Next-Generation Firewall (NGFW)

“Next-generation network IPS will be incorporated within a next-generation firewall, but most next-generation firewall products currently include first-generation IPS capabilities.”

-- “Defining Next-Generation Network Intrusion Prevention,” Gartner, 7 October 2011

The rate of change in IT environments is unprecedented. At the same time, attacks are coming at a rapid pace and with an increasing level of sophistication. In an attempt to provide effective protection, NGFWs have added application control to the access control capabilities provided by traditional firewalls. This isn’t enough.

With the Sourcefire Next-Generation Firewall, Sourcefire extends the power of Agile Security^® and its leadership in Next-Generation IPS (NGIPS) to NGFWs. For the first time, customers can support access and application control policies today without sacrificing protection tomorrow.

The Sourcefire NGFW is the only solution of its kind to add best-in-class threat prevention and robust access and application control to advanced firewall capabilities. In fact, because our roots are in threat prevention we deliver the first NGFW based on an industry-leading NGIPS. In NSS Labs' 2012 NGFW Product Analysis Report, Sourcefire set a new standard in security effectiveness, protecting against 99 percent of all attacks and demonstrating superior performance and total cost of ownership. 

Key Sourcefire NGFW Capabilities

What a Next-Generation Firewall Should Be
Designed for organizations that want ultimate flexibility to deploy appliances to match their infrastructure needs and scale over time, the Sourcefire NGFW delivers unique advantages to combat threats in today’s real world:

• Total Network Visibility: Sourcefire realized long ago that you can’t protect what you can’t see. Our FireSIGHT™ technology gives you passive, real-time visibility of hosts, applications, operating systems, users, content, attacks, and more.
• Advanced Threat Protection: Protecting for the latest threats, Sourcefire delivers the best threat prevention that money can buy as validated by independent third-party testing and thousands of satisfied customers around the world. 
• Control Without Compromise: With NGIPS built-in, you get third-party validated, best-in-class threat prevention as part of your NGFW. When combined with granular application and URL access control down to the individual user, you’ve got the total network protection you need today and tomorrow.
• Intelligent Security Automation: Because there aren’t enough hours in the day or people on staff to keep pace with changing environments and threats, Sourcefire NGFW allows you to automate more administrative functions than any other NGFW solution.
• Unparalleled Performance and Scalability: You need more protection but you also need to maintain network performance. Our appliances, based on single-pass architecture and FirePOWER™ technology, deliver stateful firewall inspected throughput options ranging from 40Gbps down to 1Gbps with minimal degradation as security functions are added.
• Advanced Malware Protection for FirePOWER™ (Optional): Defeat malware across the network with malware detection/blocking, continuous analysis and retrospective alerting that leverage Sourcefire's vast cloud intelligence. Available via a subscription add-on to FirePOWER NGFW appliances. Simply software-enable these additional protections when you're ready - no need for limited-purpose malware appliances that add further complexity.