The latest version of the Sourcefire IPS achieves the speed increase by linking together two new 10 Gbit/sec sensors. The IPS cluster uses load-balancing technology inside each of the 3D9900 sensors, Sourcefire explained.
Customers can choose between four 10 Gbit/sec fiber ports, or 12 1 Gibit/sec copper ones. It can be deployed using in-line mode, which enables it to actively control traffic in the same way as a firewall, or in passive mode, which can have less of an effect on the network, but which relinquishes some control over the traffic, effectively turning it into an intrusion detection device.
Creating an IPS with a greater throughput may make it more appropriate as an in-line device rather than a passive one for many customers. Customers can also choose to operate the cluster in a redundant mode, which will give them 10 Gb per second of throughput.
The 3D9900 can run the intrusion prevention system simultaneously with Sourcefire Real-Time Network Awareness, and Real-Time User Awareness. RNA is a network intelligence system that conducts network flow analysis and vulnerability assessment using passive scanning. RUA lets customers tie user identity information to network events, enabling administrators to identify the source of particular threats.
Faster network security equipment is becoming increasingly important as the speed of ethernet networks increases. The fastest ethernet standard ratified to date is 10 Gbit/sec ethernet, but the IEEE is working on 100 Gbit/sec ethernet, and vendors are already releasing equipment based on this technology.
The Sourcefire 3D9900 Sensor is available immediately. Support for the 3D9900-based 20 Gbit/sec cluster is anticipated for the first half of this year.