Sourcefire provides an agile security solution through its network and endpoint security products. It offers comprehensive visibility across the network from devices to applications to threats. Sourcefire's adaptive security infrastructure includes the Sourcefire Defense Center for centralized management and the FireSIGHT technology which provides real-time awareness and automation. This intelligence enables automated tuning of defenses and efficient response to security events.

1. AGILE SECURITY™:
Security for the Real World
Present Name
Presenter Title
Date
Prepared for:

2. Sourcefire is Trusted Security
 Trusted for over 10 years
 Security from network to endpoint
▸ IPS, NGFW, Endpoint | Physical, Virtual, Cloud
 Protecting organizations in over 180 countries
 Innovative: 41+ patents awarded or pending
 World-class research
 Open source projects
▸ Snort®, ClamAV®, Razorback®
IPS MQ Leader
America’s Fastest-Growing
Tech Companies 2011
2

3. IT Environments are Changing Rapidly
Devices
Networks
Application
s
VoIP
Virtualization
Mobilization
Consumerization
3

4. Threats are Increasingly Complex
Targeted | Organized
Relentless | Innovative
Client-side Attacks
Malware Droppers
Advanced Persistent Threats
4

5. Threats Change —
Traditional Security Products Do Not
Static | Inflexible
Closed/Blind | Labor Intensive
“Begin the
transformation to
context-aware and
adaptive security
infrastructure now as
you replace legacy
static security
infrastructure.”
- Neil MacDonald
VP & Gartner Fellow
Source: Gartner, Inc., “The Future of
Information Security is Context Aware
and Adaptive,” May 14, 2010
5

6. What the World Needs is…
Agile Security
…a continuous process to respond to continuous change.
6

7. You Can’t Protect What You Can’t See
 Breadth: who, what, where, when
 Depth: as much detail as you need
 Real-time data
 See everything in one place
Threat
s
Device
s
Applications
Network
Agile Security
Vulnerabilities
OS
Users
Files
Sourcefire provides information superiority
7

8. Leverage Awareness For Knowledge
 Gain insight into the reality of your
IT and security posture
 Get smarter by applying intelligence
 Correlate, prioritize, decide
Agile Security
Collective intelligence elevates overall defense
8

9. Change is Constant
 Automatically optimize defenses
 Lock down your network to policy
 Leverage open architecture
 Configure custom fit security
Agile Security
Sourcefire invented customized security & self-tuning
9

10. Act Decisively & Efficiently
 Block, alert, log, modify, quarantine,
remediate
 Respond via automation
 Reduce the ‘noise’
Agile Security
Superior protection through intelligence & automation
10

11. How Sourcefire Delivers Agile Security
MANAGEMENT
Management Center
PREVENTION & ENFORCEMENT
NGIPS | NGFW
IPSx | Virtual | SSL
COLLECTIVE
SECURITY
INTELLIGENCE
Advanced Malware Protection
Cutting-edge technologies for comprehensive protection
11

12. MANAGEMENT:
Sourcefire Defense Center®

13. Sourcefire Defense Center®
Centralized Command & Control






Customizable dashboard
Comprehensive reports & alerts
Centralized policy administration
Hierarchical management
High availability
Integrates with existing security
13

14. FireSIGHT™ Sees “Everything”
Categories
Samples
Sourcefire
NGIPS & NGFW
Typical
IPS
Typical
NGFW
Threats
Attacks, Anomalies
✔
✔
✔
Users
AD, LDAP, POP3
✔
✗
✔
Web Applications
Facebook Chat, Ebay
✔
✗
✔
Application Protocols
HTTP, SMTP, SSH
✔
✗
✔
Client Applications
Firefox, IE6, Chrome
✔
✗
✗
Network Servers
Apache 2.3.1, IIS4
✔
✗
✗
Operating Systems
Windows, Linux
✔
✗
✗
Routers & Switches
Cisco, Nortel
✔
✗
✗
Wireless Access Points
Linksys, Netgear
✔
✗
✗
Mobile Devices
iPhone, Android
✔
✗
✗
Printers
HP, Xerox, Canon
✔
✗
✗
VoIP Phones
Avaya, Polycom
✔
✗
✗
Virtual Machines
VMware, Xen
✔
✗
✗

