Sourcefire offers innovative intrusion detection and prevention solutions, emphasizing a transition to context-aware and adaptive security infrastructures. The company, founded by the creator of Snort, focuses on enterprise and government markets, boasting strong revenue growth and high performance in independent testing. Their next-generation IPS technology provides comprehensive threat intelligence, automated operation, and enhanced visibility into network activities.

1. Next-GenerationIntrusion Detection & PreventionManuel Minzoni, Brand ManagerITWAY VAD

2. AgendaYour Security ChallengesAbout SourcefireA New ApproachHow It WorksProducts & ServicesQuestions & Next Steps

3. Your Security Challenges

4. Let’s Solve ProblemsWhat are your challenges?How are they being addressed today?What’s your ideal solution?What is your timeframe?

5. Today’s Reality“Begin the transformation to context-aware and adaptive security infrastructure now as you replace legacy static security infrastructure.”Neil MacDonaldVP & Gartner FellowSource: Gartner, Inc., “The Future of Information Security is Context Aware and Adaptive,” May 14, 2010 Dynamic ThreatsOrganized attackersSophisticated threatsMultiple attack vectorsStatic DefensesIneffective defensesBlack box limits flexibilitySet-and-forget doesn’t work

6. Company Overview & Performance

7. Annual Revenue GrowthFYE: December 31($MM, GAAP)$103.5CAGR 77%$75.7$55.9$44.9$32.9$16.7$9.5$1.9

8. Sourcefire Worldwide LocationsEducation &Professional ServicesLivonia, MIEMEA HQWokingham, UKJapan SalesTokyo, JapanCentral Europe SalesFrankfurt, GermanyWorldwide HQColumbia, MDAmericas Sales Vienna, VASouthern Europe SalesParis, FranceAsia Pacific HQSingaporeSouth American Sales Sao Paulo, BrazilANZ SalesSydney, Australia

9. Firemen Principles

10. About SourcefireTo be the leading provider of intelligent cybersecurity solutions for the enterprise.Mission:Founded in 2001 by Snort Creator, Martin Roesch, CTOHeadquarters: Columbia, MDFocus on enterprise and government customersGlobal Security Alliance ecosystemNASDAQ: FIRE

11. Powered by Snort®Global standard for Intrusion Detection and Prevention

12. World’s largest threat response community

13. Interoperable with other security products

14. Owned and controlled by Sourcefire, Inc.

15. www.snort.orgBacked by the VRT™150+Private &PublicThreatFeedsSnort & ClamAVCommunityInsight20,000MalwareSamplesper DayAdvanced Microsoft & Industry DisclosureSourcefireVulnerability Research Team (VRT) Research & Analysis“Best-in-Class”Threat Protection

16. Competitor Landscape

17. Gartner 2010 IPS Magic QuadrantFACT:Sourcefire has been a leader in Gartner’s IPS Magic Quadrant since 2006. The Magic Quadrant is copyrighted 6 December 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

18. Sourcefire Insights Versus McAfee“[McAfee] isn’t considered widely by enterprises and channel partners as a strong network network security provider.” - Gartner 2010 IPS MQ Report[ability to execute]Larger channel & support infrastructureKey Sourcefire advantages:✔ Open detection engine & rules✔ Real-time impact assessment ✔ Automated IPS tuning

19. ✔ Broad third-party integration

20. ✔ Virtual IPS offerings[completeness of vision]Broader product portfolio

21. NSS Labs Group IPS TestBlock Rate ComparisonSource: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

22. NSS Labs Group IPS TestResistance to EvasionJuniper missed 60% of evasionsTippingPoint missed 80% of evasionsCisco missed 100% of evasionsSource: Graphic used with permission by NSS Labs. “Network Intrusion Prevention Systems Comparative Test Results,” December 2009.

23. About the TestPublished December 201011 vendors evaluated1,179 live exploits75 anti-evasion test casesNo cost to vendors to participateSourcefire Test ResultsRecommend ratingBest overall detectionBest vulnerability coverageBest vendor-stated vs. actual performanceNo evasionsSecond-Annual NSS Labs IPS Group Test

24. Best Overall DetectionSecond Straight Year!98%97%95%94%93%91%85%83%79%63%43%Graphic by Sourcefire, Inc. Source data from NSS Labs “Network IPS 2010 Comparative Test Results.”

