Sourcefire has entered the next generation firewall sector with the launch of its latest appliance and platforms.
According to the company, the Sourcefire Next Generation Firewall combines powerful IPS threat prevention, integrated application control and firewall capabilities in a high-performance security appliance.
Speaking to SC Magazine, Sourcefire's director of product management Jason Lamar, said that businesses are now facing a dynamic environment and a solution hinges on next generation security. He also said that users want more contextual awareness of the environment that they are trying to protect.
He said: “We see it as a critical innovation: it is not just technology but how you use it. Today users make a compromise and are forced into a decision with just a firewall and a more evasion problems. If they know what they have got, then with contextual awareness they can suggest solutions for policy and prevention.”
Lamar said that the Sourcefire next generation firewall is built out of innovation in its next generation intrustion prevention system (IPS), and that it does not buy into the concept of the ‘next generation firewall'.
“You need app control, that is why we invented it in 2003, as a level is needed. But it is too simplistic to say ‘kill all of the attack vectors with policy ‘, as solutions should enable something that would otherwise be blocked,” he said.
“App control is a logistical extension to policies and another way to enforce policies, but it is not enterprise security. We believe customers want a better quality alternative and don't want an IPS with a firewall with a different user interface. They want layered benefits and a platform but do not want to give up prevention and performance in the firewall.”
According to Lamar, the Sourcefire next generation firewall is built on four concepts: app control; access control; threat prevention; and contextual awareness. Lamar said often solutions will have the first three of those, but its addition of contextual awareness is made possible with its FireSIGHT technology that gives a map of the network.
FireSIGHT, according to the company, is an extension of its real-time user awareness from 2003 and offers increased visibility into applications, users, content, hosts, attacks, vulnerabilities, behaviour and changes in a user's environment. It then correlates this information with user identity and reputation intelligence to assess risks and threat impact to make more precise enforcement decisions.
The company's existing FirePOWER platform delivers deep inspection and can be configured at the customer's discretion as an next generation IPS, a next generation IPS with application control or as a next generation firewall, providing the customer ultimate flexibility to deploy appliances to match their infrastructure needs and scale over time.
Lamar said: “This is a growth opportunity for us and we see it as an expectation of the market. Security is a big data problem and our focus is that users have security incident and event management (SIEM) for a reason; to understand what multi-product data is coming in but there is no closed loop. FireSIGHT gets the information and makes the decision so it is good for compliance and governance.”