Sourcefire Next-Generation Firewall offers advanced firewall capabilities, integrated application control, and the world’s most powerful IPS in a universal, high-performance security appliance. No other solution brings together control and effective prevention in a flexible, high-performance engine to satisfy the larger need for complete enterprise visibility, adaptive security, and advanced threat protection.

AGILE SECURITY FOR THE REAL WORLD

The Sourcefire Next-Generation Firewall (NGFW) is the first of its kind to combine best-of-breed threat prevention with robust access and application control capabilities. Designed for enterprises that wish to enforce application usage policies and block sophisticated threats, Sourcefire’s NGFW delivers unique advantages not available in competing offerings, including:

• Total Network Visibility – Passive, real-time visibility of hosts, mobile devices, applications, operating systems, users, content, attacks, and more

• Advanced Threat Protection – Protecting for the latest threats, Sourcefire delivers the best threat prevention that money can buy as validated by independent third-party testing and thousands of satisfied customers around the world

• Control Without Compromise – Achieve granular network and application access control without compromising threat prevention

• Intelligent Security Automation – Leverage rich contextual awareness to automate key security functions, including impact assessment, user identification and policy tuning

• Unparalleled Performance & Scalability – Sourcefire’s purpose-built appliances incorporate FirePOWER™ technology for unprecedented performance and scalability

In the real world, threats are constantly evolving. And so is your network. You’ve got limited resources and a lot on your plate. You need a network security solution that is “agile”—one that can support your access control policies today without sacrificing protection tomorrow.

TOTAL NETWORk VISIbILITY Since 2003, Sourcefire has been aggregating network intelligence to provide “context” to network security defenses. And today, Sourcefire FireSIGHT® affords users with total network visibility, including physical and virtual hosts, mobile devices, operating systems, applications, users, content, and potential host vulnerabilities.

Sourcefire® Next-Generation Firewall

Key NGFW Capabilities

• Stateful firewall inspection• Routing, Layer 2-4 switching• Static and Dynamic NAT• Access control• Application control• NGIPS threat prevention• Network behavior analysis• User identification• URL filtering• File type determination• Advanced malware protection

“Context awareness helps make security an enabler, not

be an inhibitor, of dynamic business requirements. Begin the transformation to context-aware

and adaptive security infrastructure now as you replace legacy static

security infrastructure.”1

Neil MacDonald, Gartner

1Source: “The Future of Information Security is Context Aware and Adaptive,” Gartner, 14 May 2010

Figure 1. Sample FireSIGHT™ detection

Sold and supported in the UK & Ireland by Phoenix Datacom

tel: 01296 397711 info@phoenixdatacom.com www.phoenixdatacom.com

2

FireSIGHT ensures network protections are deployed appropriately, and maintained automatically, as networks and threats change over time. By having the utmost visibility into what’s running on your network, FireSIGHT enhances the quality of network security while helping to deliver the lowest possible operational expense.

Context Explorer allows you to visualize and explore all of the contextual information that FireSIGHT provides, including top-used applications and hosts.

ADVANCED THREAT PROTECTIONSourcefire helps you fight the latest threats to your network with FirePOWER. IP reputation blacklisting prevents connections to botnets, attackers, spam sources and other malicious IPs. The Advanced Malware Protection for FirePOWER subscription, enables malware detection/blocking, continuous analysis, and retrospective alerting and leverages Sourcefire’s vast cloud security intelligence. Simply software-enable these additional protections when you’re ready - no need for dedicated malware.

CONTROL WITHOUT COMPROMISEOrganizations are rapidly turning to NGFWs to monitor, and in many instances control, how systems are accessed and how applications are used. But the promise of an NGFW is to combine granular access control with effective threat prevention onto one unified platform. Unfortunately, as acknowledged by Gartner, most NGFW vendors are “bolting on” inferior intrusion prevention technology that is ill-equipped to defend against today’s sophisticated threats.

Sourcefire is different. Because our roots are in threat prevention we deliver the first NGFW based on an industry-leading NGIPS. In NSS Labs’ 2012 NGFW Product Analysis Report, Sourcefire set a new standard in security effectiveness, protecting against 99% of all attacks and demonstrating superior performance and total cost of ownership. And now with Sourcefire’s NGFW, we offer you the granular access control you need without compromising security.