25. Best Vulnerability CoverageSecond Straight Year!SourcefireVendor 2Vendor 3Vendor 4Vendor 5Vendor 4Vendor 6Vendor 7Vendor 8Vendor 9Vendor 6Vendor 10Vendor 10Vendor 11

26. Best Vendor-Stated vs. Actual PerformanceSecond Straight Year!Sourcefire’s 2G IPS achieved 3.2G for 161% of vendor-stated performance100% Performance BaselineMost IPS products achieved well below vendor-stated performance claimsGraphic by Sourcefire, Inc. Computations derived from NSS Labs “Network IPS 2010 Comparative Test Results.”

27. Anti-Evasion TestingSourcefireVendor 2Vendor 3Vendor 4Vendor 5Vendor 6Vendor 7Vendor 9Vendor 10Vendor 11Vendor 8

28. IPS Solutions

29. Unique Solutions for Unique MarketsNGIPSSecurity Specialists Feature RichIPSSourcefire IPS PortfolioNetwork GeneralistsSimplicityIPSx

30. Sourcefire IPS Solutions Portfolio

31. Target Markets

32. Solution Ingredients+=IPSx SolutionIPSx SensorsDC750x+=IPS SolutionDefense Center3D Sensors+Network Application Behavior Identity =NGIPS Solution3D SensorsDefense CenterAwareness Bundle

33. Appliances / 3D8000 Series

34. Introducing…Sourcefire 3D8000 Series“Speed Meets Flexibility”

35. 3D8000 Series Performance

36. 3D8000 Series Product LineAll 3D8000 Series chassis support lights out management, solid state drives, redundant power, and an LCD interface.

37. ModularChoose number and type of portsLower Entry PricesExpandableAdd ports as neededScalableAdd processing power as neededHardware Platform Sets New Standard for Security Appliances

38. SSL Appliance

39. SSL Blind SpotsNetwork and security appliances are blind to the contents of SSL-encrypted communications

40. Common Control/ManagementDecrypted (Inspected)Non-SSLSSLSession 2Session 1Deployment Mode:Inbound SSL InspectionThe Security StackIPS/IDS/DLP/Forensics/SIEMTransparent SSL ProxyWeb Servers(SSL Servers)Web Browser(SSL Client)Internet/WAN

41. Common Control/ManagementDecrypted (Inspected)Non-SSLSSLSession 2SSL ProxySession 1Deployment Mode:Outbound SSL InspectionThe Security StackIPS/IDS/DLP/Forensics/SIEMTransparent SSL ProxyWeb Browser(SSL Client)Web Servers(SSL Servers)Internet/WANSSL Server

42. SSL Appliance Features and Benefits

43. A New Approach

44. Traditional IPS vs. Next-Generation IPSTraditional IPSNext-Generation IPS Closed& BlindOpen & CustomizableArchitectureNone orLimitedVisibility & IntelligenceAwarenessHuman IntensiveSelf Tuning &PrecisionAutomation

45. Next-Gen IPS – Open Architecture Powerful Engine & RulesAdaptableCustom fit to networkComprehensive coverageOpen CommunityInformation sharingShared protectionProtection Against Advanced Persistent Threats (APT)

46. Next-Gen IPS – The Power of AwarenessNetworkKnow what’s there, what’s vulnerable, and what’s under attackApplicationIdentify change and enforce policy on hundreds of applicationsBehaviorDetect anomalies in configuration, connections and data flowIdentityKnow who is doing what, with what, and where

47. Next-Gen IPS – Highly Automated OperationCorrelate Attacks toTargets

48. Intelligent EventReduction

49. Intelligent Tuning

50. Operational Efficiency

51. Custom Fit Security Real Time, All the Time!

52. How It Works

53. Intelligent Correlation to the TargetBlockedEventLogged3D SENSORAttack Is Correlated to TargetsDEFENSE CENTER3D SENSORLINUXSERVERLinux server not vulnerableWINDOWSSERVERAttackBlockedWindows server vulnerable3D SENSOR3D SENSORLatest Windows attack targets Microsoft Windows Server and Linux Server. Attacks are correlated to targets. High-priority event generated for Windows Server target.

