Sourcefire

Sourcefire's mission is to deliver intelligent security infrastructure for the most efficient and effective risk management. They are a world leader in real-time adaptive network security, giving companies maximum protection against attacks.

Sourcefire solutions and open source technologies are deployed in nearly all of the Fortune 100 companies, in over 50% of the Fortune 500 companies, 42% of the Global 500, and across all branches of the military as well as in the largest civilian government agencies.

Sourcefire’s open source is the world’s most downloaded intrusion detection and prevention technology with over 3.7 million downloads to date. In response to increased demand for a commercial version of the popular software, the company developed the Sourcefire 3D® System Discover, Determine, Defend — a systematic network defense system built on Snort and designed to adapt to dynamic networks and threats in real-time.

Our Sourcefire Partnership

As SP specialize in enterprise security solutions, our expertise and experience along with careful attention to the integration, performance requirements and ongoing support in such a complex and often incorrectly implemented solution is invaluable.

SP Sourcefire customers therefore enjoy superior network security, higher performance, and unmatched scalability at lower costs.

Sourcefire Defense Center (DC) management console

The “nerve center” of the Sourcefire 3D® System. It provides a powerful, easy-to-use interface for aggregating & monitoring security/compliance events, generating reports and configuring alerts, and managing policies and distributing to underlying Sourcefire 3D Sensors.

Each Defense Center features a highly customizable, portal-like dashboard with dozens of pre-defined and customizable drag-and-drop “widgets” that display critical information in the form of tables and graphs.

Dashboard benefits include interactive drill-down, granular administrative privileges, and dashboard tab cycling. Users can tailor the dashboard to their role within the organization and share their dashboard with their peers.

Key Features

  • Aggregation and Monitoring of Events for Centralized Network Defense
  • Customizable Reports and Alerts
  • Centralized Policy Management
  • Powerful Integration with Third-Party Systems
  • Sourcefire Master Defense Center for Enterprise Scalability

 

 Product Sheet

 

 

 

Sourcefire RNA™

(Network Monitoring with Real-time Passive Intelligence)
An innovative, passive sensing technology providing real-time network intelligence to the Sourcefire 3D® System. RNA enables organizations to confidently protect their dynamic networks through a unique, patented combination of passive network discovery, network flow analysis, and targeted vulnerability assessment technologies.

Sourcefire RNA provides 24x7, passive network monitoring, storing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on the network.

RNA’s differentiator is its ability to collect intelligence in a completely passive manner, avoiding the many substantial pitfalls of traditional network monitoring solutions relying on active scanning or host-based agents.

Sourcefire RUA

(Real-time User Awareness)
Sourcefire RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information - equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately.

Much more than a stand-alone user identity product, RUA enhances the Sourcefire 3D® System by directly correlating individual user IDs with specific IP addresses, traffic, and events.

RUA empowers administrators to mitigate risk, block users or user activity, and take action to protect others from disruption—tightening security without hindering business operations or employee productivity. These capabilities also improve customers' audit controls, enhance regulatory compliance, and enable remediation policies to be set based on user identity.

 

  Product Sheet

The Snort Engine

If the Sourcefire 3D® System is a supercar, Snort delivers the high performance engine. This engine consists of threat detection and prevention components that work together to reassemble traffic, prevent evasions, detect threats, and output threat information without creating false positives or missing legitimate threats.

The Snort process consists of multiple components which work together to reassemble traffic as a target host would see it, identify traffic that may contain threats, and match Snort rules against this traffic to recognize attacks. Together, these components efficiently detect threats and reduce or eliminate false alarms.

Worldwide Success

Snort uses a rule-driven language which combines the benefits of signature, protocol and anomaly-based inspection methods. With its dramatic speed, power and performance, Snort quickly gained momentum. With more than 3.7 million downloads to date, Snort has become the single most widely deployed intrusion detection and prevention technology in the world.

As part of the company's ongoing active development, Sourcefire continues to enhance Snort and provide value-add services for open source and commercial users

  Product Sheet