Intrusion Prevention System (IPS)

Built on the foundation of the award-winning Snort® rules-based detection engine, Sourcefire IPS™ (Intrusion Prevention System) uses a powerful combination of vulnerability- and anomaly-based inspection methods—at throughputs up to 10 Gbps—to analyze network traffic and prevent critical threats from damaging your network. Whether deployed at the perimeter, in the DMZ, in the core, or at critical network segments, and whether placed in inline or passive mode, Sourcefire’s easy-to-use IPS appliances provide comprehensive threat protection.

Comprehensive Protection Ahead of the Threat
The highly acclaimed Sourcefire Vulnerability Research Team™ (VRT) works around the clock to ensure Sourcefire customers are protected against emerging threats. Sourcefire IPS is powered by the VRT’s vulnerability-based Snort rules, which protect against threats by detecting all possible exploits of vulnerabilities. Sourcefire IPS appliances provide threat protection against:

The Sourcefire Intrusion Prevention System (IPS) contains multiple default policies for out-of-the box protection, making it easy to deploy. Snort, developed by Sourcefire's founder and CTO, Martin Roesch, is an open standard that is the most widely used in the industry, with nearly 4 million downloads and approximately 300,000 registered users. Unlike other closed signature-based formats, Snort rules can be viewed, edited, and created from Sourcefire's physical or virtual 3D Sensors or the Sourcefire Defense Center® management console.

Protection for Physical and Virtual Environments

Purpose-built, ICSA-certified Sourcefire 3D® Sensors are available with throughputs from 5Mbps up to 10Gbps. 3D Sensors are available with fault-tolerant features, such as fail-open copper and fiber ports, dual power supplies, and RAID drives.

The Sourcefire Virtual 3D Sensor™ extends the 3D System to far corners of the network where IT security resources don’t exist or the deployment of physical 3D Sensors is impractical. Virtual 3D Sensors inspect network traffic at speeds up to 500Mbps and provide the capability to inspect VM-to-VM communications.

Centralized Command and Control for High Scalability
Using the Sourcefire Defense Center management console, customers can analyze IPS events, configure and distribute IPS policies, automatically download and apply Snort rule updates, and much more. For larger deployments, customers can leverage Sourcefire Master Defense Center (MDC) technology to manage multiple DCs and hundreds of 3D Sensors across their entire organization.

Defense Center also provides customers with powerful reports, alerts, and dashboards. Users can leverage a variety of pre-defined report templates or create custom reports, and they can receive alerts in the form of email, syslog, or SNMP alerts. Customers can create fully customized dashboards with dozens of drag-and-drop “widgets” that display critical information in the form of tables and graphs.

Adaptive IPS for Efficient and Effective Intrusion Prevention
By leveraging Sourcefire RNA® (Real-time Network Awareness), customers can take their Sourcefire IPS to the next level. RNA provides 24x7, passive network intelligence, providing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on your network. Incorporating RNA’s network intelligence into the intrusion prevention system can fully automate the ongoing process of IPS tuning and assessing the impact of security events. This results in less manual event investigation and IPS tuning by your IT security staff, lower potential for network downtime, and lower cost of operations.