54. Abnormal Behavior Logged &Alerts Triggered3D SENSORDEFENSE CENTER3D SENSORITRemediatesHosts3D SENSOR3D SENSORHostsCompromisedAbnormal Behavior DetectedNew rogue host connects internally. Sourcefire detects new host and abnormal server behavior. Defense Center triggers alerts for IT to remediate.New Asset DetectedIntelligent Anomaly Detection

55. Compliance Event Logged & User Identified3D SENSORDEFENSE CENTER3D SENSORIT & HRContact User3D SENSOR3D SENSORP2P App TriggersWhitelist ViolationIntelligent Application ViolationSecurity team uses compliance whitelists to detect IT policy violations. Host detected using Skype. User identified and then contacted by IT and HR.

56. Master Defense Center (MDC)

57. Sourcefire Products & Services

58. Next-Generation IPSAwareness TechnologiesNetworks Apps Behavior UsersDefense CenterManagement ConsoleIntrusion PreventionSSL InspectionVirtualization

59. Virtual Appliances for VMware & XenSourcefire Virtual 3D Sensor™Identical IPS Sensor functionalityAvailable throughputs: 5, 45, 100, 250 & 500 MbpsSourcefire Virtual Defense Center Management ConsoleIdentical Defense Center functionality, except no Master Defense Center (MDC) modeManages both physical and virtual IPS 3D Sensors

60. Sourcefire’s “Secret Sauce”Passive network intelligenceFuels powerful IPS automation:Impact FlagsAutomated IPS TuningCompliance Rules & White ListsNetwork Behavior AnalysisDetects hundreds of operating systems and applicationsWhat is RNA?

61. Real-Time User Awareness (RUA)“Mapping a username to an IP address was taking us away from a backlog of other important tasks. What used to take up to an hour now takes just a second or two.”Tamara Fisher,AutoTrader.comRUA gives “personality” to security and compliance events!Clicking on a username reveals full name, telephone number, email, and departmentResolve security events more quickly when time is of the essenceIntegrated into all Sourcefire 3D Sensors

62. Sample Sourcefire DetectionHundreds of Apps, OS’s & Devices!Operating SystemsApplicationsNetwork InfrastructureConsumer

63. Sourcefire Appliance Product LinesVirtual AppliancesSourcefire Defense Center®DC10003D9900 10 GbpsDC30003D65004 GbpsDC5003D45002 Gbps3D35001 Gbps3D2500 500 MbpsSourcefire 3D®Sensor 3D2100 250 MbpsPERFORMANCE3D2000 100 Mbps3D100045 Mbps3D5005 MbpsSourcefire SSL Appliance

64. Physical Appliances Product LineDefense Centers3D Sensors

65. 3D System 4.10 HighlightsExpanded Application & User AwarenessDetect Facebook, Blackberry, Hotmail & moreNmap update detects 2,500+ operating systemsEncrypted RUA communicationsEnhanced Deployment & OperationInline IPS test modeSupport for auth. SMTP gateways & web proxiesImproved Third-Party IntegrationDirect database access for third-party reportingSupport for SNMP pollingSupport for new Crossbeam productsImproved Performance & UsabilityImproved GUI performanceTrack reviewed events by userSimpler installation of customer SSL certificatesRefer to “What’s New in 3D System 4.10” document for more information

66. Customizable Dashboard

67. Comprehensive EcosystemSIEM / Log ManagementNetwork InfrastructureConfiguration ManagementIncident ManagementSystems ManagementVulnerability Management

68. Sourcefire ServicesCustomer Support24x7 phone, email, and web support

69. Advanced hardware replacementTraining & CertificationPublic and on-site training

70. Sourcefire & Snort certificationsProfessional ServicesAssistance with installation and optimization

71. Knowledge transfer and best practices“I can’t say enough about the guys from Support. The phone gets picked up the moment I call. They stick with an issue diligently and make sure I get what I need. No other company has given me that level of service.”Robert WagnerSenior Security Architect

72. Why Sourcefire? Powered by SnortDriven by AwarenessBest-in-Class DetectionOpen ArchitectureHighly AutomatedStop Doing Things the “Old Way!”Try the “Next Generation” in Intrusion Detection & Prevention.

73. Questions & Next Steps