Network intrusion prevention vendor Sourcefire, which went public
last month, is revamping its product offering in what it calls a
new strategy called Enterprise Threat Management.
The software vendor said that
Snort, the open source packet-sniffer, would remain the
backbone of its new strategy, which combines intrusion prevention,
network behavior analysis and network access control and
vulnerability assessment.
"This open source community gives us really the ability to
communicate with customers like no other company in the security
market can," said Michele Perry, Sourcefire's chief marketing
officer. "We're very committed to the open source community. We
continue to offer the engine. It's something we want to invest and
expand."
Perry said Sourcefire has no plans to start charging for Snort.
The company offers a free version of the rules that go into the
Snort tool and a paid customer-version.
The vendor is introducing Master Defense Center, which is the
main interface to aggregating security and policy events from up to
ten appliances that can be deployed to view and prioritize
events.
"This allows customers to put defence centres around the world
and have one master centre to pull reports and gain better
visibility across the enterprise," Perry said.
Also being added is Network Usage Control, a utility that allows
customers to set and enforce network user behavior policies.
Through the Sourcefire Defense Center, customers can create
compliance profiles and baseline configurations of acceptable
behavior and use Sourcefire's real time network awareness (RNA)
sensors to identify policy and regulatory non-compliance.
Perry said the new products can be purchased separately. The RNA
works in conjunction with the Master Defense Center, Perry
said.
More companies are turning to intrusion prevention systems to
monitor the environment for insider threats, said Charles Kolodgy,
a research director of secure content and threat management
products at IDC. Sourcefire's challenge will be to differentiate
itself against the likes of much larger competitors, Juniper
Networks, Cisco Systems, ISS (now part of IBM Global Services) and
TippingPoint Technologies (now a division within 3Com).
"
IPS vendors continue to try and increase the knowledge that is
available to respond to an attack and Sourcefire is trying to build
on what it started with RNA," Kolodgy said.
While larger vendors have more resources, the market for
Sourcefire's RNA technology, which monitors network behavior, is
dominated by much smaller players, including Waltham, Mass.-based
Q1 Labs Inc., Kolodgy said.
While Snort remains the backbone of the strategy, Perry said
Sourcefire will focus more on its RNA sensors, which enable network
monitoring and analysis.
"Snort is a very important component. You'll see us doing more
around RNA but not any less around Snort," Perry said. "RNA is so
important as the foundation of the intelligence of the network
behavior analysis component."
The base price of the defence centre is $39,495. The price of
the IPS components depends on network speed and start at
$3,995.