Next-Generation Intrusion Prevention System (NGIPS)
Automate Security with Contextual Awareness
Today's networks are highly dynamic. New technologies add complexity, and the number and type of applications and systems on your network continues to grow. Information security risks multiply in number and scale as attackers become more sophisticated—and stealthy.
Sourcefire Next-Generation IPS raises the bar for IPS technology by integrating real-time contextual awareness into its inspection. The system gathers information about network and host configurations, applications and operating systems, user identity, and network behavior and traffic baselines. By having the utmost visibility into what's running on your network, NGIPS offers event impact assessment, automated IPS tuning, and user identification to significantly lower the total cost of ownership.
|How the NGIPS Uses Contextual Awareness to Fuel Intelligent Automation|
Continual network visibility, including new hosts entering the network, network and host configuration changes, and IT policy compliance.
|Automated Tuning & Impact Assessment Reduces Costs
Automatically determine threat relevancy, threat severity, and self-tune to defend against attacks; increasing security, maximizing throughput, and reducing operational costs.
Identify application traffic that is traversing the network to define application policies and management.
|Application Policy Management Improves Visibility
Control your acceptable use policy (AUP) by automatically identifying the types of applications on your network and recognizing policy violations.
Improve audit controls and regulatory compliance by linking events directly to individual users.
|User Identity Tracking Speeds Incident Resolution
Automatically link Active Directory and LDAP users to events so you know exactly who to contact when time is of the essence.
Detect and quarantine internal threats by establishing "normal" traffic baselines and detecting network anomalies.
|Network Behavior Analysis Increases Network Visibility
Monitor bandwidth consumption, troubleshoot network performance degradation, and automatically quarantine internal hosts with malware before it spreads.
Sampling of Application Awareness Provided by NGIPS
Leveraging the Open Architecture
Powered by Snort
Created by Martin Roesch, the founder of Sourcefire, Snort is the single most widely deployed intrusion detection and prevention technology in the world. With nearly 4 million downloads and over 326,000 registered users, collaboration with the Snort community offers advanced threat protection. Plus, the open architecture provides the ability to view, edit, and create Snort rules. Each commercial Sourcefire IPS integrates the power of Snort:
- Open architecture provides the ability to view, edit, and create Snort rules
- Advanced threat intelligence leveraging the collaboration of the Snort community
- Built-in Data Leakage Prevention (DLP) helps you to identify unauthorized transmission of sensitive data, including credit card numbers, social security numbers, and more
Backed by Sourcefire Vulnerability Research Team™ (VRT)
The Sourcefire VRT is a group of leading security experts that maintain the open source community rule set and develop the official Snort rules used by the Sourcefire IPS solutions. The comprehensive threat protection offered by Sourcefire is consistently ranked number one. View the NSS Labs Network IPS Individual Product Test Results for the most recent proof. The Sourcefire VRT:
- Discovers, assesses, and responds to the latest trends in hacking activities, intrusion attempts, and vulnerabilities to stay ahead of threats
- Develops vulnerability-based rules to protect you before exploits are in the wild
- Delivers same-day protection for critical Microsoft vulnerabilities
Seamless Third-party Integration
Because of its open source flexibility, you can quickly and easily integrate Sourcefire IPS solutions with a variety of third-party technologies. Our technology partners include vulnerability management systems, security information and event management (SIEM) applications, network access control (NAC), network forensics, and more. System interoperability provides numerous benefits:
- Extends your investment without major effort or upgrades
- Simplifies your security deployment and planning activities
- Provides the flexibility to interoperate security in any IT environment
IPS and NGIPS Hardware and Technology
Sourcefire IPS and NGIPS solutions take advantage of the best hardware technology in the industry, providing IPS inspected throughput options ranging from 20Gbps down to 5Mbps. Upgrading Sourcefire IPS to NGIPS is as easy as adding a license to your software.
The new Sourcefire 3D8000 Series appliances offer interface modularity, expandability, and scalability. Modularity provides a low entry-price and enables you to choose the number of ports and media type for your network and swap out interface types as needed. Expandability gives you the option to pay for network interfaces as you grow. Scalability enables you to add additional processing power through appliance stacking.
At the heart of the new 3D8000 Series appliances lies the breakthrough FirePOWER™ acceleration technology, providing market-leading performance with greater energy efficiency.
All Sourcefire 3D Sensors operate in either inline intrusion prevention or passive intrusion detection modes and come with fail-open capabilities standard to safeguard constant network availability.
Looking for something else? We offer a range of IPS solutions as well as several complementary products to protect your network. Check out the Sourcefire 3D® System offering to find the solution that's right for you.