Telephone: 01296 397711
Fax: 01296 394431
Email: info@phoenixdatacom.com
Phoenix Datacom banner
image
image
image

Sourcefire - Enterprise Threat Management

**NEW** click here for details of Sourcefire and SNORT training in London

Only Sourcefire addresses the entire real-time network defence challenge.

Perimeter defences alone are no longer enough to secure your network. An abundance of mobile devices, laptops, wireless networks, PDAs, outsourcing, even offshore partnerships - all these multiple entry points to the network represent another opportunity for compromise.
Today, the realities of a dissolving perimeter and the limitations of traditional intrusion detection systems (IDS) and intrusion prevention systems (IPS) are driving organizations to recast their network security paradigms and embrace a new, more effective approach.

** Now available for 10Gig networks - click here to download 3D9800 factsheet **

Overview

Sourcefire's ground-breaking 3D approach - Discover, Determine, Defend - is the first and only comprehensive intelligent network defence system that unifies intrusion and vulnerability management technologies to provide customers with the most effective, real-time network security for today's real world challenges.

Sourcefire's 3D approach is a fully integrated, real-time process of discovering risks, vulnerabilities and threats; determining their business impact; and taking the most precise, appropriate action to defend the network.

With the Sourcefire 3D approach, customers are able to more easily access the condition of the network in real-time . update and enforce policies . monitor and manage vulnerabilities . and respond quickly to security threats based on priorities.

The Sourcefire 3D System , including Sourcefire Intrusion Sensors and Agents, Sourcefire RNA Sensors and the Sourcefire Defense Center, offers the most all-around effective security available. In fact, all Sourcefire appliances are Plug-n-Protect for the lowest total cost of ownership. Each appliance includes hardware, software, operating system and database - pre-installed for ease of deployment, tuned for peak performance, and self-maintaining for low overhead.

Sourcefire Intrusion Sensors

Built on the legacy of the open source Snort® rules-based detection engine, Sourcefire Intrusion Sensors use a powerful combination of signature, protocol, and anomaly-based inspection methods to achieve the maximum attack detection and prevention capability.

Every aspect of the sensor can be configured and customized to ensure that users detect and prevent the events most important to them. Flexibility in the rules language and the numerous configuration options (port density, interface types, deployment modes for example) allow users to easily define new ways to identify and prevent threats and enforce policies specific to their individual environment. >>more info



Sourcefire RNA (Real-time Network Awareness)

Using a revolutionary combination of passive network discovery, behavioral profiling and integrated vulnerability management technologies, Sourcefire RNA (Real-time Network AwarenessT) Sensors provide the most comprehensive view of security events, and the ideal basis for the most effective network defense.

RNA Sensors continually monitor all network assets, (servers, routers, PC's, firewalls, wireless access points) presenting a real-time view and highly-detailed profiles of all network assets including their configuration, behavior, potential vulnerabilities, and associated changes.

This degree of insight and intelligence not only allows organizations to protect their networks with more confidence; it greatly reduces the ongoing costs associated with managing and responding to network threats. >>more info

Sourcefire RUA T (Real-Time User Awareness)

Sourcefire RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information---equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. Much more than a stand-alone user identity product, RUA enhances the Sourcefire 3D System by directly correlating individual user IDs with specific IP addresses, traffic, and events. RUA empowers administrators to mitigate risk, block users or user activity, and take action to protect others from disruption-tightening security without hindering business operations or employee productivity. These capabilities also will significantly improve customers' audit controls, enhance regulatory compliance, and enable remediation policies to be set based on user identity. RUA uses LDAP and Active Directory domains as its sources of data to build user intelligence. It eliminates the manual efforts to track users, shortens the time it takes to track down the location of exploited hosts, has no network impact, and uses the same data collection sensors as Sourcefire IPS and Sourcefire RNA. >>more info



Sourcefire Intrusion Agents

Sourcefire Intrusion Agents for Snort allow open source Snort users to benefit from the Sourcefire 3D approach while protecting and maximizing their investment in open source Snort deployments. All the intrusion event information from Snort sensors can be aggregated directly into the Sourcefire Defense Center with data from both Sourcefire Intrusion Sensors and Sourcefire RNA Sensors to trigger the ABC's of Defense -- Alert, Block and Correct. >>more info

The Sourcefire Defense Center - The Heart of the 3D System

By closely integrating and correlating the threat information provided by Sourcefire Intrusion Sensors and Agents with the network intelligence provided by Sourcefire RNA Sensors, the Sourcefire Defense Center prioritizes the millions of security events to determine the most critical events to an organization's business, and takes the appropriate actions.

These actions allow users to leverage the ABCs of Defense - Alert, Block, and Correct -- all in real-time, against all network threats.

  • Alert . Automated warnings to individuals or other management systems via SYSLOG, email, SNMP traps, etc. ensure attack warnings are rapidly addressed.
  • Block. Critical threats are not only blocked, but actually contained or quarantined via techniques including dropping traffic, disrupting sessions between devices, and integrating with access control devices such as firewalls, routers and switches.
  • Correct. New vulnerabilities and threats can be automatically mitigated by integrating with patch or configuration management systems to apply configuration or code changes to eliminate possible exploitation.

This high level of contextual intelligence allows customers to determine why a change occurred, whether an attack poses a serious threat to a target, and how to best prioritize and shape the response.
The Sourcefire Defense Center allows security administrators to more effectively secure their networks by providing:

  • A single, central point of administration analysis and reporting
  • Rapid response to potential attacks according to the ABC's of Defense
  • More consistent management and enforcement of security policies and compliance requirements

>>more info on Sourcefire Defense Center

Bottom line: Only Sourcefire addresses the entire real-time network defense challenge, providing all the benefits of the most complete, end to end network security solution for the real world.

To find out more about Sourcefire products call Phoenix Datacom on 01296 397711 , send an email or use the Request More Info form.

 

image