Sourcefire provides an agile security solution through its network and endpoint security products. It offers comprehensive visibility across the network from devices to applications to threats. Sourcefire's adaptive security infrastructure includes the Sourcefire Defense Center for centralized management and the FireSIGHT technology which provides real-time awareness and automation. This intelligence enables automated tuning of defenses and efficient response to security events.
2. Sourcefire is Trusted Security
Trusted for over 10 years
Security from network to endpoint
▸ IPS, NGFW, Endpoint | Physical, Virtual, Cloud
Protecting organizations in over 180 countries
Innovative: 41+ patents awarded or pending
World-class research
Open source projects
▸ Snort®, ClamAV®, Razorback®
IPS MQ Leader
America’s Fastest-Growing
Tech Companies 2011
2
3. IT Environments are Changing Rapidly
Devices
Networks
Application
s
VoIP
Virtualization
Mobilization
Consumerization
3
5. Threats Change —
Traditional Security Products Do Not
Static | Inflexible
Closed/Blind | Labor Intensive
“Begin the
transformation to
context-aware and
adaptive security
infrastructure now as
you replace legacy
static security
infrastructure.”
- Neil MacDonald
VP & Gartner Fellow
Source: Gartner, Inc., “The Future of
Information Security is Context Aware
and Adaptive,” May 14, 2010
5
6. What the World Needs is…
Agile Security
…a continuous process to respond to continuous change.
6
7. You Can’t Protect What You Can’t See
Breadth: who, what, where, when
Depth: as much detail as you need
Real-time data
See everything in one place
Threat
s
Device
s
Applications
Network
Agile Security
Vulnerabilities
OS
Users
Files
Sourcefire provides information superiority
7
8. Leverage Awareness For Knowledge
Gain insight into the reality of your
IT and security posture
Get smarter by applying intelligence
Correlate, prioritize, decide
Agile Security
Collective intelligence elevates overall defense
8
9. Change is Constant
Automatically optimize defenses
Lock down your network to policy
Leverage open architecture
Configure custom fit security
Agile Security
Sourcefire invented customized security & self-tuning
9
10. Act Decisively & Efficiently
Block, alert, log, modify, quarantine,
remediate
Respond via automation
Reduce the ‘noise’
Agile Security
Superior protection through intelligence & automation
10
15. FireSIGHT™ Sees “Everything”
Categories
Samples
Sourcefire
NGIPS & NGFW
Typical
IPS
Typical
NGFW
Threats
Attacks, Anomalies
✔
✔
✔
Users
AD, LDAP, POP3
✔
✗
✔
Web Applications
Facebook Chat, Ebay
✔
✗
✔
CompleteHTTP, SMTP, SSHendpoint visibility.
network and
Application Protocols
✔
✗
✔
Client Applications
✗
✗
✗
✗
Firesight delivers a level of environmental
Firefox, IE6, Chrome
✔
awareness and automation never seen before in
Apache 2.3.1, IIS4
Network Servers industry.
✔
the
Operating Systems
Windows, Linux
✔
✗
✗
Routers & Switches
Cisco, Nortel
✔
✗
✗
Wireless Access Points
Linksys, Netgear
✔
✗
✗
Mobile Devices
iPhone, Android
✔
✗
✗
Printers
HP, Xerox, Canon
✔
✗
✗
VoIP Phones
Avaya, Polycom
✔
✗
✗
Virtual Machines
VMware, Xen
✔
✗
✗
16. FireSIGHT Fuels Automation
IT Insight
Impact Assessment
Spot rogue hosts, anomalies,
policy violations, and more
Threat correlation reduces
actionable events by up to 99%
Automated Tuning
User Identification
Adjust IPS policies automatically
based on network change
Associate users with security
and compliance events
17. Collective Security Intelligence
Global Visibility Through Open Community
IPS Rules
Malware
Protection
IP & URL
Blacklists
Sourcefire
Vulnerability
Research
Team
Sourcefire
FireCLOUD™
Private & Public
Threat Feeds
Vulnerability
Database
Updates
Sourcefire
AEGIS™
Program
Honeypots
Advanced Microsoft
& Industry Disclosures
50,000 Malware
Samples per Day
Snort® & ClamAV™
Open Source
Communities
19. Gartner Defines NGIPS & NGFW
Next-Gen IPS (NGIPS)
Next-Gen Firewall (NGFW)
Standard first-gen IPS
Standard first-gen firewall
Application awareness and
Application awareness and
full-stack visibility
full-stack visibility
Context awareness
Integrated network IPS
Content awareness
Extrafirewall intelligence
Agile engine
“Next-generation network IPS will be incorporated
within a next-generation firewall, but most nextgeneration firewall products currently include firstgeneration IPS capabilities.“
Source: “Defining Next-Generation Network Intrusion Prevention,” Gartner, October 7, 2011.
