As enterprise data centers move from 1 gigabit to 10 gigabit-per-second (Gbps) connectivity,
security can often be a traffic bottleneck.
Sourcefire is aiming to break this bottleneck barrier with Sourcefire 3D9800 Sensor, a new appliance that offers intrusion prevention (IPS)
Of course, pledging such a full suite of security analysis at 10Gbps is not without its
challenges.
“Challenges include quickly identifying the most critical threats at
multi-gigabit speed, handling full inspection capabilities while minimizing
latency and maximizing throughput,” Steve Piper, Sourcefire’s director of
product marketing, told internetnews.com. “And reducing the number of
events security analysts need to evaluate in a large traffic stream.”
To tackle those challenges, Sourcefire is throwing considerable technology heft into the new Sensor appliance.
The 3D9800 Sensor, which includes 6 1.5 gigahertz (Ghz) dual-core Freescale CPUs, 24 gigabytes (GB) of RAM and 73 GB of disk capacity, also features a unified IPS (in the form of Source’s Snort engine), NAC, VA and NBA approach.
By correlating intrusion events with endpoint intelligence collected by Sourcefire RNA (Real-time Network
Awareness), impact flags are sent for each intrusion event, enabling
security analysts to distinguish high-profile events.
“This can reduce the quantity of actionable intrusion events by up to 99.7
percent, saving massive amounts of time evaluating events and significantly
improving overall levels of security,” Piper explained.
The 3D9800 Sensor, expected to be available later this year, will also play nice with NAC solutions from other vendors.
Piper noted that though Sourcefire has its own NAC technology, users can
use Sourcefire’s Remediation API
NAC solutions, including Cisco NAC, TNC and Microsoft NAP.