Sourcefire Webinar - NEW GENERATION IPS

1. Next-GenerationIntrusion Detection & PreventionManuel Minzoni, Brand ManagerITWAY VAD

2. Agenda Your Security Challenges About Sourcefire A New Approach How It Works Products & Services Questions & Next Steps

3. Your Security Challenges

4. Let’s Solve Problems What are your challenges? How are they being addressed today? What’s your ideal solution? What is your timeframe?

5. Today’s Reality “Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure.” Neil MacDonald VP & Gartner Fellow Source: Gartner, Inc., “The Future of Information Security is Context Aware and Adaptive,” May 14, 2010 Dynamic Threats Organized attackers Sophisticated threats Multiple attack vectors Static Defenses Ineffective defenses Black box limits flexibility Set-and-forget doesn’t work

6. Company Overview & Performance

7. Annual Revenue Growth FYE: December 31 ($MM, GAAP) $103.5 CAGR 77% $75.7 $55.9 $44.9 $32.9 $16.7 $9.5 $1.9

8. Sourcefire Worldwide Locations Education &Professional ServicesLivonia, MI EMEA HQWokingham, UK Japan SalesTokyo, Japan Central Europe SalesFrankfurt, Germany Worldwide HQColumbia, MD Americas Sales Vienna, VA Southern Europe SalesParis, France Asia Pacific HQSingapore South American Sales Sao Paulo, Brazil ANZ SalesSydney, Australia

9. Firemen Principles

10. About Sourcefire To be the leading provider of intelligent cybersecurity solutions for the enterprise. Mission: Founded in 2001 by Snort Creator, Martin Roesch, CTO Headquarters: Columbia, MD Focus on enterprise and government customers Global Security Alliance ecosystem NASDAQ: FIRE

12. World’s largest threat response community

13. Interoperable with other security products

14. Owned and controlled by Sourcefire, Inc.

16. Competitor Landscape

17. Gartner 2010 IPS Magic Quadrant FACT: Sourcefire has been a leader in Gartner’s IPS Magic Quadrant since 2006. The Magic Quadrant is copyrighted 6 December 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

19. ✔ Broad third-party integration

20. ✔ Virtual IPS offerings[completeness of vision] Broader product portfolio

21. NSS Labs Group IPS TestBlock Rate Comparison Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

22. NSS Labs Group IPS TestResistance to Evasion Juniper missed 60% of evasions TippingPoint missed 80% of evasions Cisco missed 100% of evasions Source: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

23. About the Test Published December 2010 11 vendors evaluated 1,179 live exploits 75 anti-evasion test cases No cost to vendors to participate Sourcefire Test Results Recommend rating Best overall detection Best vulnerability coverage Best vendor-stated vs. actual performance No evasions Second-Annual NSS Labs IPS Group Test

24. Best Overall DetectionSecond Straight Year! 98% 97% 95% 94% 93% 91% 85% 83% 79% 63% 43% Graphic by Sourcefire, Inc. Source data from NSS Labs “Network IPS 2010 Comparative Test Results.”

25. Best Vulnerability CoverageSecond Straight Year! Sourcefire Vendor 2 Vendor 3 Vendor 4 Vendor 5 Vendor 4 Vendor 6 Vendor 7 Vendor 8 Vendor 9 Vendor 6 Vendor 10 Vendor 10 Vendor 11

26. Best Vendor-Stated vs. Actual PerformanceSecond Straight Year! Sourcefire’s 2G IPS achieved 3.2G for 161% of vendor-stated performance 100% Performance Baseline Most IPS products achieved well below vendor-stated performance claims Graphic by Sourcefire, Inc. Computations derived from NSS Labs “Network IPS 2010 Comparative Test Results.”

27. Anti-Evasion Testing Sourcefire Vendor 2 Vendor 3 Vendor 4 Vendor 5 Vendor 6 Vendor 7 Vendor 9 Vendor 10 Vendor 11 Vendor 8

28. IPS Solutions

29. Unique Solutions for Unique Markets NGIPS Security Specialists Feature Rich IPS Sourcefire IPS Portfolio Network GeneralistsSimplicity IPSx

30. Sourcefire IPS Solutions Portfolio

31. Target Markets

32. Solution Ingredients + = IPSx Solution IPSx Sensors DC750x + = IPS Solution Defense Center 3D Sensors + Network Application Behavior Identity = NGIPS Solution 3D Sensors Defense CenterAwareness Bundle

33. Appliances / 3D8000 Series

34. Introducing… Sourcefire 3D8000 Series “Speed Meets Flexibility”

35. 3D8000 Series Performance

36. 3D8000 Series Product Line All 3D8000 Series chassis support lights out management, solid state drives, redundant power, and an LCD interface.

37. Modular Choose number and type of ports Lower Entry Prices Expandable Add ports as needed Scalable Add processing power as needed Hardware Platform Sets New Standard for Security Appliances

38. SSL Appliance

39. SSL Blind Spots Network and security appliances are blind to the contents of SSL-encrypted communications

40. Common Control/Management Decrypted (Inspected) Non-SSL SSL Session 2 Session 1 Deployment Mode:Inbound SSL Inspection The Security Stack IPS/IDS/DLP/Forensics/SIEM Transparent SSL Proxy Web Servers (SSL Servers) Web Browser (SSL Client) Internet/WAN

41. Common Control/Management Decrypted (Inspected) Non-SSL SSL Session 2 SSL Proxy Session 1 Deployment Mode:Outbound SSL Inspection The Security Stack IPS/IDS/DLP/Forensics/SIEM Transparent SSL Proxy Web Browser (SSL Client) Web Servers (SSL Servers) Internet/WAN SSL Server