“Defining the Next-Generation Firewall,” Gartner, October 12, 2009
20. Our Approach to Next-Generation
Network Security
Access Control
App Control
Typical Firewall
Threat Prevention
Contextual Awareness
Typical IPS
Typical NGFWs
Sourcefire NGFW | NGIPS with FireSIGHT Technology
Single platform, with single pass engine,
providing the benefits of a converged infrastructure…
…and the benefits of Agile Security
20
22. FirePOWER™ Technology
Te c h n o l o g y
Custom-designed,
specialized network
processor powers industryleading performance
22
23. Enterprise Performance and Scale
Unprecedented Performance Delivered
NSS Labs Test Results
▸ Highest throughput ever tested
▸ Lowest price per Mbps
▸ Lowest energy cost per Mbps
NextClosest
Comparisons
IPS Throughput
Te c h n o l o g y
27.6 Gbps
11.5 Gbps
Price / Mbps
$19
$33
Annual Energy
Cost per Mbps
4¢
6¢
“The 3D8260 offers the
highest accuracy and
throughput of any product
we’ve tested to date.”
-NSS Labs Test Report
Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and
“Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.
24. The Industry’s Best Threat Prevention
Period.
NSS Labs Test Results
▸ #1 in default protection
▸ #1 in tuned protection
▸ 100% evasion free
Sourcefire
Industry
Average
Default
Protection
“This is the second year
in a row that Sourcefire
blocked the most attacks
of all products.”
-NSS Labs Test Report
Tuned
Protection
Source: NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010 and
“Sourcefire 3D8260 IPS Appliance Test Report,” April 2011.
25. NSS Labs Testing
Leadership*
Ratings*
#1 in detection
99% detection & protection
#1 in performance
34Gbps inspected throughput
#1 in vulnerability coverage
60M concurrent connections
100% evasion free
$15 TCO / protected Mbps
"For the past four years, Sourcefire
has consistently achieved excellent
results in security effectiveness
based on our real-world evaluations
of exploit evasions, threat block rate
and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
“Networks looking to update their
defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW
market as a solid contender.”
Ratings*
Leadership*
99% protection
#1 in detection
10Gbps inspected throughput
Class leader in performance
15M concurrent connections
Class leader for TCO
$33 TCO / protected Mbps
100% evasion free
Bob Walder NSS Labs, Inc.
*
NSS Labs, “Network IPS 2010 Comparative Test Results,” December 2010
NSS Labs, “Network IPS Product Analysis Sourcefire 3D8260 v4.10,” April 2012
NSS Labs, “Next-Generation Firewall Product Analysis – Sourcefire” October 2012
25
26. FirePOWER NGIPS: NSS Labs Test
Leadership*
#1 in detection
#1 in performance
#1 in vulnerability coverage
* NSS Labs, “Network IPS 2010 Comparative Test
Results,” December 2010
** NSS Labs, “Network IPS Product Analysis
Sourcefire 3D8260 v4.10,” April 2012
100% evasion free
"For the past four years, Sourcefire
has consistently achieved excellent
results in security effectiveness
based on our real-world evaluations
of exploit evasions, threat block rate
and protection capabilities.”
Vikram Phatak, CTO NSS Labs, Inc.
Ratings (NGIPS – 8260)**
99% detection & protection
34Gbps inspected throughput
60M concurrent connections
$15 TCO / protected Mbps
26
27. FirePOWER NGFW: NSS Labs Test
Ratings (8250 – NGFW)*
99% protection
10 Gbps real-world throughput
15M concurrent connections
* NSS Labs, “Next-Generation Firewall Product
Analysis – Sourcefire” October 2012
$33 TCO / protected Mbps
“Networks looking to update their
defenses with a Next-Generation
Firewall would do well to consider
Sourcefire's entry into the NGFW
market as a solid contender.”
Bob Walder, NSS Labs, Inc.
NGFW Leadership*
#1 in detection
Class leader in performance
Class leader for TCO
100% evasion free
27
28. Reduce Risk Through Granular
Application Control
Control access to Web-enabled apps and devices
▸ “Employees may view Facebook, but only Marketing
may post to it”
▸ “No one may use peer-to-peer file sharing apps”
Over 1,000
apps, devices,
and more!
