The Sourcefire Defense Center® management console is the “nerve center” of the Sourcefire 3D® System. It provides a powerful, easy-to-use interface for categorizing events, generating recurring reports, scheduling automated Snort rule updates, configuring policies, and displaying customizable dashboards to quickly communicate sensor feedback.
We offer a range of IPS solutions to address different network needs, and we complement these solutions with tailored Defense Center management consoles.
Defense Centers for Sourcefire Next-Generation IPS (NGIPS) and IPS Environments
For larger networks with dedicated security teams, our DC750, DC1500, and DC3500 Defense Centers offer the robust features described below.
Aggregating and Monitoring Events for Centralized Network Defense:
All intrusion events are sent securely from Sourcefire sensors to the Defense Center for centralized storage and analysis. Each Defense Center correlates attacks with real-time network and vulnerability intelligence to assign an “Impact Flag” rating denoting the relevance and severity of the attack. This enables IT Security to weed out false positives and irrelevant attacks, dramatically reducing—by up to 99%—the number of alerts requiring analysis, saving considerable time and effort.
Customizable Dashboards, Reports, and Alerts:
Each Defense Center features an individually customizable, portal-like dashboard with dozens of pre-defined and customizable drag-and-drop “widgets” displaying critical information in the form of tables and graphs. Dashboard benefits include interactive drill-down, granular administrative privileges, and dashboard tab cycling. Users can tailor the dashboard to their role within the organization and share their dashboard with peers. Defense Center also provides customers with fully customizable reports and alerts. Users can choose from a variety of pre-defined report templates or create custom reports to meet their reporting needs. Reports can be generated in PDF, HTML, and CSV formats, while alerts can be sent via syslog, SNMP, and email.
Centralized Policy Management:
With Defense Center, users have complete control over policies and configuration of up to 150 3D Sensors from a single management console. Sourcefire IPS™ (Intrusion Prevention System) and Sourcefire RNA® (Real-time Network Awareness) policies can be distributed down to all underlying sensors, to individual sensors, or to sensor groups. The policy management facility on the Defense Center gives users the ability to create, modify, and review Sourcefire IPS policies. Locating individual rules for examination is aided by an expanded keyword search capability, and understanding changes between two policy versions occurs with a side-by-side comparison view that highlights changes. Our innovative policy layering enables users to make changes that affect many or all Sourcefire intrusion policies. It also enables users to determine a hierarchy of policy layers that is most relevant for their organization and network.
Powerful Integration with Third-party Systems:
Sourcefire offers more ways to integrate with third-party security and network management products than any other IPS vendor. Our remediation API can communicate with firewalls, routers, vulnerability scanners, patch managers, and other systems based on triggered events. The eStreamer™ interface can stream security, compliance, and sensor health events to SIEMs, log managers, and network management systems. Additionally, our event database can be accessed via a JDBC connector to generate reports from third-party reporting tools such as Crystal Reports™. The host input API can accept endpoint intelligence into its RNA host database to improve accuracy. Sourcefire also provides a selection of other third-party interfaces, including syslog, SNMP, and more.
Sourcefire Master Defense Center for Enterprise Scalability:
For large enterprises or organizations with distributed IT personnel, a single DC3500 appliance can be configured in Master Defense Center (MDC) mode to manage up to 10 subordinate Defense Centers, effectively enabling the management of hundreds of Sourcefire sensors from a single management console.
Defense Center for Sourcefire IPSx™ Environments
If your organization doesn’t have dedicated security personnel and you need to meet compliance requirements, we have a streamlined Defense Center as part of the Sourcefire IPSx solution designed just for you.