Sourcefire Targets Enterprise Threats

At the heart of strategy is Defense Center, a turnkey appliance that manages Sourcefire's intrusion prevention, network access control (NAC), network behavior analysis (NBA) and vulnerability assessment technology, said Michele Perry, chief marketing officer at the Columbia, Md.-based security vendor.

Sourcefire also is rolling out Master Defense Center, an uber-management platform that aggregates security and policy information from up to 10 Defense Centers.

After organizations set up network security policies, Defense Center scans network traffic for violations using NAC, NBA, and embedded Nessus and NMap vulnerability scanners. The combination of technologies gives organizations visibility into the state of the network before, during and after an attack, Perry said.

"We're focusing on enterprise customers that are building policy response rules for compliance monitoring and getting fed up with trying to make these products work together," she said.

From a government perspective, agencies have traditionally had difficulty managing at the enterprise level, said Steve Charles, co-founder of immixGroup, a McLean, Va.-based integrator.

"Now that government auditors are checking for compliance with FISMA [Federal Information Security Management Act], organizations are looking harder every year for solutions that provide management and visibility across an enterprise," Charles said.

Sourcefire's Realtime Network Awareness (RNA) product, which performs flow analysis, provides the NBA piece that's needed to detect anomalous behavior, according to Perry. "If RNA detects that devices are doing something funny, it can call for a surgical scan of those devices and pull that data," she said.

Sourcefire is also tweaking conventional NAC with an offering it calls network usage control (NUC). NUC is the post-connect aspect that determines what users can do on the network once they've connected, and it can be used for ongoing compliance monitoring.

"We don't believe that pre-connect NAC is what customers are looking for. What they're really trying to control is policy-based usage across the network," Perry said.

Mike Rothman, president of Security Incite, an Atlanta-based consulting firm, said Sourcefire's strategy is strong from a standpoint of addressing the growing enterprise market demand for integrated solutions.

"They've got the basis for a network security platform. They just have to fill it out," Rothman said. "For example, not having a firewall/VPN integrated into the solution is a pretty big hole."