Sourcefire Announces Intelligent Intrusion Detection System to Monitor Gigabit Networks; Enhanced IDS Product Suite Provides Real-Time Detection At True Gigabit Speeds.Business Editors and High-Tech Writers COLUMBIA, Md.--(BUSINESS WIRE)--July 31, 2002 Sourcefire, Inc., a leader in protecting enterprises and government organizations against the threat of network attacks and misuse, today announced new technology that successfully monitors gigabit networks and alerts when suspicious activity is detected. Sourcefire Intrusion Detection System This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. achieves unparalleled performance on gigabit networks and provides management capabilities that scale to handle the increased number of events seen with the higher data rates being analyzed an·a·lyze tr.v. an·a·lyzed, an·a·lyz·ing, an·a·lyz·es 1. To examine methodically by separating into parts and studying their interrelations. 2. Chemistry To make a chemical analysis of. 3. . The main issues associated with performing intrusion detection See IDS and IPS. on gigabit networks are ensuring the system can accurately detect attacks without flooding administrators with false positives and providing tools to efficiently aggregate and correlate the alert information. Sourcefire's Network Sensor and Management Console A terminal or workstation used to monitor and control a network. See Microsoft Management Console. product offerings solve both problems with best of breed technology while maintaining the flexibility and power of the underlying Snort An open source network intrusion detection system (NIDS) that is noted for its effectiveness. Developed by Martin Roesch, Snort can also be used just as a packet logger or packet sniffer. For more information, visit www.snort.org. See IDS. detection software. Sourcefire Network Sensor 3000 Sourcefire's newest IDS offering, Sourcefire Network Sensor 3000 (NS 3000) enhances the award-winning open source Snort technology to provide the industry's most advanced and flexible intrusion detection system. Sourcefire NS 3000 utilizes a highly optimized detection engine based on data flow analysis and a stateful protocol inspection technology, allowing it to keep up with traffic on fully saturated saturated /sat·u·rat·ed/ (sach´ah-rat?ed) 1. denoting a chemical compound that has only single bonds and no double or triple bonds between atoms. 2. unable to hold in solution any more of a given substance. gigabit networks. Sourcefire NS 3000 achieves its high rate of attack detection at increased network speeds by employing the most robust and intelligent stateful protocol stream analysis technology available today and teams it with rules driven detection engine that provides unsurpassed flexibility and visibility into network traffic. Sourcefire Management Console Sourcefire Management Console (MC) delivers the power needed to aggregate, correlate, and manage data from multiple distributed sensors. Sourcefire MC utilizes a high performance, proprietary database capable of performing multi-million event queries in less than a second. The two products combined offer the most complete intrusion detection system for enterprise networks. "Gigabit sensors can generate event loads an order of magnitude A change in quantity or volume as measured by the decimal point. For example, from tens to hundreds is one order of magnitude. Tens to thousands is two orders of magnitude; tens to millions is three orders of magnitude, etc. greater than the current 100Mbps sensors on the market," said Martin Roesch, founder and CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Sourcefire and author of Snort. "Sourcefire's flexibility and its high performance database technology allow users the ability to quickly and efficiently determine what has happened on their network so they can make informed decisions about security events." "Intrusion Detection is vital to an organization's security infrastructure," said John Gorman John Gorman can refer to:
(2) See systems integrator. and Value Added Reseller See VAR. (company) value added reseller - (VAR, or "value added retailer") A company which sells something (e.g. computers) made by another company (an OEM) with extra components added (e.g. specialist software). for government agencies such as GSA (1) (Global mobile Suppliers Association, Sawbridgeworth, U.K., www.gsacom.com) A membership organization of suppliers of GSM products and services. Its goal is to promote GSM as the worldwide mobile communications standard. See GSM Association and GSM. . "Government networks carry a great deal of backbone traffic. With the power and flexibility of their technology, Sourcefire is bringing together the requisite capabilities to effectively detect malicious activity at any rate." Sourcefire Intrusion Detection System highlights: -- High rate of attack detection -- Sourcefire NS detects both known attacks and anomalous behavior, incorporating rules that can examine protocol fields to uncover specific occurrences or conditions of an attack. Sourcefire NS utilizes several preprocessors to perform complex protocol analysis and normalization, detecting anomalies such as portscans, IP stack fingerprinting, Denial of Service (DoS) attacks and ARP spoofing. -- Dynamic load balancing on sensors -- Multiple sensors can be used to monitor a single segment in a load balanced configuration, distributing network traffic with full stream integrity amongst themselves and ensuring high availability through a fault tolerant failover design. -- Detailed forensic information -- The level of detail provided enables analysts to "trap and trace" sessions that may have caused network damage, allowing the sensor to record follow-on information for further analysis beyond the initial attack. Full packets and stream reconstructions are also available to the analyst, enabling users to understand precisely what has occurred on their networks and determine why the IDS has generated an alert. -- Self-preservation methods for enhanced stability - Sourcefire NS is designed to continue running even under heavy attack, making it the most stable and robust IDS available. The sensor's internal subsystems are designed to handle all the abuse attackers can send at them as they attempt to launch Denial-of-Service or resource starvation attacks against the intrusion detection infrastructure of an enterprise. The Snort software on the sensor has been designed with survivability as a paramount concern, ensuring Sourcefire Network Sensors continue detecting and reporting on attackers long after other IDSes have been rendered inoperative. Pricing available upon request. Please email gig-beta@sourcefire.com if interested in becoming a Sourcefire Network Sensor 3000 beta customer. About Sourcefire Sourcefire, Inc. is a network security company protecting enterprises and government against the threat of network attacks and misuse. The company was founded in 2001 by the original creators of the open-source Snort Intrusion Detection System (IDS), the most widely deployed IDS, that forms the foundation for the Sourcefire product suite. Today, Sourcefire combines the Snort technology with sophisticated proprietary technologies, professional data analysis and management tools, along with best practices from respected security industry experts. Sourcefire is a privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. headquartered in Columbia, MD. For more information about Sourcefire, please visit www.sourcefire.com. |
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion