Sourcefire seeks fresh security approach

Sourcefire is launching Enterprise Threat Management. Sourcefire says the open source tool Snort is the backbone of the new strategy.

Network intrusion prevention vendor Sourcefire, which went public last month, is revamping its product offering in what it calls a new strategy called Enterprise Threat Management.

The software vendor said that Snort, the open source packet-sniffer, would remain the backbone of its new strategy, which combines intrusion prevention, network behavior analysis and network access control and vulnerability assessment.

"This open source community gives us really the ability to communicate with customers like no other company in the security market can," said Michele Perry, Sourcefire's chief marketing officer. "We're very committed to the open source community. We continue to offer the engine. It's something we want to invest and expand."

Perry said Sourcefire has no plans to start charging for Snort. The company offers a free version of the rules that go into the Snort tool and a paid customer-version.

The vendor is introducing Master Defense Center, which is the main interface to aggregating security and policy events from up to ten appliances that can be deployed to view and prioritize events.

"This allows customers to put defence centres around the world and have one master centre to pull reports and gain better visibility across the enterprise," Perry said.

Also being added is Network Usage Control, a utility that allows customers to set and enforce network user behavior policies. Through the Sourcefire Defense Center, customers can create compliance profiles and baseline configurations of acceptable behavior and use Sourcefire's real time network awareness (RNA) sensors to identify policy and regulatory non-compliance.

Perry said the new products can be purchased separately. The RNA works in conjunction with the Master Defense Center, Perry said.

More companies are turning to intrusion prevention systems to monitor the environment for insider threats, said Charles Kolodgy, a research director of secure content and threat management products at IDC. Sourcefire's challenge will be to differentiate itself against the likes of much larger competitors, Juniper Networks, Cisco Systems, ISS (now part of IBM Global Services) and TippingPoint Technologies (now a division within 3Com).

"IPS vendors continue to try and increase the knowledge that is available to respond to an attack and Sourcefire is trying to build on what it started with RNA," Kolodgy said.

While larger vendors have more resources, the market for Sourcefire's RNA technology, which monitors network behavior, is dominated by much smaller players, including Waltham, Mass.-based Q1 Labs Inc., Kolodgy said.

While Snort remains the backbone of the strategy, Perry said Sourcefire will focus more on its RNA sensors, which enable network monitoring and analysis.

"Snort is a very important component. You'll see us doing more around RNA but not any less around Snort," Perry said. "RNA is so important as the foundation of the intelligence of the network behavior analysis component."

The base price of the defence centre is $39,495. The price of the IPS components depends on network speed and start at $3,995.

Read more on Antivirus, firewall and IDS products