Sourcefire Expands IPS App Awareness

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

In an effort to secure its users, Sourcefire (NASDAQ: FIRE), a vendor specializing in intrusion prevention systems, this week is improving its ability to identify applications and protect enterprises from security risks.

Intrusion prevention systems (IPS) are a widely deployed network security technology intended to help prevent unauthorized access to a network. When it comes to protecting networks against applications traveling over HTTP, being able to identify application traffic is critical to helping keep enterprises secure.

With its 3D System 4.9.1 release, Sourcefire is implementing a new architecture to speed the addition of new application awareness capabilities. The improved application awareness could help to change the definition of how an IPS fits into network security.

"In 4.9.1 [Sourcefire is] adding more than a dozen new detectors for applications and HTTP services," Steve Piper, senior director of products at Sourcefire, told InternetNews.com. "We are also providing new infrastructure so we can enable new RNA [real-time network awareness] detectors on a more frequent basis than on a once- or twice-a-year basis when we release product updates. So we can update the RNA library much more frequently than we could before."

Piper explained that Sourcefire has a number of different update cycles to ensure that IPS users are secured. The core open source Snort rule updates come in what he referred to as security enhancement updates (SEU), which may also contain Snort engine enhancements.

Then on a monthly basis, Sourcefire provides its users with vulnerability database updates (VDB) for impact assessment of security risks.

Now thanks to the new infrastructure in Sourcefire 3D 4.9.1, the firm plans to provide new RNA detectors on a monthly basis. Previously Sourcefire only provided new detectors when it had major and minor version number product updates. The last major Sourcefire 3D update was the 4.9.0 update, which was released in June 2009.

The core Sourcefire IPS solution is built on top of the open source Snort IPS project, which Sourcefire helps to lead. The RNA component of Sourcefire, however, is not open source.

Piper explained that the RNA detectors provide a fingerprint for an operating system and applications.

"We're looking into the payload of the packets, which is where we can detect applications like Gmail and MySpace," he said. "The benefit of that is if there was a vulnerability related to Gmail or some security issue than you could select IPS rules that are related."

He added that having application awareness on the IPS can be used to set up network compliance rules, so a network administrator could be alerted if an end point or users falls out of compliance with an enterprise's usage policies.

As for the future of Sourcefire 3D, the roadmap is currently under consideration.

"Whether the next version is 4.10 or 5.0, we're working that out now and finalizing the list of capabilities that will be in that release," Piper said.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.