Options
Sourcefire Security
Master Of Puppets
Member Posts: 1,210
in Off-Topic
Hi guys,
The company where I work is going to become a partner with SourceFire and get their security appliances. I, as the security guy, will have to get certified and install, configure, manage and etc. the equipment. So I'm pretty happy - some new stuff to play with
I know everyone is familiar with Snort but I was wondering if someone has experience with their Next-Generation Firewall and Next-Generation Intrusion Prevention? And if you do, do you like them and how would you rate them?
The company where I work is going to become a partner with SourceFire and get their security appliances. I, as the security guy, will have to get certified and install, configure, manage and etc. the equipment. So I'm pretty happy - some new stuff to play with
I know everyone is familiar with Snort but I was wondering if someone has experience with their Next-Generation Firewall and Next-Generation Intrusion Prevention? And if you do, do you like them and how would you rate them? Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
Comments
-
Options
docrice
Member Posts: 1,706 ■■■■■■■■■■
Sourcefire probably makes the best IPS solution out there. Their firewall was a bit more beta-ish when I looked at it last year, but they seemed to have improved it since then. It still felt more like an IPS appliance somewhat forced into a firewall solution, in my opinion, but Sourcefire is still a very reputable company.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
Options
ajohn
Member Posts: 13 ■□□□□□□□□□
Their software is excellent, but their hardware could be improved. I've never heard servers that make that much noise. At small customer sites, where administrators work close to the server room, it is a major nuisance. Also, make sure you understand their RUA/RNA well. Customers have high expectations of these features. The customer will think he has a high level of protection when passive RUA/RNA is enabled, while you need a properly designed RUA/RNA to get the full benefit of it.
Anyway, congratulations with becoming a SourceFire expert. It is probably the best IPS out there and SourceFire knowledge/experience will increase your market value
-
OptionsMaster Of Puppets
Member Posts: 1,210
Thanks for the input, guys, much appreciated.Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
-
Optionsdocrice
Member Posts: 1,706 ■■■■■■■■■■
And just to nitpick a little, Sourcefire updated their marketing a while back so RNA/RUA is now FireSIGHT.
Sourcefire, FireSIGHT, FirePOWER, FireAMP, fire away with their new firewall. I refrain from using the overly-abused shiny term "Next-Generation." I hate it as much as "Cyber" and "APT."
By the way, the certification program is non-proctored and open-book. As a security engineer, it has less credibility than other security certifications in my eyes.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/