabilities within targets and filtering the noiseSave countless hours of frustration each month by automating threat prevention policy updatesTake the guesswork out of who to contact by linking user identity to security and compliance events Construct protection policies in building blocks called policy layers, simplifying the process of creating and managing policiesLeverage one master console to centrally manage up to 10 subordinate consoles and hundreds of Sourcefire NGFW appliancesIntegrate with your existing network and security infrastructure to monitor events, quarantine threats, trigger active scans, and more

    No other NGFW solution enables you to automate so many administrative functions in so many ways. By automating a few key functions, organizations can save tens of thousands of dollars per year, as concluded in a recent SANS report3.

    Granular Control Policies

    Per interface / network zone Per VLAN Per IP Address / CIDR block Per user / group Per application Per URL

    Granular Control

    Sourcefires powerful policy engine enables users to construct granular application and access policies for users and groups.

    This is the second year in a row that Sourcefire blocked the most attacks of all products.

    -NSS Labs Test Report

    Sample Automation

    Threat prevention rule and policy updates

    Threat impact assessment Linking users to events Event correlation of user,

    device, service and application Exporting events to SIEMs Generating reports

    2Source: Network Intrusion Prevention Systems 2010 Comparative Test Results, Dec. 2010, NSS Labs 3Source: Figure derived from Calculating TCO on Intrusion Prevention Technology, March 2010, SANS

  • 4

    UNPARALLELED PERFORMANCE & SCALABILITYSourcefires NGFW solution can scale to meet the needs of the largest of enterprises through its innovative line of Sourcefire 3D Appliancesequipped with FirePOWER technology. FirePOWER is how Sourcefire is able to achieve high firewall and threat prevention throughputs with minimal latency at unprecedented energy savings. The following diagram depicts the single-pass flow of traffic through Sourcefires NGFW architecture.

    Sourcefires central management console, called Sourcefire Defense Center, is the central nervous system of the Sourcefire 3D System. Its here where all protection and access policies are configured and where all security and compliance events are evaluated. Defense Center also offers a powerful reporting engine with a selection of report templates to meet the needs of any organization. And Sourcefire offers the most customizable dashboard in the business, featuring an intuitive portal-like interface equipped with a library of drag-and-drop widgets for monitoring security and compliance events and the health and performance of your 3D Appliances.

    Universal Security Platform

    Sourcefire NGFW deploys a single-pass, hardware-accelerated design to afford maximum scalability, threat effectiveness, performance and security in a consolidated platform.

    Sourcefire Defense Center

    The nerve center of the Sourcefire 3D System for easy, central management, event analysis and reporting.

    Figure 4. NGFW single-pass architecture

    During our testing, one vendor produced alerts on

    80% of the traffic we threw at it, but Sourcefire didnt produce a single alert. We

    brought the Sourcefire engineer in because we

    thought it wasnt working, but he said that it wasnt producing alerts because the boxes being

    attacked in the test werent vulnerable to what was being thrown at it...he showed me

    proof that it was working, which was nice.

    Jeremy Pratt, Network Manager, L.A. Times

    Defense Center Capabilities

    Centralized event monitoring Manages physical and virtual

    Sourcefire 3D Appliances Customizable dashboards with

    numerous widgets Role-based administration and

    workflow Syslog, email, and SNMP alerts Sophisticated and customizable

    reporting Third-party integration APIs LDAP, AD and RADIUS support Automated threat prevention

    updates Master Defense Center (MDC)

    Lower TCO Through Automation

    Organizations can save tens of thousands of dollars every year by automating common threat prevention functions

    Figure 3. Annual cost of maintenance

    Impact Assessment of Security Events

    Automated PolicyTuning

    User Identification







    Manual processes Automated processes

  • 2011 Sourcefire, Inc. All rights reserved. Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, ClamAV, Immunet and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others.

    12.11 | REV1

    But performance and manageability arent the only aspects that set Sourcefires NGFW solution apart. Sourcefire offers unparalleled scalability and ease of management through its Master Defense Center capability, or MDC. This hierarchical approach allows a MDC to centrally manage up to 10 subordinate DCs. This offers our customers unprecedented scalability, whereas security and compliance events can be filtered up to the MDC while protection and access policies can be pushed down to subordinate DCs and 3D Appliances.

    PROTECTION FOR PHYSICAL & VIRTUAL ENVIRONMENTS Sourcefire offers an impressive line of purpose-built 3D Appliances with stateful firewall inspected threat prevention throughputs ranging from 40Gbps down to 1Gbps. All Sourcefire 3D Appliances come standard with programmable, fail-open copper and/or fiber interfaces, and most models come equipped with additional fault-tolerant features, including dual power supplies, RAID drives and lights out management (LOM).

    Sourcefire also offers security solutions for VMware, Xen and Red Hat virtual platforms. Sourcefire Virtual 3D Sensors provide the capability to inspect VM-to-VM communications, providing the same control and protection as their physical counterparts.

    REMOVE NETWORK BLIND SPOTS THROUGH SSL DECRYPTION The use of SSL encryption is exploding due to cloud computing and the rise of Web-enabled applications. But did you know that every one of your network security devices (e.g., NGFW, IPS, DLP, Network Forensics) is useless at detecting threats embedded within SSL unless that traffic is first decrypted?

    The Sourcefire SSL Appliance can decrypt and re-encrypt SSL traffic, allowing unimpeded security inspection that scales in concert with your network performance requirements.

    TAKE THE NEXT STEP TOWARD AGILE SECURITY To learn more about Sourcefires Next-Generation Firewall and other Agile Security solutions, contact a member of the Sourcefire Global Security Alliance today to view a demonstration, request an onsite evaluation, or schedule a meeting, or visit us for more information.

    SSL is an easy vehicle for cybersecurity attacks:

    Inbound attacks Spyware and malware Viruses and worms Phishing Identity theft Information leaks Sourcefire SSL Appliance 2000


View more >