Introducing Sourcefire 3D™ System 4.8

Sourcefire is pleased to announce upcoming availability of the Sourcefire 3D™ System 4.8 release, scheduled to become available in Q3 2008. View the press release.

The following are key “themes” depicting the new and improved capabilities of this feature-rich product update, and the benefits of major features within each theme are explored below.

Customizable Dashboard

Improved Dashboard Interface: The Sourcefire Defense Center™ dashboard interface has been improved to make it easier to monitor security and compliance events, as well as key administrative aspects of the 3D System. The portal-like dashboard appears immediately after login making it easier to find and is fully customizable with numerous drag-n-drop widgets.

The following is a partial list of widgets that users may select from when customizing the dashboard interface:

Top 10 Widget Builder
IPS Events
Compliance Events
Interface Traffic
Appliance Status
Appliance Information
Current Sessions

License Usage
Version Information
System Time
System Load
Disk Usage
Product Update
RSS Feed

Custom Widget Creation: The new “Top 10 Widget Builder” on the 4.8 dashboard makes it easy to view the information that’s relevant to the user’s role within the organization. Users can display portions of any event table within the 3D System.

Trends Over Time: The 4.8 dashboard now provides a deeper level of insight to the user by graphically conveying how data, such as impact flag events, compliance events, disk utilization, and more, is trending over a given period of time.

Interactive Drill-Down: Sourcefire’s new interactive widget drill-down capability makes it easier for security analysts to navigate to raw event data or 3D System configuration interfaces, saving users valuable time and effort.

Dashboard Sharing: Highly customized dashboards can now be saved and made available to colleagues, saving valuable time and maintaining consistency when multiple personnel are monitoring security and compliance events.

Dashboard Tab Cycling: Defense Center’s new dashboard is equipped with tabs that can be configured to cycle at a user-defined time interval, making it easier to monitor security, compliance, and administrative events across an enterprise-wide 3D System deployment.

Improved User Experience

Streamlined Defense Center Setup: By consolidating numerous existing setup screens into just one, the average time to perform initial setup of a Defense Center appliance is now just five minutes — a fraction of the time it took before.

Automated SEU Administration: Sourcefire has fully automated the process of downloading, importing, and applying the Sourcefire VRT's frequent Snort rule updates, making it quicker and easier to protect your organization with new Snort rules. Customers can apply new Snort rules within SEUs in their recommended rule state and to both customer and default policies, with or without human intervention.

Sliding Time Window: Users can now configure a "sliding time window" when viewing security and compliance events. Or users can select a specific start date and time, and then select an end date and time called "now," enabling users to view cumulative events starting at a specific point in time. This new feature makes it significantly easier for users to view recent events without having to reset start and end dates and times when configuring event views.

Radius Support: RADIUS customers can leverage their existing user database to manage 3D System user accounts. No local Sourcefire user accounts are required, saving significant administration time and effort and making it easier for users to remember their passwords.

Enhanced Detection Capabilities

Adaptive Traffic Profiles: This new Adaptive IPS enhancement improves the security and effectiveness of the Sourcefire IPS™ by preventing hackers from circumventing the IPS' detection engine (IPS evasion) by disguising an attack in segmented or fragmented traffic. By modeling this traffic in the same manner in which the host operating system would see it, the potential for circumventing the IPS is greatly reduced.

Non-Standard Port Handling: This new Adaptive IPS enhancement helps to configure the Sourcefire IPS for non-standard ports, such as HTTP on port 8080 (rather than port 80). The IPS can now be automatically configured to monitor service traffic on non-standard ports using network intelligence from Sourcefire RNA™ (Real-time Network Awareness), greatly reducing the manual, tedious effort of tuning your IPS and maximizing the overall performance and security of your Sourcefire IPS investment.

GRE and BitTorrent Decoding: Sourcefire IPS now provides customers with an additional level of protection by providing deep packet inspection of GRE traffic. GRE headers are parsed and displayed above the packet along with other headers, and attacks embedded within GRE traffic are now detected. In addition, Sourcefire RNA now identifies BitTorrent traffic on customer networks.

Extended Compliance Functionality

Read-Only Administrative Access: Sourcefire administrators can now restrict 3D System users to read-only access. Many compliance regulations mandate that administrative users be granted the least amount of access necessary to perform a given job function. This new feature prevents 3D System users that have no responsibility for altering detection policies or other system settings from doing so.

External Storage of Backups and Reports: The process of storing Defense Center backups and reports on external systems is now simplified by seamless exports via NFS, SMB, and SSHFS mounts. Valuable disk space on Defense Center appliances is now available for storing security events, compliance events, and RNA flow data.

Take the Next Step to Protect Your Network

To learn more about all the new and improved features in the Sourcefire 3D System 4.8 release, contact Sourcefire today.

LATEST DEMO

3D System Demo
Access it now >

IPS Demo
Access it now >