15. FireSIGHT™ Sees “Everything”
Categories
Samples
Sourcefire
NGIPS & NGFW
Typical
IPS
Typical
NGFW
Threats
Attacks, Anomalies
✔
✔
✔
Users
AD, LDAP, POP3
✔
✗
✔
Web Applications
Facebook Chat, Ebay
✔
✗
✔
CompleteHTTP, SMTP, SSHendpoint visibility.
network and
Application Protocols
✔
✗
✔
Client Applications
✗
✗
✗
✗
Firesight delivers a level of environmental
Firefox, IE6, Chrome
✔
awareness and automation never seen before in
Apache 2.3.1, IIS4
Network Servers industry.
✔
the
Operating Systems
Windows, Linux
✔
✗
✗
Routers & Switches
Cisco, Nortel
✔
✗
✗
Wireless Access Points
Linksys, Netgear
✔
✗
✗
Mobile Devices
iPhone, Android
✔
✗
✗
Printers
HP, Xerox, Canon
✔
✗
✗
VoIP Phones
Avaya, Polycom
✔
✗
✗
Virtual Machines
VMware, Xen
✔
✗
✗

16. FireSIGHT Fuels Automation
IT Insight
Impact Assessment
Spot rogue hosts, anomalies,
policy violations, and more
Threat correlation reduces
actionable events by up to 99%
Automated Tuning
User Identification
Adjust IPS policies automatically
based on network change
Associate users with security
and compliance events

17. Collective Security Intelligence
Global Visibility Through Open Community
IPS Rules
Malware
Protection
IP & URL
Blacklists
Sourcefire
Vulnerability
Research
Team
Sourcefire
FireCLOUD™
Private & Public
Threat Feeds
Vulnerability
Database
Updates
Sourcefire
AEGIS™
Program
Honeypots
Advanced Microsoft
& Industry Disclosures
50,000 Malware
Samples per Day
Snort® & ClamAV™
Open Source
Communities

18. NETWORK:
Sourcefire Network
Security Solutions

19. Gartner Defines NGIPS & NGFW
Next-Gen IPS (NGIPS)
Next-Gen Firewall (NGFW)
 Standard first-gen IPS
 Standard first-gen firewall
 Application awareness and
 Application awareness and
full-stack visibility
full-stack visibility
 Context awareness
 Integrated network IPS
 Content awareness
 Extrafirewall intelligence
 Agile engine
“Next-generation network IPS will be incorporated
within a next-generation firewall, but most nextgeneration firewall products currently include firstgeneration IPS capabilities.“
Source: “Defining Next-Generation Network Intrusion Prevention,” Gartner, October 7, 2011.
“Defining the Next-Generation Firewall,” Gartner, October 12, 2009

20. Our Approach to Next-Generation
Network Security
Access Control
App Control
Typical Firewall
Threat Prevention
Contextual Awareness
Typical IPS
Typical NGFWs
Sourcefire NGFW | NGIPS with FireSIGHT Technology
Single platform, with single pass engine,
providing the benefits of a converged infrastructure…
…and the benefits of Agile Security
20

21. Sourcefire Next-Generation Security
One Universal Platform, Three Flexible Configurations
+
+
+
NGIPS
NGIPS with
App Control
NGFW
Network Intelligence
✔
✔
✔
Impact Assessment
✔
✔
✔
Automated Tuning
✔
✔
✔
Threat Prevention
✔
✔
✔
✔*
✔
Key Capabilities
Application Control
Stateful Firewall
✔
Switching, Routing & NAT
✔
URL Filtering
* Control license required
Subscription
Subscription

22. FirePOWER™ Technology
Te c h n o l o g y
Custom-designed,
specialized network
processor powers industryleading performance
22

23. Enterprise Performance and Scale
Unprecedented Performance Delivered
 NSS Labs Test Results
▸ Highest throughput ever tested
▸ Lowest price per Mbps
▸ Lowest energy cost per Mbps
NextClosest
Comparisons
IPS Throughput
Te c h n o l o g y
27.6 Gbps
11.5 Gbps
Price / Mbps
$19
$33
Annual Energy
Cost per Mbps
4¢
6¢
“The 3D8260 offers the
highest accuracy and
throughput of any product
we’ve tested to date.”
-NSS Labs Test Report
Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and
“Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.

