Sourcefire 3D1000

sourcefire_3d1000_md

The Sourcefire Virtual 3D1000 Sensor™ extends the 3D System to far corners of the network where IT security resources don't exist or the deployment of physical 3D Sensors is impractical. Virtual 3D Sensors also provide the capability to inspect VM-to-VM communications, providing the same protection as their physical sensor counterparts. The Virtual 3D Sensor offers support for inspection of network traffic at speeds up to 45Mbps.

Portfolio
Overview
Features
Specifications
Data Sheets

Sourcefire is a world leader in intelligent cybersecurity solutions. Our flagship family of intrusion detection and prevention systems (IDS/IPS) lies at the heart of our security solutions portfolio. We offer a range of IPS solutions as well as several complementary products to protect your network.

IPS Solutions Portfolio

Features	IPSx	IPS	NGIPS
IPS Detection & Blocking	✓	✓	✓
Snort Rules & SEUs	✓	✓	✓
Reporting & Dashboard	✓	✓	✓
Policy Management	✓	✓	✓
Snort Rule Editing		✓	✓
Custom Workflows & Tables		✓	✓
Impact Assessment			✓
Automated Tuning			✓
Host Profiles & Network Map			✓
Network Behavior Analysis			✓
Application Monitoring			✓
User Identify Tracking			✓

Next-Generation IPS (NGIPS) and IPS: For large networks with dedicated security teams, Sourcefire Next-Generation IPS (NGIPS) includes network, application, behavior, and identity awareness for improved visibility and automation. For security teams that need robust protection features without awareness, we offer Sourcefire IPS.

Sourcefire IPSx™: For smaller networks managed by network administrators and IT generalists, IPSx secures networks and meets compliance mandates with minimal administrative attention.

All Sourcefire 3D Sensors for NGIPS, IPS, and IPSx operate in either inline intrusion prevention (IPS) or passive intrusion detection (IDS) modes and come with fail-open capabilities standard to safeguard constant network availability.

Complementary Sourcefire Products

Centralized Management: The Sourcefire Defense Center^® centrally manages Sourcefire IPS sensors and enables you to categorize events, generate recurring reports, schedule automated Snort rule updates, configure policies, and display customizable dashboards to quickly communicate sensor feedback.

Virtualization: The Sourcefire Virtual IPS™ and Sourcefire Virtual Defense Center™ are available for VMware and XEN platforms. These virtual appliances enable you to inspect traffic between virtual machines (VMs) and simplify your deployment and management of sensors at remote sites where resources may be limited. Plus, you can mix and match physical and virtual Defense Centers and sensors to fit your needs.

SSL Inspection: Sourcefire SSL Appliances decrypt SSL traffic at up to 2Gbps line rate to enable existing security appliances to effectively inspect SSL traffic and then place the SSL-encrypted traffic back on the network for its final destination. SSL Appliance operates transparently on the network and supports both passive and inline network configurations.

Anti-malware external link: Most anti-malware products slow down an endpoint and require large downloads of the latest detection. Immunet™ provides accurate, lightweight end-point protection by moving detection and analysis to the cloud for true, real-time protection. Try Immunet today by itself or run it alongside your existing antivirus or anti-malware solution.

Why Sourcefire?

We offer the best protection—period. As the creator of Snort^®, the de facto standard for intrusion detection and prevention, our roots are in security. All Sourcefire IPS solutions are backed by the Sourcefire Vulnerability Research Team™ (VRT) and provide extensive threat protection. As a result, more organizations rely on Sourcefire IPS technology than any other technology on the market. Don’t just take our word for it, here’s proof from the industry:

Fastest and most accurate detection tested by NSS Labs
Leader in the Gartner Magic Quadrant for Network IPS Appliances external link
Best IDS/IPS from SC Magazine
ICSA Labs Certified

Today's networks are highly dynamic. Threats are constantly evolving and becoming more sophisticated. Network security breaches continue to occur because static defenses can't protect today's dynamic networks against dynamic threats. Learn why more organizations depend on Snort® than any other intrusion prevention technology worldwide, and why thousands of enterprises rely on Sourcefire's IPS and real-time adaptive security solution to protect their networks.

SourceFire IPS - The Foundation of the SourceFire 3D System

Snort—the De Facto Standard for Intrusion Prevention
Built on Snort, the de facto standard for intrusion detection and prevention (IDS/IPS), Sourcefire IPS™ (Intrusion Prevention System) is the foundation of the award-winning Sourcefire 3D® System. Sourcefire IPS uses a powerful combination of vulnerability- and anomaly-based inspection methods—at line speeds up to 10Gbps—to analyze network traffic and prevent threats from damaging your network. Additionally, when Sourcefire IPS is deployed with the Sourcefire SSL Appliance, the benefits of the IPS are extended to SSL-encrypted traffic. Whether deployed at the perimeter, in the DMZ, in the core, or at critical network segments, Sourcefire's easy-to-use IPS appliances provide comprehensive threat protection.

