Sourcefire Enhances, Extends IPS Protection To SMEs

Best known for Snort, its free, open-source network intrusion prevention and detection system (IDS/IPS), Sourcefire Inc. is enhancing and broadening the for-profit portion of its IPS portfolio. The company has announced a new version of its software, Sourcefire 4.10, with enhanced awareness and third-party interoperability for the Next-Generation Intrusion Prevention System (NGIPS); Sourcefire 8000 Series Appliances, a modular and scalable high-speed platform for enterprise customers; and Sourcefire IPSx, a streamlined, easy-to-manage IPS for smaller organizations with limited technical resources.

Available immediately, 4.10 features improved GUI performance and added detection for key applications including Facebook, Windows Media Player and Google Toolbar, as well as for Apple, Android and Blackberry mobile devices. Shipping in May, the 8000 Series appliances are powered by the FirePOWER acceleration technology, providing users with up to 40Gbps of throughput and more than  20Gbps of real-world IPS protection.

The new hardware will be stackable to deliver 80Gbps of throughput and more than 50Gbps of protection. According to NSS Labs, the 8260 is the fastest IPS tested to date and has the lowest per megabit cost we have calculated.

Also shipping in early May in three models (250 and 500Mbps and 1Gbps), IPSx addresses a new market for Sourcefire: smaller companies without the security capabilities of its traditional enterprise customers. With an intuitive GUI that simplifies IPS implementation and management, IPSx can be installed in less than 30 minutes with automated security and simple administration.

Appliances are a big and growing part of the IPS market, states Gartner Research. In its "Magic Quadrant for Network Intrusion Prevention Systems" report, released in December, the 2010 IPS market was expected to have grown 20 percent over 2009, to $1.4 billion, while the appliance-only IPS portion was expected to hit $1.1 billion, up 10 percent year-over-year.Both new product announcements (IPSx and 8000 Series appliances) are significant because they essentially target opposite ends of the market, says IDC's John Grady, senior research analyst, security products and services. "IPSx is a smart move by Sourcefire to expand into the SMB/SME space. Often in these environments, there aren't dedicated security analysts, but rather network generalists who don't have the time or expertise to deal with enterprise level IPS systems. UTM is often a good option for these organizations, but that's often placed at the perimeter, and dedicated IPS is still a good idea within the network for maximum protection."

Sourcefire has historically lacked a good offering for the mid-market because running open-source SNORT is not a realistic option for IT generalists, he says. "IPSx closes that hole in the portfolio, and opens the opportunity to broaden channel relationships and push into new geographic markets. Additionally, getting into the SMB/SME space puts Sourcefire in a better position to be a part of the discussion as the incumbent when these organizations grow and begin to require more robust solutions."

The announcement of the new 8000 Series FirePOWER appliances is significant in its own right, says Grady. As more and more traffic flows over the network, customers are demanding increased performance from their security products in terms of throughput and scalability. At the same time, they're not willing to sacrifice security or cost-efficiency to meet these requirements.

"Sourcefire's new 8000 Series rates highly across all these metrics--throughput, cost-efficiency and threat detection. We're beginning to see vendors focus more on these issues and would expect to hear an increasing number of new product announcements addressing these customer demands. But at the moment in the IPS space, Sourcefire is ahead of the curve."

See more on this topic by subscribing to Network Computing Pro Reports Research: WAN Security (subscription required).