24. The Industry’s Best Threat Prevention
Period.
 NSS Labs Test Results
▸ #1 in default protection
▸ #1 in tuned protection
▸ 100% evasion free
Sourcefire
Industry
Average
Default
Protection
“This is the second year
in a row that Sourcefire
blocked the most attacks
of all products.”
-NSS Labs Test Report
Tuned
Protection
Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and
“Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.

25. NSS Labs Testing
Leadership*
Ratings*
 #1 in detection
 99% detection & protection
 #1 in performance
 34Gbps inspected throughput
 #1 in vulnerability coverage
 60M concurrent connections
 100% evasion free
 $15 TCO / protected Mbps
"For the past four years, Sourcefire
has consistently achieved excellent
results in security effectiveness
based on our real-world evaluations
of exploit evasions, threat block rate
and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
“Networks looking to update their
defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW
market as a solid contender.”
Ratings*
Leadership*
 99% protection
 #1 in detection
 10Gbps inspected throughput
 Class leader in performance
 15M concurrent connections
 Class leader for TCO
 $33 TCO / protected Mbps
 100% evasion free
Bob Walder NSS Labs, Inc.
*
NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010
NSS Labs, “Network IPS Product Analysis Sourcefire 3D8260 v4.10,” April 2012
NSS Labs, “Next-Generation Firewall Product Analysis – Sourcefire” October 2012
25

26. FirePOWER NGIPS: NSS Labs Test
Leadership*
 #1 in detection
 #1 in performance
 #1 in vulnerability coverage
* NSS Labs, “Network IPS 2010 Comparative Test
Results,” December 2010
** NSS Labs, “Network IPS Product Analysis
Sourcefire 3D8260 v4.10,” April 2012
 100% evasion free
"For the past four years, Sourcefire
has consistently achieved excellent
results in security effectiveness
based on our real-world evaluations
of exploit evasions, threat block rate
and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
Ratings (NGIPS – 8260)**
 99% detection & protection
 34Gbps inspected throughput
 60M concurrent connections
 $15 TCO / protected Mbps
26

27. FirePOWER NGFW: NSS Labs Test
Ratings (8250 – NGFW)*
 99% protection
 10 Gbps real-world throughput
 15M concurrent connections
* NSS Labs, “Next-Generation Firewall Product
Analysis – Sourcefire” October 2012
 $33 TCO / protected Mbps
“Networks looking to update their
defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW
market as a solid contender.”
Bob Walder, NSS Labs, Inc.
NGFW Leadership*
 #1 in detection
 Class leader in performance
 Class leader for TCO
 100% evasion free
27

28. Reduce Risk Through Granular
Application Control
 Control access to Web-enabled apps and devices
▸ “Employees may view Facebook, but only Marketing
may post to it”
▸ “No one may use peer-to-peer file sharing apps”
Over 1,000
apps, devices,
and more!
28

29. Reduce Client-Side Threats and Improve
Productivity with URL Filtering
 Block non-business-related sites by category
 Configure policies based on users and groups
Over 280 million URLs
Over 80 URL categories
29

30. What Makes Sourcefire Different?
 Total Network Visibility
▸ Passive, real-time visibility of apps,
users, content, hosts, attacks, and more
The Only
NGFW with
NGIPS!
 Control Without Compromise
▸ Achieve granular network and application access control without
compromising threat prevention
 Intelligent Security Automation
▸ Leverage rich contextual awareness to automate key security
functions, including impact assessment and policy tuning
 Unparalleled Performance & Scalability
▸ Purpose-built appliances with FirePOWER™ technology
30

31. Advanced Malware
Protection:
FireAMP

32. Threats Continue to Evolve
The likelihood that you will be attacked by
advanced malware has never been greater.
75%
Of attacks
are seen on
only one
computer
“Nearly 60% of respondents were at least ‘fairly certain’ their company
had been a target.” – Network World (11/2011)
32

