Sourcefire 3D1000 w/ IPS FO QPC, 45Mbps

Compare All Models
Model	Sourcefire 3D1000
Performance and Functionality
Supported Line Speed (IPS/IDS	45Mbps
Monitoring Interfaces	(4) Copper 1Gbps
Management Interfaces	RJ45
Typical Latency	< 1 millisecond
Memory (RAM)	512MB
Disk Capacity	40GB
Stacking Support	No
Redundancy Features
Dual Power Supplies	n/a
Hard drives	n/a
RAID Support	n/a
Cooling Fans	1
Physical and Environmental
Form Factor	desktop or rackmount
Dimensions (DxWxH in in)	6.7 x 11.8 x 1.25
Shipping Weight (lbs)	10lbs
Amps	5@ 12V
Voltage	100-240V
Watts (max)	60
BTU Rating (hour)	205
Operating Temperature	0˚C-40˚C
RoHS	Yes

Sourcefire IPS™ (Intrusion Prevention System)

Best-in-Class Intrusion Detection and Prevention

Today’s networks are highly dynamic. Threats are constantly evolving and becoming more sophisticated. Network security breaches continue to occur because static defenses can’t protect today’s dynamic networks against dynamic threats. Learn why more organizations depend on Snort® than any other intrusion prevention technology worldwide, and why thousands of enterprises rely on Sourcefire’s IPS and real-time adaptive security solution to protect their networks.

SOURCEFIRE IPS—THE FOUNDATION OF THE SOURCEFIRE 3D® SYSTEM

Protection Against Known and Unknown Threats

The Sourcefi re Vulnerability Research Team™ (VRT) works around the clock to ensure that Sourcefire commercial customers and open source Snort users are protected against both known and unknown threats. The VRT leads the IPS industry in addressing Microsoft Tuesday vulnerabilities on the same day they are announced.

It’s often the unknown threat that can be the most damaging. That’s why Sourcefire publishes vulnerability-based Snort rules. Unlike an IPS that relies primarily on exploit-based signatures, Snort rules offer protection against any possible exploitation of a vulnerability. This was illustrated when Sourcefi re protected its 3D customers and open source Snort users more than two years in advance of the Confi cker worm.

Sourcefire’s IPS appliances provide comprehensive threat protection against:

Protection for Physical and Virtual Environments

Purpose-built, ICSA-certified Sourcefi re 3D® Sensors are available with throughputs from 5Mbps up to 10Gbps. By clustering two 10Gbps 3D9900 Sensors, the 3D System can support throughput up to 20Gbps. 3D Sensors are available with fault-tolerant features, such as fail-open copper and fiber ports, dual power supplies, and RAID drives.

The Sourcefire Virtual 3D Sensor™ extends the 3D System to far corners of the network where IT security resources don’t exist or the deployment of physical 3D Sensors is impractical. Virtual 3D Sensors also provide the capability to inspect VM-to-VM communications, providing the same protection as their physical sensor counterparts. The Virtual 3D Sensor offers support for inspection of network traffic at speeds up to 500Mbps.

Centralized Event Aggregation and Analysis

Using the feature-rich, yet easy-to-use, Sourcefire Defense Center® (DC) or Sourcefire Virtual Defense Center™ management console, customers can analyze events, confi gure and push IPS policies, automatically download and apply Snort rule updates, and more. Powered by the Snort detection engine, Sourcefire IPS excels with detailed packet-level forensics and sophisticated, customizable workflows for investigating security events as they occur. For larger deployments, customers can leverage Sourcefi re’s Master Defense Center (MDC) technology to manage multiple DCs and hundreds of physical and/or virtual 3D Sensors across their entire organization.

(click on picture to enlarge)

Sourcefire supports a Defense-in-Depth intrusion prevention strategy by allowing physical or virtual Sourcefire 3D Sensors to be positioned in all areas of the network. Sourcefire Defense Center orchestrates all event aggregation, analysis, and IPS policy management.

Reports, Alerts, and Dashboards

Defense Center provides customers with numerous reports, alerts, and dashboards. Customers can leverage a variety of pre-defi ned report templates or create custom reports to meet the needs of any organization. They can receive alerts in the form of syslog entries, email messages, or SNMP alerts. Customers can also create fully customized dashboards with dozens of dragand- drop “widgets” that display critical information in the form of tables and graphs.

SOURCEFIRE’S REAL-TIME ADAPTIVE SECURITY SOLUTION

Real-Time Network Intelligence

Sourcefire RNA® (Real-time Network Awareness) provides 24x7, passive network intelligence, storing a real-time inventory of operating systems, services, applications, protocols, and potential vulnerabilities that exist on the network. RNA collects this intelligence in a completely passive manner, while seamlessly integrating the intelligence with the 3D System. RNA’s host database can also be augmented with information gathered by active discovery tools to further expand the store of network intelligence. Combine RNA’s real-time network visibility with Sourcefire RUA® (Real-time User Awareness), a technology that links user identity to security and compliance events, and organizations have enterprise-wide intelligence on their dynamic networks and users.

Automated Impact Assessment

IT security professionals don’t have time to sift through hundreds or thousands of security events each day to try to figure out which events matter most. By leveraging Sourcefire RNA’s real-time network intelligence, customers can take their Sourcefire IPS to the next level. Threat intelligence is automatically correlated against RNA’s real-time target host intelligence to determine the relevance and impact of an attack. With automated impact assessment, events are typically reduced by up to 99%, allowing administrators to focus on the events that can actually affect their networks.

Automated IPS Tuning

IT security professionals don’t have time to constantly “tune” their IPSes as their networks change. By incorporating RNA’s real-time network intelligence into the Sourcefire IPS, the ongoing process of IPS tuning can also be automated. As your network evolves, RNA-Recommended Rules takes the guesswork out of determining which Snort rules to enable and disable. RNA recommends relevant Snort rules based on the network it’s protecting, and Snort rules can be enabled with or without human intervention.

The use of Sourcefire’s real-time adaptive security solution results in less manual event investigation and IPS tuning by your IT security staff, lower potential for network downtime, and lower cost of operations. By having realtime knowledge of what’s running on your network, the 3D System saves you time and effort and maximizes protection of your ever-changing network.

TAKE THE NEXT STEP TO PROTECT YOUR NETWORK

Sourcefire is the only IPS provider offering dynamic defenses against the threats aimed at your constantly changing network. Sourcefire’s key capabilities include:

Superior attack protection:

» Snort IPS detection engine
» Vulnerability-based Snort rules
» Open rules language—view, edit, and create Snort rules
» Multiple default IPS policies
» ICSA Labs certifi ed and NSS Labs tested

Most contextual information about threats:

» 24x7, passive network intelligence
» User identity tracking

Only network security provider to offer a real-time adaptive security
solution:

» Real-time, automated intrusion event impact assessment
» Automated IPS tuning based on actual network assets

Integrated system managed from a single, easy-to-use management
console:

» “Manager of managers” enterprise-class scalability through MDC technology

Excellent forensics and event analysis:

» Powerful event viewing system
» Full packet logging

To learn more about Sourcefi re’s award-winning IPS solutions, cal 1-877-489-1113.