Sourcefire RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information---equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. Much more than a stand-alone user identity product, RUA enhances the Sourcefire 3D® System by directly correlating individual user IDs with specific IP addresses, traffic, and events.
RUA empowers administrators to mitigate risk, block users or user activity, and take action to protect others from disruption—tightening security without hindering business operations or employee productivity. These capabilities also will significantly improve customers' audit controls, enhance regulatory compliance, and enable remediation policies to be set based on user identity.
RUA uses LDAP and Active Directory domains as its sources of data to build user intelligence. It eliminates the manual efforts to track users, shortens the time it takes to track down the location of exploited hosts, has no network impact, and uses the same data collection sensors as Sourcefire IPS™ (Intrusion Prevention System) and Sourcefire RNA™ (Real-time Network Awareness).