33. Introducing FireAMP
The only way to get the
visibility & control needed to
fight threats missed by other
security layers.
Analyze & Block Advanced Malware Utilizing Big Data Analytics
33

34. Our Approach to Advanced Malware
Protection
Lightweight Connector
• Watches for move/copy/execute
• Traps fingerprint & attributes
Mobile Connector
• Watches for apps
• Traps fingerprint & attributes
• Transaction Processing
• Analytics
• Intelligence
Web-based Manager
34

35. Visibility & Control with FireAMP
Reporting
Trajectory
Analysis
Control
35

36. Spotlight: Reporting
Applications Introducing Malware
Threats Resident on First Scan
Possible APT
Customize by Group – Schedule or On Demand
36

37. Spotlight: File Trajectory
Malware “Flight Recorder” shows point of entry
and extent of outbreak
Discover the
malware gateway to
reduce the risk of reinfection
Identify systems that
have
downloaded/executed
a specific malware file
37

38. Spotlight: File Analysis
Sourcefire VRT Powered Insight into Advanced
Malware Behavior
 Original file, network capture and screen shots of
malware execution
 Understand root cause and remediation
FireAMP &
Clients
File
Infect
File
4E7E9331D2
edInfect
File
2190FD41CA
4E7E9331D2
CFE2FC843F
edInfect
2190FD41CA
4E7E9331D2
File ed
CFE2FC843F
2190FD41CA
File
CFE2FC843F
File
Sourcefire
VRT
Sandbox
Analysis
38

39. Spotlight: Outbreak Control
Create custom protection policies to stop
outbreaks without updates
Tool
How it Works
When to Use
Simple Custom
Detections
Cloud-based, uses SHA or original file
Fastest way to block specific malware.
Advanced Custom
Signatures
Client-based, uses advanced
techniques (e.g. offsets, wildcards,
regular expressions)
Useful for families of malware or to close gap
when waiting on sig. from security vendor
Application
Blocking Lists
Cloud-based, uses SHA or original file
Blocks execution of applications based on
group policy (e.g. no Skype in HR) – good for
Zero Day
Custom Whitelists
Cloud-based, uses SHA or original file
Prevent false positives on trusted apps and
standard images
Cloud Recall quarantines malware based on past exposure
39

40. FireAMP is Enterprise Ready
 Manageability
▸ Complete deployment, policy
configuration, integration with
AD/LDAP
 Performance
▸ Lightweight connector, heavy
lifting in the cloud
 Privacy
▸ Metadata based analysis
40

41. What Makes Sourcefire Different?
Traditional
Endpoint
Forensic
Analysis
NW-based
AMP
Reports
No
Not really
Yes
File Trajectory
No
Sort of…
No
File Analysis
No
Yes
Yes
File Analysis
No
Not really
Sort of…
Outbreak Control
No
Not really
No
Key
Questions
V
I
S
I
B
I
L
I
T
Y
Do we have an
advanced
malware
problem?
Which endpoint
was infected
first?
How extensive
is the outbreak?
How does the
malware
behave?
C
O
N
T
R
O
L
What is needed
to recover?
How can we
stop the
outbreak?
41

42. Advanced Malware
Protection:
FireAMP Mobile

43. Mobile Malware Trends
No question. Mobile
devices introduce risk.
Malware is on the rise.
Source: Juniper
BYOD brings a
unique challenge.
43

44. The BYOD Divide
40%
IT decision makers who say
that workers access corporate
information from employeeowned devices.
80%
Employees in same
survey who say they access
corporate information from their
own devices.
Source: IDC
How can you protect the enterprise if you
don’t know…
1. what to protect… or…
2. the nature of the threat
44

45. FireAMP Mobile

Visibility: detect & analyze
▸
▸

Control: contain & remediate
▸

Android (2.1+) threats
Cloud-based, real time
Blacklists
Enterprise Ready
Advanced Malware Protection Using Big Data Analytics
45

46. Thank You.