Content

Sourcefire 3D System

Sourcefire's Intrusion Sensor 2000 (IS2000) is an Intel-based appliance that runs a hardened version of Linux and the intrusion detection software. It uses two Fast Ethernet interfaces and has a throughput of 100Mbps.

After connecting a keyboard and monitor, the set up wizard gets you to create a management IP address, which runs from a dedicated network port.

The IS2000 is then managed using its web-browser interface. It's not the prettiest interface we have used, and comes across as being quite complex to get to grips with, but there's a full range of protection on offer. Profiles are created based on the attack signatures you want to look out for and the action you want to take. The IS2000 uses Snort as its detection engine, so you can easily write your own rules or use those provided by other people. It helps keep the system flexible and able to deal with threats quickly.

The IS2000 can also monitor your network and create a baseline profile; any anomalous traffic is then flagged to be dealt with. It also means that your network is ready for zero-day attacks.

But the IS2000 isn't really happy being used in this standalone mode. It's much better when used as part of Sourcefire's 3D System, which also uses the Defense Center appliance.

This appliance serves as the centralized management for all of your intrusion sensors. It lets you delegate management, write policies and send them to multiple sensors, and collates data network-wide. Reporting is strong, and it's easy to get an overall view of the network and deal with new threats efficiently.

That is not the end of the 3D System. Sourcefire also has its Realtime Network Awareness sensors that sit on the network and monitor it passively for changes, such as an unauthorized machine on the network. Sourcefire's 3D System is by far the most comprehensive product on test. Its multi-pronged approach gives it a clear detection and threat neutralization advantage.

Its complex, multi-component approach won't sit well on small networks, and neither will the cost. But for large networks, the array of detection sensors, excellent centralized management and effective threat prevention makes this a powerful system.

Product title
Sourcefire 3D System
Product info
Name: Sourcefire 3D System (Group Test: Intrusion prevention) Description: Price: $13,325
Strength
Excellent overall network protection.
Weakness
Without Defense Sensor, management is a bit cumbersome.
Verdict
There are better standalone products, but the full 3-D System is the most comprehensive IPS on the market.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.