The term “Next-Generation” is frequently used by the industry in an attempt to differentiate a technology that has made a sufficient leap forward to deliver efficiencies or effectiveness that were previously seen as impossible.
In Sourcefire, we have utilized this “next-generation” moniker for several years as we have described our unique, innovative intrusion prevention technology and solutions. We defined Next-Generation Intrusion Prevention System (NGIPS) as an intelligent IPS solution powered by awareness, context, automation and a flexible architecture. We have been the trailblazers of this new approach to IPS, not only promoting this NGIPS vision and name, but delivering it in our products since 2003.
In the early of Oct 2011, Gartner released a research paper “Defining Next-Generation Network Intrusion Prevention”, which has accurately portrayed the notion of NGIPS. Gartner highlights the changing threat conditions and changing business and IT processes will drive network security managers to increasingly look for next-generation network IPS capabilities at the next firewall or IPS refresh cycle.
Gartner defines NGIPS as standard first generation IPS functionality plus four additional crucial requirements that have mapped directly with the Sourcefire NGIPS solutions.
With reference to the independent NSS Labs testing results released earlier of this year, Sourcefire’s 3D8260 with FirePOWER technology is proven with i) best attack detection and, ii) highest performance of any device ever tested
A) Briefly, the four requirements that showed that how Sourcefire’s NGIPS that have been protecting few thousand of its customers are as following:-Application Awareness and Full Stack Visibility
Sourcefire pioneered context awareness for intrusion prevention. Back in the early 2000s, when most players in the intrusion detection game were busy evolving their products to deliver attack prevention features, we realized that awareness is the cornerstone of true security. Sourcefire alone took another direction and decided to focus on network awareness and full stack visibility, including, but not limited to, applications. The first version of Sourcefire’s FireSIGHT technology (called RNA or real time network awareness) was released in 2003 in order to deal with the challenges and limitations outlined in the Gartner paper.
B) Context Awareness
Just having the visibility of applications and systems alone isn’t enough; information needs to be usable and provided within context. Security context is seen as a critical requirement by Sourcefire to be able to correctly protect the network environment. Sourcefire’s FireSIGHT technology can see and intelligently correlate more data than any other IPS brand in the market – applications, users, devices, operating systems, vulnerabilities, services, processes, network behavior, files, and threats. This correlation has also enabled our IPS products for automated tuning and actions.
”Context-awareness in the form of application, identity, content and environmental awareness is the foundation for a next-generation IPS.”
C) Content Awareness
Snort is the most powerful IPS engine on the market. Sourcefire’s IPS already have pre-processors integrated into Snort for content inspection and awareness.
D) Agile Engine
An agile (IPS security) engine maps directly to the solution’s automation and flexible architecture. Sourcefire’s IPS engine is the most flexible, extensible, and yes, agile engine on the market – that allows security rules to be customized, additional data sources integrated, and automated with configuration with the IPS environment. . Its power is in its ability to adapt to not only today’s threats, but for future protection from tomorrow’s threats as well.
Agility isn’t something that we can simply add to a IPS product, it must be engineered in to a solution from the ground up.
NGIPS is is validation of Sourcefire’s leadership, vision, and innovation. For the local market, particularly financial service and telecommunication industries, requires the finest security technology to ensure the data confidentiality without compromising the efficiency of delivery of product and service to its customers.
Real time protection is becoming crucial. NGIPS is what we have been delivering for several years, and will continue to deliver and innovate for better benefit of our customers in Malaysia.
