• 3D System
  • Defense Center
  • 3D Sensor
  • IPS
  • IDS
  • RNA
  • RUA
  • NetFlow Analysis
  • Intrusion Agent
• Snort
• ClamAV

Sourcefire NetFlow Analysis

Extend Sourcefire Network Behavior Analysis to Uncovered Areas of Your Network

The best approach to network security is one of layered defenses, commonly referred to as “Defense in Depth.” Relying on perimeter-based firewalls and IPSes alone does nothing to guard against attacks that originate from the inside—whether an attack is initiated by a malicious insider or a worm is unknowingly propagated by a trusted employee. Fortunately, a new approach to defending the internal network has emerged. An approach that not only augments existing Information Security defenses, but also offers collateral benefits to solving everyday Network Operations challenges.

Network Behavior Analysis, or NBA, was originally fueled by rampant outbreaks of computer-based worms (e.g., Zotob, AnnaKournikova, Mydoom, Sasser). NBA technology has evolved over time to augment a company’s IT compliance enforcement capabilities, while providing new capabilities for monitoring bandwidth utilization and troubleshooting network outages and performance degradations. As a result, NBA technology is bridging the gap between Information Security and Network Operations by providing a unified framework for solving daily challenges faced by both organizations.

Sourcefire Network Behavior Analysis Benefits

NBA leverages flow analysis capabilities to achieve a variety of benefits for both Information Security and Network Operations professionals.

Sourcefire’s NBA solution benefits Information Security by:

• Establishing “normal” traffic baselines and detecting anomalies (i.e., worm propagation)
• Contributing endpoint intelligence to help assess security and compliance events
• Providing network composition insight, giving security analysts the opportunity to identify and shut down unnecessary services and ports

Sourcefire’s NBA solution benefits Network Operations by:

• Enabling network analysts to ensure that ample network bandwidth is allocated to all network segments
• Empowering network analysts with the ability to troubleshoot network outages and performance degradations

Extend the Reach with NetFlow Analysis

Sourcefire RNA® (Real-time Network Awareness) can generate rich, proprietary flow data called “RNA Flow.” RNA Flow goes beyond traditional flow technologies, such as NetFlow, by not only collecting information such as IP addresses and ports, but also Layer 7 attributes, such as operating systems, services, and applications. However, most organizations cannot afford to place Sourcefire 3D® Sensors on every network segment. Thus, Sourcefire’s NetFlow Analysis capability can extend the reach of Sourcefire’s NBA solution to areas of the network where 3D Sensors do not exist.

Sourcefire can aggregate and analyze NetFlow data exported from NetFlow-enabled routers and switches to achieve the full benefits of Sourcefire’s Network Behavior Analysis solution.