Fire AMP

Malware has changed dramatically since the first PC viruses appeared nearly 25 years ago. Today, malware is more sophisticated and evolving more quickly than ever before. Many customers find it impossible to keep up. Recent Sourcefire research suggests that as many as 75% of new attacks are seen on a single system.

Sourcefire FireAMP is the only solution that provides the visibility and control you need to stop threats missed by other security layers. FireAMP is an intelligent, enterprise-class advanced malware analysis and protection solution that uses big data to discover, understand and block advanced malware outbreaks, advanced persistent threats (APTs) and targeted attacks. For the first time customers can get answers to questions like:
•    Where did the attack start?
•    How did it spread?
•    How can the outbreak be controlled?

FireAMP uses more than 400 characteristics associated with each file for advanced malware analysis and malware protection.

AMPlify Your Security
Visibility: See more than ever before. Identify the root cause of the threat, how it has spread, and the specific behavior of the malware.

Control: Contain outbreaks and block future attacks. FireAMP offers Outbreak Control to tag and quarantine malware and Cloud Recall™ for malware removal on affected systems without a full scan.

Enterprise-ready: Scale protection. FireAMP works with existing security layers, for example intrusion detection and prevention (IDS/IPS), next-generation firewall (NGFW), and other anti-malware solutions, as part of a defense-in-depth strategy and delivers the performance, manageability, and scalability that organizations require.

Fire Power

Living in the world of cybersecurity is tough. Threats are growing, and the good guys are often out-gunned. With attack vectors becoming more sophisticated and network bandwidth exploding, you find yourself in need of smarter security appliances and greater throughput. Unfortunately the more appliances you buy, the more power and rack space you’re consuming. It’s expensive, and you’d like to make sure your network is running as efficiently as possible. How can security solutions manage these seemingly contradictory requirements?

Unmatched Performance: Consider a technology that delivers unmatched performance—industry-leading performance capable of supporting the most demanding networks with <150µs latency.

Energy Efficient: What if you could have this unmatched performance packed into an energy-efficient security solution with more processing power and throughput per rack unit so you can do more with less?

Flexible Security Architecture: What if this technology also gave you a flexible, enterprise security architecture, the smartest way to buy the best network threat protection available, with the capability to deliver and accelerate any network security technology you need:
•    Intrusion Prevention Systems (IPS)
•    Next-generation IPS (NGIPS) with contextual awareness
•    Next-generation firewall (NGFW)
•    And more!

Advanced Threat Protection: And to help you fight the latest threats to your network, what if it also delivered advanced malware protection with a software-enabled supscription add-on to support malware detection/blocking, continuous analysis, and retrospective alterting with the ability to leverage Sourcefire's vast cloud security intelligence?

Introducing FirePOWER Technology from Sourcefire
FirePOWER is a unique technology that supports a range of Sourcefire security solutions with unmatched performance, threat protection and energy efficiency.

Fire Sight

You can't protect what you can't see. Network security solutions that are configured to standard “default” policies are blind to changes on the network. As new systems and applications emerge, most security systems won't even notice, let alone respond. Network behavior—such as unexpected connections and sessions, an important sign of a possible breach—passes unnoticed.

Sourcefire is different. We realized long ago that in order to be agile and provide required protection, security solutions need total network visibility, including physical and virtual hosts, operating systems, applications, services, protocols, users, content, network behavior as well as network attacks and malware.

Sourcefire FireSIGHT technology is built into all Sourcefire next-generation security solutions—NGIPS and NGFW—to provide the network intelligence and "context" you need to respond to changing conditions and threats. The visibility and automation provided by FireSIGHT technology make networks more secure and reduce operational costs.

The Power of FireSIGHT Technology—Control in Context
•    Optimize defenses and system performance by automating protection policy updates based on network changes
•    Reduce the number of "actionable" security events by up to 99% by correlating threats against target operating systems and applications and their inherent vulnerabilities
•    Know instantly who to contact when an internal host is affected by a client-side attack
•    Be alerted when a host violates a configuration policy or attempts to access and unauthorized system
•    Detect the spread of malware by baselining “normal” network traffic and detecting network anomalies

Next Generation Firewall

“Next-generation network IPS will be incorporated within a next-generation firewall, but most next-generation firewall products currently include first-generation IPS capabilities.”

-- “Defining Next-Generation Network Intrusion Prevention,” Gartner, 7 October 2011

The rate of change in IT environments is unprecedented. At the same time, attacks are coming at a rapid pace and with an increasing level of sophistication. In an attempt to provide effective protection, NGFWs have added application control to the access control capabilities provided by traditional firewalls. This isn’t enough.

With the Sourcefire Next-Generation Firewall, Sourcefire extends the power of Agile Security® and its leadership in Next-Generation IPS (NGIPS) to NGFWs. For the first time, customers can support access and application control policies today without sacrificing protection tomorrow.

The Sourcefire NGFW is the only solution of its kind to add best-in-class threat prevention and robust access and application control to advanced firewall capabilities. In fact, because our roots are in threat prevention we deliver the first NGFW based on an industry-leading NGIPS. In NSS Labs' 2012 NGFW Product Analysis Report, Sourcefire set a new standard in security effectiveness, protecting against 99 percent of all attacks and demonstrating superior performance and total cost of ownership.

What a Next-Generation Firewall Should Be
Designed for organizations that want ultimate flexibility to deploy appliances to match their infrastructure needs and scale over time, the Sourcefire NGFW delivers unique advantages to combat threats in today’s real world:

•    Total Network Visibility: Sourcefire realized long ago that you can’t protect what you can’t see. Our FireSIGHT™ technology gives you passive, real-time visibility of hosts, applications, operating systems, users, content, attacks, and more.

•    Advanced Threat Protection: Protecting for the latest threats, Sourcefire delivers the best threat prevention that money can buy as validated by independent third-party testing and thousands of satisfied customers around the world.

•    Control Without Compromise: With NGIPS built-in, you get third-party validated, best-in-class threat prevention as part of your NGFW. When combined with granular application and URL access control down to the individual user, you’ve got the total network protection you need today and tomorrow.

•    Intelligent Security Automation: Because there aren’t enough hours in the day or people on staff to keep pace with changing environments and threats, Sourcefire NGFW allows you to automate more administrative functions than any other NGFW solution.

•    Unparalleled Performance and Scalability: You need more protection but you also need to maintain network performance. Our appliances, based on single-pass architecture and FirePOWER™ technology, deliver stateful firewall inspected throughput options ranging from 40Gbps down to 1Gbps with minimal degradation as security functions are added.

•    Advanced Malware Protection for FirePOWER™ (Optional): Defeat malware across the network with malware detection/blocking, continuous analysis and retrospective alerting that leverage Sourcefire's vast cloud intelligence. Available via a subscription add-on to FirePOWER NGFW appliances. Simply software-enable these additional protections when you're ready - no need for limited-purpose malware appliances that add further complexity.

Next Generation IPS

Sourcefire 3D® System

Addressing Today's Highly Dynamic Networks

Today's networks are highly dynamic. New technologies add complexity, and the number and type of applications and systems on your network continues to grow. Information security risks multiply in number and scale as attackers become more sophisticated—and stealthy. Employees and contractors come and go, while customers and business partners demand ever more online access to applications, breaking down traditional barriers and enforcement points. Security specialists focus more time, energy, and budget to protect sensitive corporate resources—yet network breaches continue to occur.

The problem? While networks are increasingly dynamic, most security systems remain dangerously static.

These static systems don't understand the context of the networks they protect—leaving administrators to sort through a growing number of alerts and alarms to determine which are relevant, let alone a real risk. Static systems require constant manual tweaking and tuning to address changing threats and network resources. Plus, they lack an understanding of who is using the network and which individuals are affected by security incidents.

Sourcefire has leveraged years of experience in protecting some of the largest and most demanding network environments in the world to develop the industry’s first—and only—adaptive intrusion prevention solution, the Sourcefire 3D® System. The 3D System uniquely identifies and responds to changes in network infrastructure. With a detailed understanding of the devices, applications, and services deployed on the network, and their potential vulnerabilities, the 3D System escalates warnings of meaningful attacks, while suppressing unimportant and irrelevant events—allowing security analysts to focus their time and attention on the attacks that represent a real threat.

Purpose-built Appliances
The award-winning Sourcefire 3D System is comprised of three purpose-built appliance product lines—Sourcefire Defense Center®, Sourcefire 3D® Sensors, and Sourcefire SSL Appliances:

Sourcefire Defense Center is a powerful, yet easy-to-use centralized management console that correlates threats against network and vulnerability intelligence. Defense Center provides centralized command and control of 3D Sensors, including centralized event aggregation and 3D Sensor policy administration.

Sourcefire 3D Sensors are fault-tolerant, purpose-built appliances available with throughputs from 5Mbps up to 10Gbps. 3D Sensors passively aggregate network and user intelligence while defending the network against internal and external threats. Each 3D Sensor is capable of running Sourcefire IPS™, RNA® (Real-time Network Awareness), RUA® (Real-time User Awareness), and NetFlow Analysis modules.

Sourcefire SSL Appliances decrypt Secure Sockets Layer (SSL) traffic at 1Gbps line rate to enable existing security appliances to effectively inspect SSL traffic. The SSL Appliance operates transparently on the network and supports both passive and inline network configurations. Plus, the plug-and-protect approach minimizes deployment and operational costs while closing the security loophole that SSL creates.

In addition to traditional physical appliances, the 3D System is also available in virtual appliance form. The Sourcefire Virtual Defense Center™ and Sourcefire Virtual 3D Sensor™ bring Sourcefire network security functionality to VMware virtual environments. As an added benefit, 3D virtual components are completely interoperable with their physical counterparts, enabling maximum flexibility in deployment and operation. 3D Sensor Software Modules Each Sourcefire 3D Sensor is capable of running any combination of the following four software components:

Sourcefire IPS™ (Intrusion Prevention System) provides best-in-class intrusion detection and prevention by harnessing the power of the industry-standard Snort® rules-based detection engine. Backed by the acclaimed Sourcefire Vulnerability Research Team™ (VRT), Sourcefire delivers its customers unrivaled protection against known and unknown threats.

Sourcefire RNA® (Real-time Network Awareness) passively monitors networks 24x7 to deliver real-time, comprehensive network intelligence, including operating systems, services, applications, protocols, and potential vulnerabilities. RNA automates key IPS functions while fueling additional Sourcefire network security solutions, including Network Visibility, Network Behavior Analysis (NBA), and IT Policy Compliance.

Sourcefire RUA® (Real-time User Awareness) correlates Active Directory and LDAP usernames with host IP addresses involved in security and compliance events. RUA dramatically reduces the time needed to uncover user identity and contact information by 95% or more. Security teams can resolve security and compliance incidents more quickly, when time is of the essence.

Sourcefire NetFlow Analysis is an optional component of Sourcefire's NBA solution. By aggregating and analyzing NetFlow from routers and switches, NetFlow Analysis affords IT Security additional means for uncovering inside threats and Network Operations additional means for evaluating bandwidth provisioning and troubleshooting network outages and performance degradations.