Sourcefire, maker and seller of the wildly popular Snort IDS tool, has just unveiled 3D System version 4.7, which it bills as the industry’s “first-ever” adaptive IPS.
While traditional IPS vendors have subscribed to a “one size fits all” model, Sourcefire says 3D System 4.7 lets customers optimize the security and performance of their IPS systems based on the actual network assets they are protecting.
The company also announced the general availability of Sourcefire RUA (Real-time User Awareness), which it says links user identity to security and compliance events, and Sourcefire NetFlow Analysis, which “extends the reach of Sourcefire’s Network Behavior Analysis (NBA) tool to corners of the network where Sourcefire RNA (Real-time Network Awareness) sensors do not exist.”
More from the press release: “Sourcefire’s new Adaptive IPS technology provides users with increased network protection by leveraging endpoint intelligence aggregated by Sourcefire RNA, and other endpoint intelligence solutions to propose Snort IPS rules to enable and/or disable based on the actual assets protected on the network. RNA-Recommended Rules can be generated on an ad-hoc or scheduled basis. RNA’s recommendations can be manually approved or implemented without human intervention.For the first time, IPS technology can actually ‘adapt’ to the network it is protecting, thus maximizing security, minimizing false positives and negatives, and optimizing IPS hardware resources.”
Now, I get suspicious whenever a vendor bills a release as the “first of its kind.” But Sourcefire has been moving aggressively this past year to branch out in different directions. First the company went public, then it bought ClamAV, and now this. Anything the company does is worth following these days.
And so I’m looking for a few willing Sourcefire customers to take this new product for a spin and report back to me with some analysis on the good and/or the bad.