And when we say “granular,” we mean it. Here are a few examples:

• Want to control Facebook? How about making Facebook “read-only” so users can view updates but not make them? Or disable Farmville or just Facebook Chat?

• Want to restrict employee Web access to only “safe” websites? No problem.• Want to ensure that only authorized users can access the payroll system?

That’s easy.• Need to configure custom threat prevention rules to defend your

proprietary system? We’ve been doing that for over a decade.

FireSIGHT Detection

• Physical/virtual hosts• Operating systems• Applications• Consumer devices• Mobile phones• VoIP phones• Network printers• Routers• Potential vulnerabilities• Network flow and bandwidth• Network anomalies• User identity

“Mapping a username to an IP address was taking us

away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two. I feel

much better knowing that I can contact a user immediately in

the event they are affected by a network attack.”

Tamara Fisher, Security Engineer, AutoTrader.com

Figure 2: Context Explorer provides dynamically updated contextual views of the environment - and easy drill down for details

3

Implementing thoughtful access control policies is a powerful step toward reducing network security risk, achieving regulatory compliance, and ensuring a safe and productive workplace—but only if the effectiveness of your threat prevention is not sacrificed. Sourcefire is the leader in NSS Lab’s 2012 Security Value Map for IPS based on security effectiveness and total cost of ownership (TCO). The following is a summary of our latest test2 results:

INTELLIGENT SECURITY AUTOMATIONNo matter how much your operating budget is increased, or how many new resources you’re able to hire next year, all IT security managers face the same challenges—there are never enough hours in the day and there are never enough resources to go around. Thus, IT security must constantly strive to work smarter—not harder—to meet the demands of the business.

Automation is key to keeping pace. Our NGFW includes many innovative ways to automate network security functions and simplify management—many of which our competitors have not even contemplated. Here are a few examples:

• Reduce the number of “actionable” security events by up to 99% by correlating threats with vulnerabilities within targets and filtering the ‘noise’

• Save countless hours of frustration each month by automating threat prevention policy updates

• Take the guesswork out of who to contact by linking user identity to security and compliance events

• Construct protection policies in building blocks called “policy layers”, simplifying the process of creating and managing policies

• Leverage one “master” console to centrally manage up to 10 subordinate consoles and hundreds of Sourcefire NGFW and NGIPS appliances

• Integrate with your existing network and security infrastructure to monitor events, quarantine threats, trigger active scans, and more

Granular Control Policies

• Per interface / network zone• Per VLAN• Per IP Address / CIDR block• Per user / group• Per application• Per URL• Per file type / direction / protocol

Granular Control

Sourcefire’s powerful policy engine enables users to construct granular application and access policies for users and groups.

Sample Automation

• Threat prevention rule and policy updates

• Threat impact assessment• Linking users to events• Event correlation of user,

device, service and application• Exporting events to SIEMs• Generating reports

2Source: “Network Intrusion Prevention Systems 2010 Comparative Test Results,” Dec. 2010, NSS Labs

“For the past four years, Sourcefire has consistently achieved excellent results in security effectiveness based on our real-

world evaluations of exploit evasions, threat block rate and protection capabilities.”

-Vikram Phatak, CTO NSS Labs, Inc.

Figure 3. Granularly control application and access policies

4

No other NGFW solution enables you to automate so many administrative functions in so many ways. By automating a few key functions, organizations can save tens of thousands of dollars per year, as concluded in a recent SANS report3.

UNPARALLELED PERFORMANCE & SCALAbILITYSourcefire’s NGFW solution can scale to meet the needs of the largest of enterprises through its innovative line of Sourcefire FirePOWER appliances—incorporates hardware acceleration technology. FirePOWER is able to achieve high firewall and threat prevention throughputs with minimal latency at unprecedented energy savings. The following diagram depicts the single-pass flow of traffic through Sourcefire’s NGFW architecture.

Sourcefire’s central management console, called Sourcefire Defense Center®, is the central nervous system of the Sourcefire’s network security solutions. It’s here where all protection and access policies are configured and where all security and compliance events are evaluated. Defense Center also offers a powerful reporting engine with a selection of report templates to meet the needs of any organization. And Sourcefire offers the most customizable dashboard in the business, featuring an intuitive portal-like interface equipped with a library of drag-and-drop widgets for monitoring security and compliance events and the health and performance of your Sourcefire appliances.

Universal Security Platform

Sourcefire NGFW deploys a single-pass, hardware-accelerated design to afford maximum scalability, threat effectiveness, performance and security in a consolidated platform.

Figure 5. Sourcefire NGFW single-pass architecture

“During our testing, one vendor produced alerts on 80% of the traffic we threw at it, but Sourcefire didn’t produce a single alert. We brought the Sourcefire engineer in because

we thought it wasn’t working, but he said that it wasn’t producing alerts

because the boxes being attacked in the test weren’t vulnerable to what was being thrown at it...he showed me proof that it was working, which

was nice.” Jeremy Pratt, Network Manager, L.A.

Times

Lower TCO Through Automation

Organizations can save tens of thousands of dollars every year by automating common threat prevention functions

Figure 4. Annual cost of maintenance

Impact Assessment of Security Events

Automated PolicyTuning

User Identification

$144,000

$24,300

$72,000

$18,000

$59,400

$3,000

Manual processes Automated processes

3Source: Figure derived from “Calculating TCO on Intrusion Prevention Technology,” March 2010, SANS

©2012 Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, Agile Security and the Agile Security logo, ClamAV, FireAMP, FirePOWER, FireSIGHT and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others.

10.12 | REV3

But performance and manageability aren’t the only aspects that set Sourcefire’s NGFW solution apart. Sourcefire offers unparalleled scalability and ease of management through its Master Defense Center capability, or MDC. This hierarchical approach allows a MDC to centrally manage up to 10 subordinate DCs. This offers our customers unprecedented scalability, whereas security and compliance events can be filtered up to the MDC while protection and access policies can be pushed down to subordinate DCs and Sourcefire appliances.

PROTECTION FOR PHYSICAL & VIRTUAL ENVIRONMENTS Sourcefire offers an impressive line of purpose-built FirePOWER appliances with stateful firewall inspected threat prevention throughputs ranging from 50Mbps to 40+Gbps. All Sourcefire FirePOWER appliances come standard with programmable, fail-open copper and/or fiber interfaces, and most models come equipped with additional fault-tolerant features, including dual power supplies, RAID drives and lights out management (LOM).

Sourcefire also offers security solutions for VMware, Xen and Red Hat virtual platforms. Sourcefire Virtual FirePOWER appliances provide the capability to inspect VM-to-VM communications, providing the same control and protection as their physical counterparts.

REMOVE NETWORk bLIND SPOTS THROUGH SSL DECRYPTION The use of SSL encryption is exploding due to cloud computing and the rise of Web-enabled applications. But did you know that every one of your network security devices (e.g., NGFW, IPS, DLP, Network Forensics) is “useless” at detecting threats embedded within SSL unless that traffic is first decrypted?

The Sourcefire SSL Appliance can decrypt and re-encrypt SSL traffic, allowing unimpeded security inspection that scales in concert with your network performance requirements.

TAkE THE NEXT STEP TOWARD AGILE SECURITY To learn more about Sourcefire’s Next-Generation Firewall and other Agile Security solutions, contact a member of the Sourcefire Global Security Alliance™ today to view a demonstration, request an onsite evaluation, or schedule a meeting, or visit us www.sourcefire.com for more information.

SSL is an easy vehicle for cybersecurity attacks:

• Inbound attacks• Spyware and malware• Viruses and worms• Phishing• Identity theft• Information leaks

Sourcefire SSL Appliance 8200

Defense Center Capabilities

• Centralized event monitoring• Manages physical and virtual

Sourcefire FirePOWER appliances

• Customizable dashboards with numerous widgets

• Role-based administration and workflow

• Syslog, email, and SNMP alerts • Sophisticated and customizable

reporting • Third-party integration APIs • LDAP, AD and RADIUS support • Automated threat prevention

updates • Master Defense Center (MDC)

Sourcefire Defense Center

The “nerve center” of the Sourcefire’s network security solutions for easy, central management, event analysis and reporting.

Figure 6 - Sourcefire Defense Center is Sourcefire’s central management console

Sold and supported in the UK & Ireland by Phoenix Datacom

tel: 01296 397711 info@phoenixdatacom.com www.phoenixdatacom.com