Enterprise Threat MgmtIntelligent Security Infrastructure for Efficient and Effective Risk Management
With wireless equipment, mobile employees, outsourced workers, and virtual environments, today’s networks are highly dynamic. Attackers have gotten smarter as new threats continue to grow in number and sophistication. Organizations attempt to use static defenses to defend their dynamic networks against dynamic threats, but network breaches continue to occur.
What today’s organizations need is a new, dynamic approach to securing critical information on the network. An approach that constantly adapts to new threats, new vulnerabilities, and everyday changes to the network.
IT Security must know more about emerging threats. They must know more about new vulnerabilities. And they must know more about the assets and users they are protecting. By knowing more, organizations can optimize network security, reduce risks, and gain efficiencies never seen before.
Introducing Enterprise Threat Management (ETM)—Sourcefire’s intelligent security infrastructure for efficient and effective risk management. ETM is the integration of a variety of network security technologies under one management console to provide all-the-time/real-time knowledge of attacks, targets, and the state of your critical systems. With Sourcefire ETM, your organization will have the maximum knowledge to protect against attacks.
Network Security Solutions
Sourcefire’s intelligent and dynamic ETM solution addresses numerous facets of network security.
Intrusion Prevention – Sourcefire is widely regarded as having the most comprehensive intrusion prevention system (IPS) available today, powered by the de facto standard Snort® rules-based detection engine. To take Sourcefire IPS™ to the next level, leverage the real-time network intelligence of Sourcefire RNA™ (Real-time Network Awareness) to enable Adaptive IPS, which saves time and money by significantly reducing the number of actionable events and automating the ongoing IPS tuning process.
Network Visibility – Sourcefire RNA provides a real-time inventory of all operating systems (OSes), services, applications, protocols, and potential vulnerabilities that exist on the network. Once RNA has established a network inventory baseline, its powerful Policy and Response engine can notify Information Security or Network Operations when a new host appears on the network and/or when an existing host has changed its approved configuration.
Network Behavior Analysis (NBA) – Sourcefire’s NBA solution solves the daily challenges faced by Information Security and Network Operations. Sourcefire RNA enables Information Security to detect and quarantine internal threats by establishing traffic baselines and detecting network anomalies. RNA enables Network Operations to monitor bandwidth consumption across the network and troubleshoot network outages and performance degradations.
Virtualization – The Sourcefire 3D® System defends both physical and virtual environments. By placing physical 3D Sensors at ingress and egress points to your virtualized systems, Sourcefire can detect, alert, and block threats that emerge from inside and outside your virtualized systems. To help combat “VM Sprawl,” Sourcefire can detect VMware virtual machines and classify them as such within RNA host records. This enables IT Security to identify new hosts in real time as either physical or virtual and helps to ensure compliance with configuration management, change management, and acceptable use policies (AUPs).
IT Policy Compliance – Many organizations have documented IT AUPs, but few have the means to monitor and enforce them. Sourcefire provides the capability to model and enforce AUPs with compliance white lists, which specify the OSes, services, applications, and protocols that are approved for use on the network. This affords IT the opportunity to mitigate non-compliant systems and harden the network before attacks occur.