Sourcefire announced the latest version of the Sourcefire 3D System, continuing the company’s tradition of delivering innovative solutions that enable customers to improve security while reducing management requirements. The new version offers users a new customizable, role-based Dashboard and superior automation.
The 3D System 4.8 release features an enhanced Dashboard interface providing users with an easy-to-use, portal-like experience for monitoring security and compliance events. This highly customizable Dashboard is equipped with a library of more than two dozen drag-and-drop “Widgets” for monitoring IPS events, compliance violations, 3D Sensor performance, license usage, and version information. It also includes an RSS Feed Widget for receiving security bulletins from Sourcefire, SANS, and other industry sources and a Top 10 Widget Builder for users to create new Widgets to monitor virtually any aspect of the Sourcefire 3D System.
Sourcefire’s Adaptive IPS technology leverages network intelligence aggregated by Sourcefire RNA (Real-time Network Awareness) to automate the process of enabling and disabling Snort rules based on the environment the IPS is protecting. With the 3D System 4.8, Sourcefire is extending its Adaptive IPS technology even further.
First, the new Adaptive Traffic Profiles feature improves the security and effectiveness of the IPS by processing segmented and fragmented traffic in the same manner as the targeted host operating system. This prevents hackers from disguising attacks to circumvent the IPS. Second, the new Non-Standard Port Handling capability ensures that Snort rules are automatically configured to monitor traffic on both standard and non-standard ports in use on the network, further increasing the security and effectiveness of the IPS. Both new Adaptive IPS capabilities rely on 24×7, passive network intelligence afforded by Sourcefire RNA, and both capabilities enable the IPS to automatically adapt to the dynamically changing network.
The Sourcefire 3D System 4.8 also delivers a number of new features that enhance overall usability, ease the burden of regulatory compliance, and provide new IPS and RNA detection capabilities:
- Enhanced Compliance Capabilities – Enhances an organization’s ability to achieve regulatory compliance by limiting administrative access to only certain roles, by enabling administrators to temporarily disable user accounts, and by displaying the last successful logon date and time after each successful logon.
- Improved Packet-Level Forensics – Sourcefire’s packet-level forensics enables users to gain a deeper understanding and validation of the source and nature of an attack. With 4.8, users now gain deeper application-layer insight (e.g., protocol, message type) that previously could only be obtained using third-party network protocol analysis tools.
- RADIUS Support – Enables customers to leverage their existing RADIUS investment to manage 3D System user accounts, eliminating the need for local Sourcefire user accounts. This saves significant administration time and effort and enables the use of third-party, two-factor authentication systems, such as RSA SecurID.
- GRE and BitTorrent Decoding – Provides customers with an additional level of protection by enabling the IPS to decode GRE (Generic Routing Encapsulation) traffic and RNA to decode BitTorrent peer-to-peer traffic.
- Usability Enhancements – Simplifies the process of installing and managing the Sourcefire 3D System. These enhancements include a streamlined Defense Center setup process, simplified backup and restore, rule view filtering, and more.