Sourcefire blends firewall and intrusion prevention systems

Sourcefire is moving into the firewall business, bringing its experience in intrusion prevention systems (IPS) such as Snort to offer a more context-aware platform that can better adapt to modern security threats than traditional firewalls, according to the firm.

Set to ship before the end of 2011, the Sourcefire Universal Network Security Platform blends next-generation firewall capabilities with the firm's existing IPS.

The result is a security platform flexible enough to serve as a firewall or IPS, depending on where in the network it is deployed, along with application control capabilities.

Explaining the move, Sourcefire product director Jason Lamar said that threats are becoming increasingly complex and sophisticated, and modern enterprise security needs visibility of the entire network in order to be effective.

"Most of our rivals are starting from the firewall perspective and adding features such as threat prevention, but we're coming from the opposite direction and applying Sourcefire's contextual awareness of application traffic to the firewall," he said.

This contextual awareness allows Sourcefire to offer greater automation in the new platform's response to threats, and provide more meaningful policy recommendations, according to the firm.

Network visibility is delivered via Sourcefire's FireSight technology, which maintains a host profile for everything on the network and has oversight of all network traffic, including applications, users and any changes to a user's environment.

"We give customers this great insight, including analytics so you can see what is happening, that you just can't get with other next-gen firewalls," said Lamar.

Access control is also more flexible, Lamar claimed, so that administrators can set policies that give workers read-only access to sites such as Facebook rather than simply blocking it, for example, while allowing the marketing manager full access to update the company profile.

Sourcefire's platform is typically delivered as a hardware network appliance, but is also available as a virtual appliance for VMware and Citrix environments, with KVM support for Red Hat Linux stacks coming soon, Sourcefire said.

Currently, the next-generation firewall is available on two models from Sourcefire's 8000 series: the 3D8140, which comes in a 1U rack-mount chassis with 10Gbit/s throughput (6Gbit/s inspected); and the 3D8250 in a 2U chassis which handles 20Gbit/s throughput (10Gbit/s inspected).

Pricing for the Sourcefire Next-Generation Firewall starts at approximately $155,000 (£99,110) for the 3D8140 model.