Sourcefire improves intrusion prevention with new network processor

Open-source vendor markets its high-end systems at large enterprises, and easy set-up IPSx hardware at mid-sized firms

Network security vendor Sourcefire today launched intrusion prevention system (IPS) hardware and software aimed at medium-sized and large enterprise customers.

For large enterprises, Sourcefire unveiled its 3D8000 series of high-end IPS hardware offering users 40Gbit/s of throughput at single ports, and 20Gbit/s of IPS inspection throughput at ISO layer 7 (the application and data content layer).

"The 3D8000 series appliances have a new network technology built into the systems called FirePOWER. FirePOWER is a custom-designed network processor that accelerates acquisition and classification of network data," said Dominic Storey, EMEA technical director at Sourcefire.

"The systems also consume less power allowing a much better watts-per-megabit-of-network-traffic-inspected metric to be achieved."

There are three models in the 3D8000 range: the 1U 3D8140, the 2U 3D8250 and the 4U 3D8260, classified according to the amount of network traffic throughput that each model can deliver to the FirePOWER processor: respectively, 10, 20 and 40Gbit/s.

At the end of the year, the company will offer an implementation of a 40Gbit/s IPS module through a single LAN port rather than through aggregated ports.

"This is a straight IEEE standard 40Gbit/s network feed over optical fibre," said Storey. "We're not aggregating four 10Gbit/s ports through the chassis backplane."

Companies deploying 3D8000 hardware can also stack the systems to increase network throughput, if required.

"You can stack two 8140s and get 20Gbit/s of network throughput out of them," said Storey. "Similarly, stacking two 8250s will deliver 40Gbit/s."

Network throughput and actual IPS inspection throughput are different, however. Storey claimed Sourcefire's hardware has a real-world IPS throughput of 27.6Gbit/s, compared to its nearest competitor's performance of 11.5Gbit/s.

Sourcefire is also launching a new offering aimed at medium-sized companies that are network security generalists, rather than network security specialists.

"The IPSx hardware and software has the same core technology IPS as our higher-end models, but the interface is simpler and designed to be installed and configured more quickly," added Storey.

There are three versions of the system: the IPSx250 Sensor rated for 250Mbit/s network throughput, the IPSx500 Sensor for 500Mbit/s throughput, and the IPSx1000 Sensor for 1Gbit/s throughput.

Storey said there is also a DC750x Management Console for aggregating results that is able to manage multiple IPSx Sensor hardware deployments, with a maximum of 10 IPSx Sensors to one Management Console.

Sourcefire is also offering a free upgrade to businesses running its 3D network sensor system to the later version 4.1.

This version adds Facebook and BlackBerry device detection and usage, and has added support for SMTP gateways and web proxies.

Both the SD8000 series appliances and the mid-market IPSx systems will be available in early May, but no pricing has been announced yet. The new version of Sourcefire's IPS 4.1 is available now.

Sourcefire was founded in 2001 by Snort open source intrusion engine writer Marty Roesch. Snort forms the basis for Sourcefire's current flagship security product, 3D System.