Sourcefire, detects intrusion and prevention systems for the organization’s solutions portfolio. It offers IPSx, IPS and NGIPS which is available with Advanced Threat Protection. The system gathers information about network and host configurations, applications and operating systems, user identity, and network behavior and traffic baselines.
SourcefireIntrusion prevention systems use different methods to detectsecurity incidents. Onlyone method is not effective for detecting and stopping incidents instead. They have settled on a number of well-knownways to accomplish.One of the main problems with a signature-based approach is the inability to detect zero-dayattacks.
By having the utmost visibility into the network, Next-Generation Intrusion Prevention System (NGIPS) offers event impact assessment, automated IPS tuning, and user identification to significantly lower the total cost of ownership.This IPS helps to monitor network traffic and system activities for malicious activity. It can send an alarm, dropthe malicious packets, reset the connection and block the traffic from the IP address.
• Automatically determines threat relevancy, threat severity, and self-tunes to defend against attacks; increases security by maximizing throughput, and reducing operational costs.
• Automatically identifies the types of applications on the network and recognizes policy violations.
• Automatically links Active Directory and LDAP users to events.
• Monitors bandwidth consumption, troubleshoot network performance degradation, and automatically quarantine internal hosts with malware before it spreads.
• Detects and quarantines internal threats by establishing normal traffic baselines and detects network anomalies.
It discovers, assesses, and responds to the hacking activities, intrusion attempts, and vulnerabilities to stay ahead of threats which develop vulnerability-based rules to protect. It easily integrates Sourcefire IPS solutions with a variety of third-party technologies.
An organization runs many instances of operating systems on a singleserver. This permits an organization to greatly enhance theefficiency of its server hardware, by grouping many separatelyrunning operating systems onto a single server.
When anIPS fails to recognize an intrusion or other security event it can occur if the IPS doesn’t have up-to-date rules. When an IPS is placed in inline blocking mode, false negativesare generally far more damaging to an organization. A false negative permits bad traffic to enter thenetwork, potentially leading to possibly stolen or lost data. A false positive blocks good traffic from entering the network leading to lost businessor productivity.