1 / 25

True Intrusion Prevention: Best of Both Worlds + Privately-Funded Support & Innovation

Sourcefire offers true intrusion prevention by integrating threat, endpoint, and network intelligence. With industry-recognized technology and powerful community support, Sourcefire provides effective and efficient network security solutions.

toby
Télécharger la présentation

True Intrusion Prevention: Best of Both Worlds + Privately-Funded Support & Innovation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. True Intrusion Prevention Cyrille Badeau Regional Sales Manager Southern Europe

  2. Best of Both Worlds + Privately-Funded Support & Innovation About Sourcefire • Solid and Successful • 16 consecutive quarters of growth • 796% growth over past three years • 2005 Frost & Sullivan Network Security Company of the Year • NetEvents European Security Technology Leader 2006 Award We Offer True Intrusion Prevention:The Integration of Threat, Endpoint,and Network Intelligence

  3. Industry Recognition • RSA Innovator Award - February 2005 • “The real competition was for second place” • NSS Gold Award - April 2005 • “Only the fifth time that a product earned this designation” • Infonetics Research - May 2005 • Leads all network-based IDS/IPS vendors in market share growth • Federal Computer Week - July 2005 • Five stars (out of five) for Features, Performance, Price

  4. Industry Recognition • SC Magazine: IPS Group Test - July 2005 • “Sourcefire 3D System: Best IPS out thereon the market” • Bested 11 vendors including ISS, McAfee,and Tipping Point • Secure Enterprise - October 2005 • “Better data-mining tools and accurateprotocol discovery” • Information Security - November 2005 • “An excellent choice for customizing signatures and tuning blocking to policy”

  5. Gartner Recognizes the Power of Sourcefire Q2 04 Q4 05

  6. End-Point Intelligence “Providing endpoint and network intelligence to network security products significantly improves their capabilities and limits the obstacles to a successful deployment. Organizations deploying network security products should look for their integration with vulnerability assessment and network intelligence solutions.” Amrit Williams, Gartner Research Director

  7. Leveraging A Powerful Community

  8. Technology Threat, Endpoint, and Network Intelligence Policy Enforcement Vulnerability Mgmt. Configuration Mgmt. Access Control Firewalls IDS IPS Incident Response Policy Enforcement Network Behaviour Analysis(NBA) Policy-Driven Automation PRE-ATTACK POST-ATTACK ATTACK Asset Management Policy Compliance Attack Recognition Interception Compromise Identification Containment/Remediation Applications Complexity of Network Security

  9. Technology Threat, Endpoint, and Network Intelligence Sourcefire RNA Sourcefire DC Sourcefire IDS Sourcefire IPS Sourcefire DC Policy-Driven Automation PRE-ATTACK POST-ATTACK ATTACK Asset Management Policy Compliance Attack Recognition Interception Compromise Identification Containment/Remediation Applications Where Sourcefire Fits in

  10. The Three Ds of True Intrusion Prevention

  11. Sourcefire 3D System a Little Closer • Snort—de facto standard for intrusion detection and prevention—flexible and powerful rules language • Detection and blocking of all known threats • Protocol analysis for unknown and zero- day threats • Active Scanning • Business Context • Passive Discovery • Target-based Scanning • Network Behavior Anomaly Detection (NBAD) • Network Flows • New communications between hosts

  12. Sourcefire Intrusion Sensors Email, SNMP, Syslog,Help Desk Sourcefire Defense Center Sourcefire RNA Sensors Firewall, IPS, Switchers, Routers Sourcefire Intrusion Agents Patch Management, Configuration Management Sourcefire 3D System at a Glance

  13. Intrusion Sensor Performance • Snort® powered - the most precise intrusion technology • Flexible, comprehensive, and powerful rules language • Detection and blocking of all known threats • Protocol analysis for unknown and zero-day • Plug-n-Protect™ appliances or blade-ready software • IS500 to IS5800 – 5mbps to 8+ Gigabits • Flagship Offering - IS5800 • “Stackable” architecture enables scalable performance • Low latency • Fault tolerant design Sourcefire Passive Mode Sourcefire Inline Mode Monitoring Defend – Via the ABCs Block Traffic Drop Traffic Alert

  14. RNA: Real-time Network Awareness “Magic eye that watches everything happening on your network.”Network World • Real-time, all-the-time passive discovery and multi-vector profiling • Compositional awareness • Operating system(s), vendor, version • Services, vendors, versions • Ports and protocols • MAC and IP address(s) • Vulnerabilities • Behavioral awareness • Traffic • Peers • Criticality awareness • Qualitative • Quantitative

  15. With Sourcefire IPS driving real-time defense Know that events are real Know the criticality of events Know if critical assets have been compromised Automate time-consuming manual processes Get correlated threat, endpoint, and network intelligence and have the most accurate threat data in front of you RNA: Real-time Network Awareness • Without Sourcefire • IPS is noise generator • Plethora of false positives • Gartner—”99 out of 100 alerts mean nothing” • Confidence level low – only small amount of threats can be safely blocked. Lack of precision. • Most IPSs can’t correlate threat, endpoint, and network intelligence to determine the susceptibility of the asset being targeted by the attack