28
29. Reduce Client-Side Threats and Improve
Productivity with URL Filtering
Block non-business-related sites by category
Configure policies based on users and groups
Over 280 million URLs
Over 80 URL categories
29
30. What Makes Sourcefire Different?
Total Network Visibility
▸ Passive, real-time visibility of apps,
users, content, hosts, attacks, and more
The Only
NGFW with
NGIPS!
Control Without Compromise
▸ Achieve granular network and application access control without
compromising threat prevention
Intelligent Security Automation
▸ Leverage rich contextual awareness to automate key security
functions, including impact assessment and policy tuning
Unparalleled Performance & Scalability
▸ Purpose-built appliances with FirePOWER™ technology
30
32. Threats Continue to Evolve
The likelihood that you will be attacked by
advanced malware has never been greater.
75%
Of attacks
are seen on
only one
computer
“Nearly 60% of respondents were at least ‘fairly certain’ their company
had been a target.” – Network World (11/2011)
32
33. Introducing FireAMP
The only way to get the
visibility & control needed to
fight threats missed by other
security layers.
Analyze & Block Advanced Malware Utilizing Big Data Analytics
33
34. Our Approach to Advanced Malware
Protection
Lightweight Connector
• Watches for move/copy/execute
• Traps fingerprint & attributes
Mobile Connector
• Watches for apps
• Traps fingerprint & attributes
• Transaction Processing
• Analytics
• Intelligence
Web-based Manager
34
37. Spotlight: File Trajectory
Malware “Flight Recorder” shows point of entry
and extent of outbreak
Discover the
malware gateway to
reduce the risk of reinfection
Identify systems that
have
downloaded/executed
a specific malware file
37
38. Spotlight: File Analysis
Sourcefire VRT Powered Insight into Advanced
Malware Behavior
Original file, network capture and screen shots of
malware execution
Understand root cause and remediation
FireAMP &
Clients
File
Infect
File
4E7E9331D2
edInfect
File
2190FD41CA
4E7E9331D2
CFE2FC843F
edInfect
2190FD41CA
4E7E9331D2
File ed
CFE2FC843F
2190FD41CA
File
CFE2FC843F
File
Sourcefire
VRT
Sandbox
Analysis
38
39. Spotlight: Outbreak Control
Create custom protection policies to stop
outbreaks without updates
Tool
How it Works
When to Use
Simple Custom
Detections
Cloud-based, uses SHA or original file
Fastest way to block specific malware.
Advanced Custom
Signatures
Client-based, uses advanced
techniques (e.g. offsets, wildcards,
regular expressions)
Useful for families of malware or to close gap
when waiting on sig. from security vendor
Application
Blocking Lists
Cloud-based, uses SHA or original file
Blocks execution of applications based on
group policy (e.g. no Skype in HR) – good for
Zero Day
Custom Whitelists
Cloud-based, uses SHA or original file
Prevent false positives on trusted apps and
standard images
Cloud Recall quarantines malware based on past exposure
39
40. FireAMP is Enterprise Ready
Manageability
▸ Complete deployment, policy
configuration, integration with
AD/LDAP
Performance
▸ Lightweight connector, heavy
lifting in the cloud
Privacy
▸ Metadata based analysis
40
41. What Makes Sourcefire Different?
Traditional
Endpoint
Forensic
Analysis
NW-based
AMP
Reports
No
Not really
Yes
File Trajectory
No
Sort of…
No
File Analysis
No
Yes
Yes
File Analysis
No
Not really
Sort of…
Outbreak Control
No
Not really
No
Key
Questions
V
I
S
I
B
I
L
I
T
Y
Do we have an
advanced
malware
problem?
Which endpoint
was infected
first?
How extensive
is the outbreak?
How does the
malware
behave?
C
O
N
T
R
O
L
What is needed
to recover?
How can we
stop the
outbreak?
41
43. Mobile Malware Trends
No question. Mobile
devices introduce risk.
Malware is on the rise.
Source: Juniper
BYOD brings a
unique challenge.
43
44. The BYOD Divide
40%
IT decision makers who say
that workers access corporate
information from employeeowned devices.
80%
Employees in same
survey who say they access
corporate information from their
own devices.
Source: IDC
How can you protect the enterprise if you
don’t know…
1. what to protect… or…
2. the nature of the threat
44
45. FireAMP Mobile
Visibility: detect & analyze
▸
▸
Control: contain & remediate
▸
Android (2.1+) threats
Cloud-based, real time
Blacklists
Enterprise Ready
Advanced Malware Protection Using Big Data Analytics
45