Sourcefire introduces enterprise threat management strategy 29 April, 2007 By Patricia Pickett

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

The Columbia, Md.-based vendor's ETM strategy is a response to the very "bucketed," point-product approach security vendors have taken in the past, said Michele Perry, Sourcefire's chief marketing officer. "In the security world, every time there has been another threat, another box has shown up," Perry said. "We wanted to start from the beginning and have (all of solutions) work together."

A key piece of the vendor's ETM strategy is Sourcefire 3D System, which, up until now, has concentrated mostly on intrusion prevention (IPS), with some focus on the network behaviour analysis (NBA) side. Sourcefire is now adding network access control (NAC) and vulnerability assessment (VA) to the 3D System, integrating four capabilities under one management console.

Unifying these solutions will help address the problem of having to manage all these products separately, and not having a way to determine correlations between threat, network, endpoint and user data. Through an ETM approach, customers can defend against unknown exploits; capture traffic baselines and detect network anomalies; enforce network and regulatory compliance policies; and determine vulnerabilities in network assets to mitigate threats. "The four technologies share a lot of functionality, intelligence and data," said Perry. The same rules will be tied to the different products so that "everything is communicating... and you can stop working harder on security and start working smarter."

As part of the 3D System, Sourcefire is introducing its Master Defense Center (MDC), which can aggregate security and policy events from up to 10 subordinate Defense Center appliances. Enterprises with multiple Defense Centers can view and prioritize events from a single web-based management interface, Perry explained.

Sourcefire also launched Network Usage Control, a post-connect NAC capability that enables customers to set and enforce policies dictating acceptable network user behaviour. The vendor is leaving pre-connect NAC to vendors like Cisco and Microsoft, whose solutions ensure a clean machine and "good desktop hygiene" during the first five minutes of getting onto a network, said Perry. Instead, "we're focusing on the other 23 hours and 55 minutes" of the day. Customers can create a whitelist of compliance profiles and baseline configurations of acceptable behaviour and then use the vendor's Real-Time Network Awareness (RNA) sensor, which offers 24/7 passive monitoring, to identify policy and regulatory non-compliance. Network Usage Control then immediately notifies users of any policy violations, Perry said.

Since the ETM offering address several different customer needs in one package, Sourcefire anticipates it will be attractive to channel partners. "This is a great product for resellers because they can just train on one product," Perry said. In addition, "because it's an integrated thing, it should make it easier for them to sell in the market compared to other solutions." Sourcefire is currently going through the process of rolling out its ETM products to the channel and is offering web-based training to get partners up to speed, she said.