Network security vendor Sourcefire has combined the functions of intrusion prevention systems (IPS) and firewalls into a new series of products in an effort to give system administrators better insight and control over enterprise network activity.
The network edge is becoming less important in the overall mix of security. The NGFW can be deployed as part of a DLP strategy, looking at content wherever it flows.
The Next-Generation Firewall (NGFW), announced this month, builds on Sourcefire’s IPS technology and adds application control and firewall capabilities in a single security appliance. The firewall with content filtering provides a range of automation features to help administrators monitor contextual traffic on the network and enforce security policies.
One big advantage, according to Leon Ward, field marketing manager EMEA for Sourcefire in Wokingham, is the system provides administrators with a contextual view of what is happening on their networks. “In the traditional approach, the firewall specified a source IP address, a destination IP address and a port number, which doesn’t have much relevance to the business,” he said. “Now you can define policy in business terms, such as defining which groups of users can access Facebook, and what they can do in the application.”
The new product uses Sourcefire’s established Real-time Network Awareness (RNA) technology -- now rebranded FireSIGHT -- to provide administrators with information about which users are online, what devices they are running, what services they are accessing, and what applications they have on their devices. “With this information at their fingertips, the security team can exert more control over the network. For example, if the user is running an old browser like IE6, they might want to put limits on what that user can do,” Ward said.
The company plans to launch two appliance models by the end of December 2011, the most powerful being the 8250, which operates at up to 20Gbps for firewall processing, and 10Gbps for IPS and application control.
However, Ward does not foresee the new products replacing existing firewall estates. “Many customers are looking for segmentation in the network,” he said. “They may already have their firewalls at the network edge, but they are desperate for application visibility and control. They want to deploy NGFW, whether that is behind the firewall, or in a segmentation placement in between business units, or in between data centres.”
Bob Tarzey, senior analyst with Quocirca, a technology research company based in Windsor, agreed the new-generation firewall can supplement existing network security. “As the Jericho Forum says, the network edge is becoming less important in the overall mix of security. The NGFW can be deployed as part of a DLP strategy, looking at content wherever it flows. This is clearly where Sourcefire is focusing,” he said.
“It’s as much about content filtering as it is about application control," Tarzey added. "You’re not just looking at threats coming in from the outside, but you also need to monitor and control traffic within the organisation too.”
Tarzey described the new products as an evolution rather than a revolution. “With RNA, Sourcefire has had many of the NGFW features for some time, so this is partly a repackaging of what it’s already doing,” he said. “Sourcefire seems to be doing very well since its IPO in 2007 – its share price is at an all-time high, and revenues of around $150M make it a reasonable-size player."
However, Tarzey indicated Sourcefire may have problems defining future areas of growth, as the firewall and IDS/IPS market has consolidated over the years and is dominated by some of the larger vendors in the networking and security markets like McAfee, Hewlett-Packard and Juniper Networks.