Sourcefire IPS contains multiple default policies for out-of-the box blocking, drawing from a comprehensive library of open Snort rules. Open rules allow customers to verify that rules address the vulnerabilities for which coverage is claimed and to create new rules or modify existing ones to protect custom applications and systems. Sourcefire's IPS can be deployed in inline blocking and/or passive alerting modes, and can remediate attacks using external devices, such as fi rewalls, routers, patch management systems, and more.

Snort, created by Sourcefire, has nearly 4 million downloads and approximately 300,000 registered users. More organizations rely on Snort than any other intrusion prevention technology worldwide. Over the past decade, the Snort community has grown to become an entire ecosystem, from user groups, to books, to classes taught at hundreds of colleges and universities. More IT security professionals are familiar with Snort than any other IPS technology in the market. Sourcefire customers benefi t from this extensive Snort ecosystem on day one.

Protection Against Known and Unknown Threats
The Sourcefire Vulnerability Research Team™ (VRT) works around the clock to ensure that Sourcefire commercial customers and open source Snort users are protected against both known and unknown threats. The VRT leads the IPS industry in addressing Microsoft Tuesday vulnerabilities on the same day they are announced.

It's often the unknown threat that can be the most damaging. That's why Sourcefire publishes vulnerability-based Snort rules. Unlike an IPS that relies primarily on exploit-based signatures, Snort rules offer protection against any possible exploitation of a vulnerability. This was illustrated when Sourcefire protected its 3D customers and open source Snort users more than two years in advance of the Conficker worm.

Sourcefire's IPS appliances provide comprehensive threat protection against:

Worms
Trojans
Backdoor attacks
Spyware
Port scans
VoIP attacks
IPv6 attacks

DoS attacks
Buffer overflows
P2P attacks
Statistical anomalies
Protocol anomalies
Application anomalies
Malformed traffic

Invalid headers
Blended threats
Rate-based attacks
Zero-day threats
TCP segmentation and IP fragmentation

Protection for Physical and Virtual Environments
Purpose-built, ICSA-certified Sourcefire 3D Sensors are available with throughputs from 5Mbps up to 10Gbps. 3D Sensors are available with fault-tolerant features, such as fail-open copper and fiber ports, dual power supplies, and RAID drives.

Centralized Event Aggregation and Analysis
Using the feature-rich, yet easy-to-use, Sourcefire Defense Center® (DC) or Sourcefire Virtual Defense Center™ management console, customers can analyze events, configure and push IPS policies, automatically download and apply Snort rule updates, and more. Powered by the Snort detection engine, Sourcefire IPS excels with detailed packet-level forensics and sophisticated, customizable workfl ows for investigating security events as they occur. For larger deployments, customers can leverage Sourcefire's Master Defense Center (MDC) technology to manage multiple DCs and hundreds of physical and/or virtual 3D Sensors across their entire organization.

sourcefire-defense-in_depth

Sourcefire supports a Defense-in-Depth intrusion prevention strategy by allowing physical or virtual Sourcefire 3D Sensors to be positioned in all areas of the network. Sourcefire Defense Center orchestrates all event aggregation, analysis, and IPS policy management.

Reports, Alerts, and Dashboards
Defense Center provides customers with numerous reports, alerts, and dashboards. Customers can leverage a variety of pre-defined report templates or create custom reports to meet the needs of any organization. They can receive alerts in the form of syslog entries, email messages, or SNMP alerts. Customers can also create fully customized dashboards with dozens of dragand- drop "widgets" that display critical information in the form of tables and graphs.

Features and Benefits:

Key Sourcefire IPS Capabilities

Snort IPS detection engine
Snort ruleset offers protection from constantly evolving vulnerabilities
Open rules language—view, edit, and create Snort rules
Operates on physical and virtual Sourcefire 3D Sensors
Reports, alerts, and dashboards
Multiple default IPS policies
Packet-level forensics
Sophisticated, customizable workflows

Snort—the De Facto IPS Standard

Invented in 1998 by Martin Roesch, Sourcefire Founder and CTO
Most widely-deployed IPS technology worldwide
Used by 80% of Fortune 100
Used by the 30 largest U.S. government agencies
Used by 42% of Global 500
Snort community has become an entire ecosystem:
- Approximately 300,000 registered users
- Dozens of Snort books published
- Classes taught at colleges and universities
- User groups
- Discussion lists and forums