42. SSL Appliance Features and Benefits

43. A New Approach

44. Traditional IPS vs. Next-Generation IPS Traditional IPS Next-Generation IPS Closed& Blind Open & Customizable Architecture None orLimited Visibility & Intelligence Awareness Human Intensive Self Tuning &Precision Automation

45. Next-Gen IPS – Open Architecture Powerful Engine & Rules Adaptable Custom fit to network Comprehensive coverage Open Community Information sharing Shared protection Protection Against Advanced Persistent Threats (APT)

46. Next-Gen IPS – The Power of Awareness Network Know what’s there, what’s vulnerable, and what’s under attack Application Identify change and enforce policy on hundreds of applications Behavior Detect anomalies in configuration, connections and data flow Identity Know who is doing what, with what, and where

48. Intelligent EventReduction

49. Intelligent Tuning

50. Operational Efficiency

51. Custom Fit Security Real Time, All the Time!

52. How It Works

53. Intelligent Correlation to the Target BlockedEventLogged 3D SENSOR Attack Is Correlated to Targets DEFENSE CENTER 3D SENSOR LINUXSERVER Linux server not vulnerable WINDOWSSERVER AttackBlocked Windows server vulnerable 3D SENSOR 3D SENSOR Latest Windows attack targets Microsoft Windows Server and Linux Server. Attacks are correlated to targets. High-priority event generated for Windows Server target.

54. Abnormal Behavior Logged &Alerts Triggered 3D SENSOR DEFENSE CENTER 3D SENSOR ITRemediatesHosts 3D SENSOR 3D SENSOR HostsCompromised Abnormal Behavior Detected New rogue host connects internally. Sourcefire detects new host and abnormal server behavior. Defense Center triggers alerts for IT to remediate. New Asset Detected Intelligent Anomaly Detection

55. Compliance Event Logged & User Identified 3D SENSOR DEFENSE CENTER 3D SENSOR IT & HRContact User 3D SENSOR 3D SENSOR P2P App TriggersWhitelist Violation Intelligent Application Violation Security team uses compliance whitelists to detect IT policy violations. Host detected using Skype. User identified and then contacted by IT and HR.

56. Master Defense Center (MDC)

57. Sourcefire Products & Services

58. Next-Generation IPS Awareness Technologies Networks Apps Behavior Users Defense Center Management Console Intrusion Prevention SSL Inspection Virtualization

59. Virtual Appliances for VMware & Xen Sourcefire Virtual 3D Sensor™ Identical IPS Sensor functionality Available throughputs: 5, 45, 100, 250 & 500 Mbps Sourcefire Virtual Defense Center Management Console Identical Defense Center functionality, except no Master Defense Center (MDC) mode Manages both physical and virtual IPS 3D Sensors

60. Sourcefire’s “Secret Sauce” Passive network intelligence Fuels powerful IPS automation: Impact Flags Automated IPS Tuning Compliance Rules & White Lists Network Behavior Analysis Detects hundreds of operating systems and applications What is RNA?

61. Real-Time User Awareness (RUA) “Mapping a username to an IP address was taking us away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two.” Tamara Fisher, AutoTrader.com RUA gives “personality” to security and compliance events! Clicking on a username reveals full name, telephone number, email, and department Resolve security events more quickly when time is of the essence Integrated into all Sourcefire 3D Sensors

62. Sample Sourcefire Detection Hundreds of Apps, OS’s & Devices! Operating Systems Applications Network Infrastructure Consumer

63. Sourcefire Appliance Product Lines Virtual Appliances Sourcefire Defense Center® DC1000 3D9900 10 Gbps DC3000 3D65004 Gbps DC500 3D45002 Gbps 3D35001 Gbps 3D2500 500 Mbps Sourcefire 3D® Sensor 3D2100 250 Mbps PERFORMANCE 3D2000 100 Mbps 3D100045 Mbps 3D5005 Mbps Sourcefire SSL Appliance

64. Physical Appliances Product Line Defense Centers 3D Sensors

65. 3D System 4.10 Highlights Expanded Application & User Awareness Detect Facebook, Blackberry, Hotmail & more Nmap update detects 2,500+ operating systems Encrypted RUA communications Enhanced Deployment & Operation Inline IPS test mode Support for auth. SMTP gateways & web proxies Improved Third-Party Integration Direct database access for third-party reporting Support for SNMP polling Support for new Crossbeam products Improved Performance & Usability Improved GUI performance Track reviewed events by user Simpler installation of customer SSL certificates Refer to “What’s New in 3D System 4.10” document for more information

66. Customizable Dashboard

67. Comprehensive Ecosystem SIEM / Log Management Network Infrastructure Configuration Management Incident Management Systems Management Vulnerability Management

71. Knowledge transfer and best practices“I can’t say enough about the guys from Support. The phone gets picked up the moment I call. They stick with an issue diligently and make sure I get what I need. No other company has given me that level of service.” Robert Wagner Senior Security Architect

72. Why Sourcefire? Powered by Snort Driven by Awareness Best-in-Class Detection Open Architecture Highly Automated Stop Doing Things the “Old Way!”Try the “Next Generation” in Intrusion Detection & Prevention.

73. Questions & Next Steps

Sourcefire Webinar - NEW GENERATION IPS

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (7)

Similaire à Sourcefire Webinar - NEW GENERATION IPS

Similaire à Sourcefire Webinar - NEW GENERATION IPS (20)

Dernier

Dernier (20)

Sourcefire Webinar - NEW GENERATION IPS

Notes de l'éditeur