sourcefire ngips對比入侵防禦新思維

AGILE

SECURITY?:Security

for

the

Real

World入侵防禦新思維Garen

LingRegional

Manager“If

the

attackers

know

more

than

you

doMartiFounder

&

CTO,

Soabout

your

network,the

battle

is

lost.”n

RoeschurcefireGaren

LingAgile

Security

for

the

RealWorldSourcefire

Leadership

and

Recognition"For

the

past

four

years,

Sourcefirehas

consistently

achieved

excellentresults

in

security

effectivenessbased

on

our

real-world

evaluationsof

exploit

evasions,

threat

block

rateand

protection

capabilities.”Vikram

Phatak,

CTO

NSS

Labs,

Inc.99%

detection

&protection34Gbps

inspected

throughput60M

concurrent

connections$15

TCO

/

protected

MbpsLeadership*#1

in

detectionClass

leader

in

performanceClass

leader

for

TCO100%

evasion

free“Networks

looking

to

update

theirdefenses

with

a

Next-GenerationFirewall

would

do

well

to

considerSourcefire's

entry

into

the

NGFWmarket

as

a

solid

contender.”Bob

Walder

NSS

Labs,

Inc.Ratings*99%

protection10Gbps

inspected

throughput15M

concurrent

connections$33

TCO

/

protected

MbpsLeadership*

Ratings*#1

in

detection#1

in

performance#1

in

vulnerability

coverage100%

evasion

freeNSS

Labs,

“Network

IPS

2010

Comparative

Test

Results,”

December

2010

NSS

Labs,

“Network

IPS

Product

Analysis

Sourcefire

3D8260

v4.10,”

April2012NSS

Labs,

“Next-Generation

Firewall

Product

Analysis

–

Sourcefire”

October2012*What

Makes

Our

NGIPS

Different?Total

Network

VisibilityPassive,

real-time

visibility

of

applications,

users,

content,hosts,

attacks,

and

moreControl

Without

CompromiseAchieve

granular

network

and

application

access

controlwithout

compromising

threat

preventionIntelligent

Security

AutomationLeverage

rich

contextual

awareness

to

automate

key

securityfunctions,

including

impact

assessment

and

policy

tuningUnparalleled

Performance

&

ScalabilityPurpose-built

appliances

with

FirePOWER?

technologyNSS

Labs

Results

Summary

-

IPSIPS

Methodology

v6.2

(2012)SourcefireFirePOWER8260McAfee

NSPM-8000HP

SecurityTP-6100NJuniper

SRX

3600IBMSecurityGX7800Protection98.90%34Gbps(20

Gbps)60

M*$1595%91.1%88.8%77.5

%Real

WorldIPS12.3

Gbps10

Gbps3.7Gbps11.4

GbpsThroughput(10

Gbps)(8

Gbps)(10

Gbps)(20

Gbps)ConcurrentConnections5M15

M1.2

M15

MTCO(per

Mbps

Protected)$31$36$81$44Sourcefire

ConfidentialInternal

Use

OnlyNSS

Labs

Results

Summary

-NGFWSourcefireCheck

PointPANSonicwallStonesoftProtection98.9%86.3%91.2%94.8%93.9%RealWorldThroughput10Gbps2.6Gbps3.8Gbps16.2Gbps1.6GbpsVendor

Rating10Gbps17Gbps2Gbps30Gbps1GbpsConcurrentConnections15,000,000413,0001,040,14810,000,0001,055,000NGFW

Methodologyv4.0

(2012)Key

FeaturesSourcefireIntel

McAfeeHP

TippingPointDetection

Rate

(NSS

Labs)99%95%91%Max

Inspected

Throughput68Gbps12.3Gbps10GbpsIntegrated

Fail

OpenAll

SensorsLow

End

SensorsLow

End

SensorsCustom

Rules

/

Signatures

LimitedLimitedPacket

Capture

(Forensic)Default

-

ONPartialDefault

-

OFFPassive

Network

Discovery

Insightix,

ePO,

Foundstone-Mobile

Device

Identification

Enterprise

Mobility

Mgmt-Impact

Assessment

--Automated

IPS

Tuning

--User

Identity

Tracking

ePO,

NUBA

(Securify)-Network

Behavior

Analysis

NTBA

(Endeavor)-Security

Intelligence

(C&C,Botnets,

Spam,

etc)

GTIIpTrustFile

Identification

and

Blocking

GTI

(File

Reputation

only)-Application

Control(Control

License)Firewall

Enterprise

(SC)LimitedFirewall

–

Access

Control(Control

License)Firewall

Enterprise

(SC)-URL

Filtering(Subscription)Webwasher

(SC)-Adv

Malware

Protection(AMP

Subscription)LimitedLimitedSecuring

Virtualized

Network

Reflex

SystemsReflex

SystemsExcellent

Value各家IPS功能比較Key

IPS

CapabilitiesSourcefireMcAfeeHPIBMCiscoJuniperInline

IPS模式與Passive

IDS模式

Reports,

Alerts

&

Dashboards

使用以弱點為基礎規(guī)則

少數(shù)

少數(shù)少數(shù)客制化規(guī)則/特徵

-