Current Threat: Open Source Innovator and Snort Creator Sourcefire earlier this year launched its latest industry-changing technology, Sourcefire RUA(TM) (Real-time User Awareness), delivering powerful user identification capabilities to speed incident containment, enhance control, eliminate manual efforts and associated costs, and improve security decision-making. The latest addition to the Sourcefire 3D(TM) System, RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information, equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately.
Tomorrow's Technology Today: Founded by Marty Roesch, creator of Snort, Sourcefire was established with the goal of delivering effective and efficient security solutions that solve real world security issues. The company’s innovative real-time security solutions have been designed to support today’s “always on” organizations that are constantly vulnerable to attacks. These solutions increase the precision and accuracy of customers’ security efforts, while decreasing management overhead and resources.
In April 2007, Sourcefire unveiled its Enterprise Threat Management (ETM) strategy, which delivers a common foundation of threat, network, endpoint and user intelligence. Until now, best of breed security solutions were deployed and managed separately, leading to significant management overhead and hindering the solutions’ effectiveness. Sourcefire is the first network security vendor to integrate the four key ETM components (Intrusion Prevention, Network Behavior Analysis, Network Access Control and Vulnerability Assessment ) under the same management console, affording customers with both efficient and effective means for defending complex networks against today's most costly threats.
As part of Sourcefire's integrated Enterprise Threat Management (ETM) approach, RUA delivers powerful user identification capabilities that enable organizations to speed incident containment, enhance control, eliminate manual efforts and associated costs, and improve security decision-making. By correlating threat, endpoint, and network intelligence with user identity information, RUA enables users to identify the source of policy breaches, attacks, or network vulnerabilities immediately.
RUA also allows customers to create user-based policies and response rules and to apply these policies and rules across Sourcefire's intrusion prevention systems (IPS), Network Behavior Analysis (NBA), NAC, and vulnerability assessment security components. As a result, RUA enables users to implement and enforce policies specific to individuals, departments, or other user characteristics.
Sourcefire RUA delivers integrated user awareness previously unavailable, including 24x7 passive identity discovery with comprehensive user identity information capture including e-mail address, IM address, port information, and IP address. It can also identify all the IP addresses to which a user is connected, along with a time stamp to support long-time horizon analysis and forensics. With the user intelligence provided by RUA, administrators can immediately identify, list, and respond to users who continually download enormous files or run unauthorized applications.
Conclusion: By linking network behavior, traffic, and events directly to individual users, Sourcefire RUA empowers administrators to mitigate risk, block users or user activity, and take action to protect others from disruption - tightening security without hindering business operations or employee productivity. These capabilities also significantly improve customers' audit controls and enhance regulatory compliance.