Sourcefire IPS^™

Built on the legacy of the award-winning SNORT^® rules-based detection engine, Sourcefire IPS uses a powerful combination of signature, protocol, and anomaly-based inspection methods — at throughputs and line speeds up to 10 gigabits per second — to stop threats before they impact your network. Deployable in both inline and/or passive modes, Sourcefire IPS analyzes network traffic and prevents critical threats from affecting your network, and can integrate with the Sourcefire 3D System to contain threats by remediating to other devices including firewalls and routers.

Inline or Passive Deployments
Sourcefire IPS appliances can be deployed in both inline and/or passive modes in many areas of the network: at the perimeter, at the core, or at remote or branch offices. With throughput options from 5 Mbps to 10 Gbps, latencies as low as 100 microseconds, Intel^® and ASIC-based appliances, and fully redundant configurations, Sourcefire IPS appliances scale to suit your organization’s deployment needs.

New 10 Gigabit Capabilities
Sourcefire offers intrusion prevenion at line speeds and throughputs up to 10 Gbps to handle today's throughput and bandwidth requirements at the core. In high-traffic environments, Sourcefire IPS lets you monitor multiple networks from one central core, reducing the effort and complexity of threat management. The Sourcefire IPS device for 10 Gbps networks supports both copper and fiber networks, with high port density and a highly redundant, scalable architecture.

Comprehensive Protection Ahead of the Threat
Sourcefire IPS is powered by vulnerability-based Snort rules, which protect against zero-day threats by detecting all possible exploits of vulnerabilities. These Snort rules, provided by the Sourcefire Vulnerability Research Team (VRT), protect against:

Open Standard Rules
The Snort rule format, developed by Sourcefire, is an open standard that is by far the most widely used format in the industry, with over 100,000 active users. Unlike competitors’ rule formats, Snort rules can be viewed, edited, and created right from a Sourcefire IPS appliance or Defense Center.

Detailed Forensics
Using Sourcefire IPS, customers can easily see exactly why an attack has occurred and what steps if any they need to take in response. For every event, Sourcefire IPS provides users the full packet data that triggered that event. It gives users sophisticated, highly customizable, easy-to-use workflows for investigating security events when they occur.

Adaptive IPS for More Accurate Intrusion Prevention
Leveraging the capabilities of Sourcefire RNA, customers can achieve even more with Sourcefire IPS. RNA can automatically provide a set of recommended rules for Sourcefire IPS based on the operating systems and services actually seen in customer environments. Unlike competitors, Sourcefire IPS can use RNA information about the hosts on a network to model attack traffic to the operating system that is actually being attacked, ensuring accurate prevention and stopping evasions.

Plug-N-Protect Architecture and Blocking “Out-of-the-Box”
Right out of the box, users can put their sensors in inline blocking mode using a VRT-recommended set of Sourcefire IPS rules. Customers can rely on the VRT to provide them an up-to-date, recommended ruleset that offers full protection against the very latest reported vulnerabilities. Appliances are available in a Plug-n-Protect architecture that allows sensors to be up and running in minutes.

Sophisticated Reporting System
Sourcefire offers a highly flexible and customizable reporting system, providing users with complete control over each report’s content and display of the data. This flexibility enables administrators to easily define templates for managers, analysts, or compliance auditors. Reports can be output in CSV, HTML, PDF, or text formats, and can be automatically distributed periodically to email recipients.

IPv6 Compliance
Sourcefire's commitment to IPv6, the newest version of the Internet Protocol, enables you to extend the intrusion prevention capabilities of Sourcefire IPS into next-generation networks. Support for IPv6 traffic includes full packet analysis of regular and tunneled attacks, as well as features to stop evasions and normalize traffic in IPv6 networks.

SOURCEFIRE INTRUSION AGENT FOR SNORT^®

Sourcefire Intrusion Agents enable a Sourcefire Defense Center to aggregate event information from one or more open-source Snort sensors with data from Sourcefire IPS and Sourcefire RNA. This allows:

• Sophisticated data analysis
• Comprehensive reporting
• Impact assessment and prioritization of events
• Integration with third-party tools
• Real-time response to actual attacks

Sourcefire Intrusion Agents transmit events generated by open source Snort sensors to the Sourcefire Defense Center, where they can be tightly integrated with the information provided by Sourcefire RNA to create a real-time, comprehensive view of the security events on your network.