Sourcefire Accelerates IPS to 40 GbE
Intrusion prevention scaled to 40 gigabit Ethernet as demands continue to rise.
In the world of security inspection, speed matters. To that end, Sourcefire (NASDAQ:FIRE) today announced a new set of intrusion prevention systems (IPS), including their first to include a 40 gigabit Ethernet (40 GbE) interface port for high-speed data center connectivity.
Sourcefire is also introducing a new device for SSL security inspection to help protect against risks that could come into an organization by way of encrypted traffic.
The new 3D8250 IPS appliance with 40 GbE is an expansion of the Linux-powered 3D8000 series that Sourcefire announced in April. (The initial launch included the 3D8260 device that has 40 gigabit (Gbps) of throughput but does not have 40 GbE interfaces.)
"This is essentially double what we put on the 8260," Leon Ward, EMEA field product manager for Sourcefire explained to InternetNews.com.
In addition to the new 3D8000 appliance, Sourcefire is also rolling out the 3D7000 series of IPS appliances. Ward explained that the 8000 series of appliances are modular, enabling administrators to put in different modules for connectivity.
"The 7000 series are fixed port configurations," Ward said. "We find that customers that need lower end devices don't generally have things like 10 gigabit networks."
Ward added that if a customer does need 10 gigabit Ethernet, they probably need a box that can do more than 1 gigabit per second of throughput. Sourcefire's new 3D7000 IPS boxes include the 8 port 3D7120 which can provide up to 1 Gbps of IPS inspection and the 3D7110 which delivers 500 Mbps of inspection.
When it comes to inspecting SSL traffic, Sourcefire has a new box that is dedicated to peeking into encrypted traffic to indentify risk. The SSL-2000 provides up to 2 Gbps of inspection and is available in 12 port gigabit Ethernet and 6 port 10 Gigabit Ethernet interfaces
"SSL appliance enables IPS sensors to see inside to detect attacks and misuse inside of SSL traffic," Ward said.
Ward explained that the appliance uses deep packet inspection technology to find SSL traffic on a network. He added that it doesn't rely on simply filtering traffic from port 443, which is the standard Web server port for SSL encrypted traffic.
"It looks for SSL regardless of port or protocol," Ward said.
SSL traffic risk aren't just found in data packets, the risk can also come from the integrity of the certificate, as well. Recently, Dutch SSL Certificate Authority DigiNotar was breached exposing Google, Mozilla and others to risk.
"There is no silver bullet to fixing all trust chain issues if a certificate authority is breached," Ward said. "With DigiNotar we had a CA that was trusted that then became untrusted."
Ward noted that Sourcefire's SSL appliance gives enterprise security teams an element of control over how SSL is managed.
"If all traffic goes through the SSL appliance you can do things such as removing the trust chain for a CA that you don't want to allow," Ward said.
Ward added that the system can also be used to only allow certificates for a particular domain to be signed and by a specific CA.