Sourcefire - IPS

Sourcefire Intrusion Prevention System (IPS)

Best-in-Class Intrusion Detection and Prevention

Built on the legacy of the award-winning Snort® rules-based detection engine, Sourcefire IPS uses a powerful combination of vulnerability- and anomaly-based inspection methods-at throughputs and line speeds up to 10 Gbps-to analyze network traffic and prevent critical threats from affecting your network. Whether deployed at the perimeter, in the DMZ, in the core, or at critical network segments, and whether placed in inline or passive mode, Sourcefire's easy-to-use IPS appliances provide comprehensive threat protection. Sourcefire IPS excels with extensive analytics, powerful reporting, and unrivaled scalability.

Comprehensive Protection Ahead of the Threat

The highly-acclaimed Sourcefire Vulnerability Research Team™ (VRT) works around the clock to ensure Sourcefire customers are protected against both known and unknown threats. The Sourcefire Intrusion Prevention System (IPS) is powered by the VRT's vulnerability-based Snort rules, which protect against zero-day threats by detecting all possible exploits of vulnerabilities.

Sourcefire IPS appliances provide threat protection against:

Open Standard Rules

Drawing from a library of more than 14,000 open Snort rules, the Sourcefire Intrusion Prevention System (IPS) contains multiple default policies for out-of-the box blocking, making it easy to deploy for novice users. The Snort rule format, developed by Sourcefire's founder and CTO, Martin Roesch, is an open standard that is the most widely used in the industry, with more than 3 million downloads and over 225,000 registered users. Unlike other closed signature-based formats, Snort rules can be viewed, edited, and created from a Sourcefire IPS appliance or Sourcefire Defense Center™ management console.

The Industry's First-Shipping 10Gbps Intrusion Prevention System (IPS)

Sourcefire's purpose-built, ICSA-certified 3D Sensors are available with throughputs from 5Mbps up to the industry's first-shipping 10Gbps IPS appliance. Sourcefire 3D™ Sensors are available with critical fault-tolerant features, such as fail-open copper and fiber ports, dual power supplies, and RAID drives, and each 3D Sensor supports an array of high availability configuration options.

Centralized Command and Control for High Scalability

Using the Sourcefire Defense Center® (DC) management console, customers can analyze IPS events, configure and push IPS policies, automatically download and apply Snort rule updates, and much more. For larger deployments, customers can leverage Sourcefire Master Defense Center (MDC) technology to manage multiple DCs and hundreds of 3D Sensors across their entire organization.

Defense Center provides customers with powerful reports, alerts, and dashboards. Users can leverage a variety of pre-defined report templates or create custom reports, and they can receive alerts in the form of email messages, syslogs, or SNMP alerts. Customers can create fully customized dashboards with dozens of drag-and-drop "widgets" that display critical information in the form of tables and graphs.

Adaptive IPS for Efficient and Effective Intrusion Prevention

By leveraging Sourcefire RNA® (Real-time Network Awareness), customers can take their Sourcefire Intrusion Prevention System (IPS) to the next level. RNA provides 24x7, passive network intelligence, providing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on your network. Incorporating real-time network intelligence into the intrusion prevention system can fully automate the ongoing process of IPS tuning and assessing the impact of security events.

The following table depicts key capabilities found in Sourcefire's Adaptive IPS solution:

top