Sourcefire RNA® (Real-time Network Awareness) is an innovative, passive sensing technology that provides real-time network intelligence to the Sourcefire 3D® System. RNA enables organizations to confidently protect their dynamic networks through a unique, patented combination of passive network discovery, network flow analysis, and targeted vulnerability assessment technologies.
Sourcefire RNA provides continuous passive network monitoring, creating a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities on the network. RNA is unique in its ability to collect this intelligence in a completely passive manner, while seamlessly integrating the intelligence with the 3D System. Since RNA is passive, it avoids the numerous and substantial pitfalls of traditional network monitoring technologies that rely on active scanning or host-based agents. RNA’s host database can also be augmented with information gathered by active discovery tools, where they exist, to further expand the store of network intelligence. Once RNA has established a baseline network inventory, its powerful Policy and Response engine can notify Information Security or Network Operations the moment a new host appears on the network and/or when an existing host has changed its approved configuration (e.g., OS upgrade, new service).
Adaptive IPS for Efficient and Effective Intrusion Prevention
By leveraging Sourcefire RNA, customers can take their Sourcefire IPS™ (Intrusion Prevention System) to the next level. Incorporating RNA’s real-time network intelligence into Sourcefire IPS can fully automate the ongoing process of IPS tuning and assessing the impact of security events. This results in less manual event investigation and IPS tuning by your IT security staff, lower potential for network downtime, and lower cost of operations. By having real-time knowledge of what’s running on your network, the 3D System saves you time and effort and maximizes protection of your ever-changing network.
Network Behavior Analysis
Network Behavior Analysis (NBA) solves daily challenges faced by both Information Security and Network Operations groups. Sourcefire RNA enables Information Security to detect and quarantine internal threats by establishing “normal” traffic baselines and detecting network anomalies. RNA can also help to secure “unmanaged” devices used by contractors and guests, and IT can be alerted when a new host appears or attempts to access an unauthorized network resource. In addition, RNA enables Network Operations to monitor bandwidth consumption across the network and to troubleshoot network outages and performance degradations.
IT Policy and Regulatory Compliance
Many organizations have documented IT acceptable use policies (AUPs), but few have the means to monitor and enforce them. Sourcefire provides the capability to model and enforce AUPs with compliance white lists. White lists specify the operating systems, services, applications, and protocols that are approved for use on the network and can be applied to all hosts—or a select range of hosts—on a given network segment. Organizations can reduce risk by identifying and mitigating non-compliant hosts. Oftentimes, monitoring and enforcing compliance with company IT policies facilitates compliance with external regulations, such as PCI DSS, HIPAA, SOX, FISMA, Basel II, GLBA, and NERC. Numerous 3D System compliance features, such as white lists, dashboard widgets, and reports, help organizations achieve regulatory, as well as internal, compliance.