Sourcefire - RNA
Sourcefire RNA® (Real-time Network Awareness)
Network Monitoring with Real-time Passive Network Intelligence
Sourcefire RNA is an innovative, passive sensing technology that provides real-time network intelligence to the Sourcefire 3D® System. RNA enables organizations to confidently protect their dynamic networks through a unique, patented combination of passive network discovery, network flow analysis, and targeted vulnerability assessment technologies.
Like passive SONAR on a ship, RNA works by enabling you to identify friendly and non-friendly network behavior through passive network monitoring 24 hours a day, seven days a week.
Network Visibility
Sourcefire RNA provides 24x7, passive network monitoring, storing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on the network. RNA's key differentiator lies in its ability to collect this intelligence in a completely passive manner, while seamlessly integrating the intelligence with the 3D System. Because RNA is passive, it avoids the numerous and substantial pitfalls of traditional network monitoring technologies that rely on active scanning or host-based agents. Although passive discovery is RNA's primary means of gathering network intelligence, RNA's host database can be augmented with information gathered by active discovery tools.
Once RNA has established a baseline network inventory, its powerful Policy and Response (P&R) engine can notify Information Security or Network Operations the moment a new host appears on the network and/or when an existing host has changed its approved configuration (e.g., OS upgrade, new service).Once RNA has established a baseline network inventory, its powerful Policy and Response (P&R) engine can notify Information Security or Network Operations the moment a new host appears on the network and/or when an existing host has changed its approved configuration (e.g., OS upgrade, new service).
Adaptive IPS for Efficient and Effective Intrusion Prevention
By leveraging Sourcefire RNA, customers can take their Sourcefire IPS™ (Intrusion Prevention System) to the next level. Incorporating RNA's real-time network intelligence into the IPS can fully automate the ongoing process of IPS tuning and assessing the impact of security events.
The following table depicts key capabilities found in Sourcefire's Adaptive IPS solution:
| Impact Flag Assessments |
Threat intelligence is automatically correlated against real-time target host intelligence to determine the relevance and impact of the attack. False positives and negatives can be reduced by up to 99%. |
| RNA-Recommended Rules |
Sourcefire RNA recommends which Snort rules to enable and disable based on the network it is protecting. Snort rules can be enabled and disabled with or without human intervention. |
| Adaptive Traffic Profiling |
Prevents IPS evasions by enabling the intrusion prevention system (IPS) to model segmented and fragmented traffic in the same manner the host OS would see it. |
| Non-Standard Port Handling |
If a non-standard port is detected, the applicable Snort rules will automatically be re-configured to monitor related traffic using both standard and non-standard ports. |
Network Behavior Analysis
Network Behavior Analysis (NBA) solves daily challenges faced by both Information Security and Network Operations groups. Sourcefire RNA enables Information Security to detect and quarantine internal threats by establishing "normal" traffic baselines and detecting network anomalies. RNA can also help to secure "unmanaged" devices used by contractors and guests, and IT can be alerted when a new host appears or attempts to access an unauthorized network resource. In addition, RNA enables Network Operations to monitor bandwidth consumption across the network and to troubleshoot network outages and performance degradations.
IT Policy and Regulatory Compliance
Many organizations have documented IT acceptable use policies (AUPs), but few have the means to monitor and enforce them. Sourcefire provides the capability to model and enforce AUPs with compliance white lists. White lists specify the operating systems, services, applications, and protocols that are approved for use on the network and can be applied to all hosts-or a select range of hosts-on a given network segment. Organizations can reduce risk by identifying and mitigating non-compliant hosts.
Oftentimes, monitoring and enforcing compliance with company IT policies facilitates compliance with external regulations, such as PCI DSS, HIPAA, SOX, FISMA, Basel II, GLBA, and NERC. Numerous 3D System compliance features, such as white lists, dashboard widgets, and reports, help organizations achieve regulatory, as well as internal, compliance.
top
