• 3D System
  • Defense Center
  • IPS
  • RNA
  • RUA
  • Intrusion Agent
• Snort
• ClamAV

Sourcefire RNA^™

Sourcefire Real-time Network Awareness™ (RNA) enables organizations to more confidently protect their networks through a unique, patent-pending combination of passive network discovery, network flow analysis, and targeted vulnerability scanning technologies. RNA delivers the benefits of real-time network profiling and change management without the drawbacks of traditional approaches to identifying network assets and vulnerabilities.

Real-Time Network Context

RNA builds a dynamic profile for every asset on the network without the disadvantages associated with active scanning. RNA determines what these devices are: servers, routers, PCs, firewalls, wireless access points, etc. Because RNA is passive, its data never becomes 'stale'. The moment a device connects to the network, RNA fingerprints its operating system, services, protocols and applications, and traffic patterns between it and other devices.

Compliance and Change Monitoring

Administrators can create 'Compliance Profiles' for the proper use of assets and can generate alerts when users place unacceptable traffic on the network or introduce non-standard operating systems or client applications. These events can be used to trigger a number of responses, including removal of assets from the network through integration with network infrastructure capable of performing Network Access Control (NAC). Administrators can also generate standard or customized 'Compliance Reports' that show percentages of assets and users that are in compliance. By tracking these metrics over time, they can demonstrate progress towards compliance goals and provide auditors with data proving enforcement of configuration and network usage policies.

Vulnerability Discovery and Correlation

RNA leverages a vulnerability database to generate a list of an asset's potential vulnerabilities. This list can be correlated in real time with Sourcefire IPS events so that security administrators can identify the events that have potential impact on the network rather than sorting through thousands of events without the context of whether or not attacks have any chance of succeeding. With RNA, Sourcefire addresses a fundamental shortcoming of all other intrusion technologies, which is the absence of any way to correlate security event data with a target's contextual information in real time. By comparing attacks targeting a host to the assets and vulnerabilities on that host, the Sourcefire 3D™ System can assign an 'Impact' value to the attack. For example, a Linux-only exploit targeting a Microsoft server would have a reduced potential impact on a network, because it had no chance of actually succeeding. An exploit targeting a server that is vulnerable to that exploit would have a more serious impact. This impact analysis allows administrators to focus on the events that can affect their networks. On most networks this kind of 'contextual' event analysis can typically reduce the number of critical events requiring forensic analysis from thousands to dozens.