• 3D System
  • Defense Center
  • IPS
  • RNA
  • RUA
  • Intrusion Agent
• Snort
• ClamAV

The Sourcefire 3D^™ System

Discover. Determine. Defend.

Single-product defenses alone are no longer enough to secure your network. Threats are growing in number and sophistication. Attackers are launching more attacks designed to bring corporate networks down or to steal customer or corporate proprietary information. Mobile devices, laptops, wireless networks, partner networks and PDAs are all potential points of entry.

As the quantity and severity of threats increase, and as new regulatory compliance requirements are introduced, IT budgets are growing rapidly year after year. In response, organizations are faced with purchasing a myriad of point products that don't share intelligence and don't see all the assets on a network.

Today, the limitations of traditional single-product solutions are driving organizations to embrace a new, more effective methodology.

Sourcefire's ground-breaking 3D approach – Discover, Determine, Defend – is the first and only Enterprise Threat Management (ETM) solution that unifies IPS, NBA, NAC and vulnerability assessment technologies to provide customers with the most effective, real-time network security for today's real world challenges.

Discover threat, network and asset information using Sourcefire IPS™ and Sourcefire RNA™. Sourcefire IPS uses the industry standard SNORT® vulnerability-based detection engine to bring the benefits of signature, protocol, and anomaly-based inspection methods to your network at speeds up to 8 gigabits per second. Sourcefire RNA passively monitors your network to deliver highly detailed, real-time profiles of your network assets, including their configuration, behavior, potential vulnerabilities, and associated changes.

Determine policy violations, the impact of security events and the appropriate response. By correlating threat information provided by Sourcefire IPS appliances and Intrusion Agents with endpoint and network information provided by RNA, the Defense Center prioritizes security events to determine the most critical events to your business enabling you to take appropriate action.

Defend your network assets. The 3D System gives users the capability to defend their networks before attacks by proactively patching discovered vulnerabilities, during attacks by blocking, and after attacks have occurred by remediation to other devices to minimize damage.

Sourcefire IPS™

Sourcefire IPS provides vulnerability-based intrusion prevention built on the foundation of Snort®, the world's most popular intrusion prevention software. Sourcefire IPS uses a rules-based language—a powerful combination of signature, protocol, and anomaly-based inspection methods—to examine packets for attacks. Attacks protected against include worms, Trojans, port scans, buffer overflow attacks, spyware, Voice Over IP (VoIP) attacks, IPv6 attacks, protocol anomalies, malformed traffic, invalid headers, denial of service attacks, and zero-day attacks. The Snort rules language is the industry standard, used by a community of hundreds of thousands of security practitioners. Unlike competing systems, Sourcefire IPS allows users to create, edit, and view detection rules, and full packet payloads are logged for every event so users can see exactly what threatening traffic has been detected. Sourcefire IPS can block threats directly and stop attackers by integrating with access control devices such as firewalls, routers, and switches. With inline or passive deployment options, line speeds from five megabits per second (Mbps) to eight gigabits per second (Gbps) and fully redundant configurations, Sourcefire IPS appliances are architected to meet your network's needs.

Sourcefire RNA™

Sourcefire RNA is a strategic component to Sourcefire's ETM value proposition. RNA provides native NBA, NAC and Vulnerability Assessment capabilities, affording the Sourcefire 3D System with valuable threat, endpoint and network intelligence. RNA provides an always-on, real-time view of what is transpiring in a user's network. By listening, RNA assembles a database of network assets, their operating systems, services and communicating applications—and identifies potential vulnerabilities on these devices. Unlike competitors' approaches, RNA's passive endpoint discovery requires no agent installations or potentially destructive scans, although RNA can leverage the power of targeted active scanning to find even more detailed information about hosts. RNA can use this information to determine whether the services, operating systems, and applications that endpoints are running are compliant with organizational policy. RNA also monitors communications behavior among endpoints on a network, baselining traffic, watching for deviances from typical traffic levels or connection patterns, and alerting administrators to these changes. The contextual information provided by RNA not only allows organizations to protect their networks with more confidence, but also reduces the ongoing costs associated with managing and responding to network threats.

Sourcefire Intrusion Agent for Snort^®

Sourcefire Intrusion Agents allow users of open-source Snort sensors to gain many of the benefits available with the Sourcefire 3D System, including impact flags for intelligent prioritization of threat events against network and business risks. Intrusion Agents are available for Linux and Solaris.

Sourcefire Defense Center™

Sourcefire Defense Center is the nerve center of the Sourcefire 3D system. Defense Center unifies critical network security functions including event monitoring, correlation, and prioritization for forensic analysis, trends analysis, and management reporting. The highly effective user interfaces have been designed by security analysts for security analysts with an intuitive lay-out and presentation, and user-definable workflows. Defense Center has an open architecture which allows it to interface with existing management consoles, such as IBM Tivoli and HP OpenView. Using Defense Center, customers can control multiple 3D Sensors from a single management console and combine security and compliance event data from IPS, RNA and open source Snort to get the most comprehensive view of event activity on their networks.

By discovering security and network information, determining its business impact, and defending networks before, during, and after the attack, the Sourcefire 3D System fully addresses the enterprise threat management challenge.