Sourcefire Wednesday said it will enter the next-generation firewall market in mid-2011 with appliances that combine firewall/VPN functionality with intrusion prevention, Web URL and anti-virus filtering.
Best known today for its intrusion-prevention technology and shepherding of open-source code Snort, Sourcefire says it will come out with a range of stateful packet-filtering and application-control firewalls expected to support 10M to 10Gbps speeds. The Sourcefire firewall/VPN models will also include anti-virus filtering — Sourcefire acquired anti-virus open-source Clam AntiVirus three years ago — as well as blacklisting controls.
Sourcefire CTO Martin Roesch says the company believes it can thrive in an increasingly competitive field because "our IPS technology is fundamentally superior to what's out there."
While definitions of what a "next-generation firewall" (NGFW) is can differ, it is certainly equipment that goes far beyond simple-port-based filtering of earlier firewalls, especially as port-based filtering is increasingly viewed as inefficient if not irrelevant. In some definitions, such as one espoused by Gartner, these systems include intrusion-prevention controls well-integrated within the firewall, not running each separately. Many would also see the need for a next-generation firewall to be able to recognize applications and make decisions on whether these are to be allowed in the enterprise and for whom.
"The enterprise firewall market is primarily one of displacement — any firewall being offered from an IPS vendor has to be able to meet or beat the incumbents on enterprise firewall capabilities," says Gartner analyst Greg Young. "A mistake for any IPS vendor would be to have anything less than a full-featured NGFW."
Roesch says: "Our awareness technologies will allow us to make this 'user aware' for identity-based policies."
In entering this field, Sourcefire will bump up against players that include Palo Alto Networks, which has specialized in application-aware firewall design, as well as Juniper, Check Point and Cisco, which is adding IPS functionality into its Adaptive Security Appliance 5585-X by year-end.
In other news, Sourcefire announced that it's selling three Defense Center Awareness Bundles that are available in pre-configured form Sourcefire products such as Real-time Network Awareness (RNA) sensor, Real-time User Awareness, Defense Center and next-generation IPS. The advantage, in addition to lower total costs, according to Roesch, is that the bundles represent equipment that's "configured in advance. Instead of tuning your IPS manually, it inspects your traffic and tunes itself."