  16. RNA: Real-time Network Awareness Know where your mission critical systems stand: • Continually visualize and analyze packets, assets, and data flow • Identify and track anomalies such as DDoS attacks, worms, and zero-day threats from any entry point • Detect and shut down illegal mail servers • Detect and shut down rogue desktop applications including desktop web servers • Enforce corporate policies for P2P restrictions such as Kazaa and instant messaging

  17. Sourcefire Defense Center • Event correlation • Correlates and prioritizes attack data against the true network layout and changes • Command and control • Centrally administers your sensor grid • 3D visualization • Gives you clear picture of your networks and all REAL attacks • Very low TCO • Plug-n-Protect appliance—no additional moving parts • Built-in, high performance database— • Integrated data management capability gives you the power to manage all of your events, scaling to enterprise deployments without having to license additional DB licenses The “nerve center” of the Sourcefire 3D System— it triggers the ABCs of Defense

  18. Sourcefire Defense Center • Helps document compliance with: • Federal Information Security Management Act (FISMA) • Gramm Leach Bliley (GLB) Act • Health Insurance Portability and Accountability Act (HIPAA) • Sarbanes Oxley (SOX) Act • Security Breach Information Act (SB 1386) • Visa/MC Processing Card Industry’s (PCI) Data Security Standard “In the PCI standard, it states we must use network intrusion detection systems, host-based intrusion detection systems, and/or intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises.There are two kinds of IDS/IPSs on the market. One, you plug in and don’t ever want to hear from again. Then there’s the other kind that lets you get useful information about your network. That’s what we have with Sourcefire.” Michael Morgan Network Security Administrator BankersBank Card Services

  19. Sourcefire Defense Center • Alerting • Real-time notification via all mainstream methods • Programmatic interfaces support unlimited integration • Streaming API • Bi-directional command & control interfaces • Blocking • Wire-speed interception of network threats • Isolation and containment leveraging existing network infrastructure • Switches • Routers • Firewalls • Correction • Patch or Configuration Management • System and Network Management • Asset management

  20. Unknown Exploit Bringing It All Together 1. Reconnaissance activity detected by passive Intrusion Sensor, events associated with the target assigned higher priority.  2. RNA detects change in the behavior and/or composition of the compromised asset. Patch Management (or other solution) Sourcefire Intrusion Sensor (in-line) 3. Correlated events trigger remediation policy: - Isolate compromised server - Block attacker at firewall - Direct configuration mgmt. - Notify system administrator Sourcefire Intrusion & RNA Sensors  4. In-line Intrusion Sensor policy updated to prevent reoccurrence. Sourcefire Defense Center

  21. Technology Threat, Endpoint, and Network Intelligence Policy Enforcement Vulnerability Mgmt. Configuration Mgmt. Access Control Firewalls IDS IPS Incident Response Policy Enforcement Network Behaviour Analysis(NBA) Policy-Driven Automation PRE-ATTACK POST-ATTACK ATTACK Asset Management Policy Compliance Attack Recognition Interception Compromise Identification Containment/Remediation Applications Complexity of Network Security

  22. IPS ? IDS ? … Best of both worlds Sourcefire : + IPS Inline + IDS (complete rules set) + RNA + No noise but efficiency IDS : + Complete Rules set - Too noisy • IPS Inline : • + No noise anymore !!! • Only « easy to catch » • Attacks rules/signatures 1998 2000 2005 5000 rules IDS (Snort) 8000 rules IPS/IDS 300 rules IPS

  23. Vulnerability Research Team (VRT) • 10 million dollar investment • Write rules not signatures • Full-time team: • Analysing vulnerabilities • Reverse-engineer patches • Create new rules updates every 2 weeks • Emergency updates via email distribution lists Security • Engine Update object model (code + data)

  24. True Intrusion Prevention—The Better Way • Sourcefire is the fastest growing company in the space due to its market-driven solution, innovation, and value. • Gartner has moved Sourcefire to the front on the pack for “ability to execute” and “completeness of vision” in its latest Network Intrusion Prevention Appliance magic quadrant. • The true intrusion prevention approach gives you the best of both worlds: open source community power and commercial innovation. • With this approach, you leverage the best industry technologies from Check Point Software Technologies and Sourcefire (including Snort). • You save money and time • 90% reduction in alerts • Provides automation wherever possible (and requested) • Uses Plug-n-Protect appliances • Bottom line—it’s the most effective security to protect your: • Revenue • Reputation • Regulatory compliance

  25. Questions & Answers Information Security Magazine, The Influence List “Sourcefire, framing the future of IT security” www.sourcefire.com 800.917.4134

More Related