High Availability Features

Dual power supplies
Fail-open ports
RAID drives

Sourcefire Defense Center Key Capabilities

Centralized event monitoring
Manages physical and virtual Sourcefire 3D Sensors
Customizable dashboards with numerous widgets
Syslog, email, and SNMP alerts
Sophisticated and customizable reporting
Third-party integration APIs
LDAP and RADIUS support
Automated VRT rules updates
Master Defense Center (MDC) scalability

Real-time Adaptive Security Solution Key Benefits

Know what's on your network in real time
Save time by signifi cantly reducing quantity of actionable security events
Reduce risk by ensuring IPS is optimized to protect your dynamically changing network
Enables organizations with small network security staffs to effectively protect their networks

Real-Time Network Intelligence

Sourcefire RNA® (Real-time Network Awareness) provides 24x7, passive network intelligence, storing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on the network. RNA collects this intelligence in a completely passive manner, while seamlessly integrating the intelligence with the 3D System. RNA's host database can also be augmented with information gathered by active discovery tools to further expand the store of network intelligence. Combine RNA's real-time network visibility with Sourcefire RUA® (Real-time User Awareness), a technology that links user identity to security and compliance events, and organizations have enterprise-wide intelligence on their dynamic networks and users.

Automated Impact Assessment

IT security professionals don't have time to sift through hundreds or thousands of security events each day to try to fi gure out which events matter most. By leveraging Sourcefire RNA's real-time network intelligence, customers can take their Sourcefire IPS to the next level. Threat intelligence is automatically correlated against RNA's real-time target host intelligence to determine the relevance and impact of an attack. With automated impact assessment, events are typically reduced by up to 99%, allowing administrators to focus on the events that can actually affect their networks.

Automated IPS Tuning

IT security professionals don't have time to constantly "tune" their IPSes as their networks change. By incorporating RNA's real-time network intelligence into the Sourcefire IPS, the ongoing process of IPS tuning can also be automated. As your network evolves, RNA-Recommended Rules takes the guesswork out of determining which Snort rules to enable and disable. RNA recommends relevant Snort rules based on the network it's protecting, and Snort rules can be enabled with or without human intervention.

The use of Sourcefire's real-time adaptive security solution results in less manual event investigation and IPS tuning by your IT security staff, lower potential for network downtime, and lower cost of operations. By having realtime knowledge of what's running on your network, the 3D System saves you time and effort and maximizes protection of your ever-changing network.

Take The Next Step to Protect Your Network:

Sourcefire is the only IPS provider offering dynamic defenses against the threats aimed at your constantly changing network. Sourcefire's key capabilities include:

Superior attack protection:

Snort IPS detection engine
Vulnerability-based Snort rules
Open rules language—view, edit, and create Snort rules
Multiple default IPS policies
ICSA Labs certified and NSS Labs tested

Most contextual information about threats:

24x7, passive network intelligence
User identity tracking

Only network security provider to offer a real-time adaptive security solution:

Real-time, automated intrusion event impact assessment
Automated IPS tuning based on actual network assets

Integrated system managed from a single, easy-to-use management console:

"Manager of managers" enterprise-class scalability through MDC technology

Excellent forensics and event analysis:

Powerful event viewing system
Full packet logging

Model	3D500	3D1000	3D2000	3D2100
Performance and Functionality
Supported Line Speed (IPS/IDS)	5Mbps	45Mbps	100Mbps	250Mbps
Monitoring Interfaces	(4) Copper 1Gbps	(4) Copper 1Gbps	(4) Copper 1Gbps	(4) Copper 1Gbps
Management Interfaces	RJ45	RJ45	RJ45	RJ45
Typical Latency	< 1 millisecond	< 1 millisecond	< 1 millisecond	< 1 millisecond
Memory (RAM)	256MB	512MB	1GB	1GB
Disk Capacity	40GB	40GB	40GB	160GB
Stacking Support	No	No	No	No
Redundancy Features
Dual Power Supplies	N/A	N/A	N/A	N/A
Hard Drives	N/A	N/A	N/A	N/A
RAID Support	N/A	N/A	N/A	N/A
Cooling Fans	1	1	1	4
Physical and Environmental
Form Factor	Desktop or rackmount	Desktop or rackmount	Desktop or rackmount	1U
Dimensions (D x W x H)	6.7 x 11.8 x 1.25 inches	6.7 x 11.8 x 1.25 inches	6.7 x 11.8 x 1.25 inches	20 x 16.93 x 1.7 inches
Shipping Weight (lbs)	10lbs	10lbs	10lbs	38lbs
Amps	5@12V	5@12V	5@12V	6.3@110V / 3.2@220V
Voltage	100-240V	100-240V	100-240V	100-240V
Watts (max)	60	60	60	630
BTU Rating (hour)	205	205	205	205
Operating Temperature	0˚C - 40˚C	0˚C - 40˚C	0˚C - 40˚C	0˚C - 40˚C
RoHS	Yes	Yes	Yes	Yes