Sourcefire to crash next-generation firewall party

Company combining Snort IPS technology with firewall, VPN functionality

Sourcefire Wednesday said it will enter the next-generation firewall market in mid-2011 with appliances that combine firewall/VPN functionality with intrusion prevention, Web URL and anti-virus filtering.

Best known today for its intrusion-prevention technology and shepherding of open-source code Snort, Sourcefire says it will come out with a range of stateful packet-filtering  and application-control firewalls expected to support 10M to 10Gbps speeds. The Sourcefire firewall/VPN models will also include anti-virus filtering — Sourcefire acquired anti-virus open-source Clam AntiVirus  three years ago — as well as blacklisting controls.

Is open-source Snort dead?

Sourcefire CTO Martin Roesch says the company  believes it can thrive in an increasingly competitive field because "our IPS technology is fundamentally superior to what's out there."

While definitions of what a "next-generation firewall" (NGFW) is can differ, it is certainly equipment that goes far beyond simple-port-based filtering of earlier firewalls, especially as port-based filtering is increasingly viewed as inefficient if not irrelevant. In some definitions, such as one espoused by Gartner, these systems include intrusion-prevention controls well-integrated within the firewall, not running each separately. Many would also see the need for a next-generation firewall to be able to recognize applications and make decisions on whether these are to be allowed in the enterprise and for whom.

"The enterprise firewall market is primarily one of displacement — any firewall being offered from an IPS vendor has to be able to meet or beat the incumbents on enterprise firewall capabilities," says Gartner analyst Greg Young. "A mistake for any IPS vendor would be to have anything less than a full-featured NGFW."

Roesch says: "Our awareness technologies will allow us to make this 'user aware' for identity-based policies."

In entering this field, Sourcefire will bump up against players that include Palo Alto Networks, which has specialized in application-aware firewall design, as well as JuniperCheck Point and Cisco, which is adding IPS functionality into its Adaptive Security Appliance  5585-X by year-end.

In other news, Sourcefire announced that it's selling three Defense Center Awareness Bundles that are available in pre-configured form Sourcefire products such as Real-time Network Awareness (RNA) sensor, Real-time User Awareness,  Defense Center and next-generation IPS. The advantage, in addition to lower total costs, according to Roesch, is that the bundles represent equipment that's "configured in advance. Instead of tuning your IPS manually, it inspects your traffic and tunes itself."

Learn more about this topic

How we tested Sourcefire's 3D System

Network IPS tests reveal equipment shortcomings

Security firm Sourcefire gaining financial strength

Next-generation firewall service: what is it?

Open-source Razorback project targets malware, zero-day exploits

Five great open-source projects

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies