|
|
Sourcefire
The Sourcefire 3D™ System
Single-product defenses alone are no longer enough to secure your network. Threats
are growing in number and sophistication. Attackers are launching more attacks designed
to bring corporate networks down or to steal customer or corporate proprietary infor-
mation. Mobile devices, laptops, wireless networks, partner networks and PDAs are all
potential points of entry.
As the quantity and severity of threats increase, and as new regulatory compliance
requirements are introduced, IT budgets are growing rapidly year after year. In res-
ponse, organizations are faced with purchasing a myriad of point products that don't
share intelligence and don't see all the assets on a network.
Today, the limitations of traditional single-product solutions are driving organizations
to embrace a new, more effective methodology.
Sourcefire's ground-breaking 3D approach - Discover, Determine, Defend - is the
first and only Enterprise Threat Management (ETM) solution that unifies IPS, NBA, NAC
and vulnerability assessment technologies to provide customers with the most effective,
real-time network security for today's real world challenges.
Discover threat, network and asset information using Sourcefire IPS and
Sourcefire RNA.
Sourcefire IPS uses the industry standard SNORT vulnerability-based detection engine
to bring the benefits of signature, protocol, and anomaly-based inspection methods to
your network at speeds up to 10 Gbps. Sourcefire RNA passively monitors your network
to deliver highly detailed, real-time profiles of your network assets, including their confi-
guration, behavior, potential vulnerabilities, and associated changes.
Determine policy violations, the impact of security events and
the appropriate response.
By correlating threat information provided by Sourcefire IPS appliances and Intrusion
Agents with endpoint and network information provided by RNA, the Defense Center
prioritizes security events to determine the most critical events to your business enabling
you to take appropriate action.
Defend your network assets.
The 3D System gives users the capability to defend their networks before attacks by
proactively patching discovered vulnerabilities, during attacks by blocking, and after
attacks have occurred by remediation to other devices to minimize damage.
Sourcefire IPS™
Sourcefire IPS provides vulnerability-based intrusion prevention built on the foundation
of Snort, the world's most popular intrusion prevention software. Sourcefire IPS uses
a rules-based language - a powerful combination of signature, protocol, and anomaly-
based inspection methods - to examine packets for attacks. Attacks protected against
include worms, Trojans, port scans, buffer overflow attacks, spyware, VoIP attacks,
IPv6 attacks, protocol anomalies, malformed traffic, invalid headers, denial of service
attacks, and zero-day attacks. The Snort rules language is the industry standard, used
by a community of hundreds of thousands of security practitioners. Unlike competing
systems, Sourcefire IPS allows users to create, edit, and view detection rules, and full
packet payloads are logged for every event so users can see exactly what threatening
traffic has been detected. Sourcefire IPS can block threats directly and stop attackers
by integrating with access control devices such as firewalls, routers, and switches.
With inline or passive deployment options, line speeds from 5 Mbps to 8 Gbps and fully
redundant configurations, Sourcefire IPS appliances are architected to meet your
network's needs.
Sourcefire RNA™
Sourcefire RNA is a strategic component to Sourcefire's ETM value proposition. RNA
provides native NBA, NAC and Vulnerability Assessment capabilities, affording the
Sourcefire 3D System with valuable threat, endpoint and network intelligence. RNA
provides an always-on, real-time view of what is transpiring in a user's network. By
listening, RNA assembles a database of network assets, their operating systems, services
and communicating applications - and identifies potential vulnerabilities on these devices.
Unlike competitors' approaches, RNA's passive endpoint discovery requires no agent
installations or potentially destructive scans, although RNA can leverage the power of
targeted active scanning to find even more detailed information about hosts. RNA can
use this information to determine whether the services, operating systems, and
applications that endpoints are running are compliant with organizational policy. RNA also
monitors communications behavior among endpoints on a network, baselining traffic,
watching for deviances from typical traffic levels or connection patterns, and alerting
administrators to these changes. The contextual information provided by RNA not only
allows organizations to protect their networks with more confidence, but also reduces
the ongoing costs associated with managing and responding to network threats.
Sourcefire Intrusion Agent for Snort®
Sourcefire Intrusion Agents allow users of open-source Snort sensors to gain many of
the benefits available with the Sourcefire 3D System, including impact flags for intelligent
prioritization of threat events against network and business risks. Intrusion Agents are
available for Linux and Solaris.
Sourcefire Defense Center
Sourcefire Defense Center is the nerve center of the Sourcefire 3D system. Defense
Center unifies critical network security functions including event monitoring, correlation,
and prioritization for forensic analysis, trends analysis, and management reporting. The
highly effective user interfaces have been designed by security analysts for security
analysts with an intuitive lay-out and presentation, and user-definable workflows. Defense
Center has an open architecture which allows it to interface with existing management
consoles, such as IBM Tivoli and HP OpenView. Using Defense Center, customers can
control multiple 3D Sensors from a single management console and combine security
and compliance event data from IPS, RNA and open source Snort to get the most
comprehensive view of event activity on their networks.
By discovering security and network information, determining its business impact, and
defending networks before, during, and after the attack, the Sourcefire 3D System fully
addresses the enterprise threat management challenge.
|
Model |
3D500 |
3D1000 |
3D2000 |
|
Performance and Functionality* |
|
|
|
|
Supported Line Speed (IPS) |
5Mbps |
45Mbps |
100Mbps |
|
Supported Line Speed (IDS) |
5Mbps |
45Mbps |
100Mbps |
|
Monitoring Interfaces
• Copper (all with bypass)
• Mixed-Copper/Fiber (all with bypass)
• Port Speed (copper)
• Port Speed (fiber)
• Type of Connector-Copper
• Type of Connector-Fiber |
4
n/a
10/100/1000
n/a
RJ45
n/a |
4
n/a
10/100/1000
n/a
RJ45
n/a |
4
n/a
10/100/1000
n/a
RJ45
n/a |
|
Management Interfaces |
RJ45 |
RJ45 |
RJ45 |
|
Typical Latency |
< 1 millisecond |
< 1 millisecond |
< 1 millisecond |
|
Memory (RAM) |
256MB |
512MB |
1GB |
|
CPU(s) |
AMD LX |
Celeron |
Celeron |
|
Expandable (additional CPUs) |
no |
no |
no |
|
Disk Capacity |
40GB |
40GB |
40GB |
|
Redundancy Features |
|
|
|
|
Dual Power Supplies |
n/a |
n/a |
n/a |
|
Hard Drives |
n/a |
n/a |
n/a |
|
RAID Support |
n/a |
n/a |
n/a |
|
Cooling Fans |
1 |
1 |
1 |
|
Physical and Environmental |
|
|
|
|
Form Factor |
desktop/rackmount |
desktop/rackmount |
desktop/rackmount |
|
Dimensions (DxWxH inches) |
6.7x11.8x1.25 |
6.7x11.8x1.25 |
6.7x11.8x1.25 |
|
Shipping Weight (lbs) |
10 lbs |
10 lbs |
10 lbs |
|
Amps |
5AMP (12V) |
5AMP (12V) |
5AMP (12V) |
|
Voltage |
100-240V |
100-240V |
100-240V |
|
Watts (max) |
60 |
60 |
60 |
|
BTU Rating (per hour) |
205 |
60 |
60 |
|
Operating Temperature |
0°C-40°C |
0°C-40°C |
0°C-40°C |
|
|
|
|