Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Sourcefire shipping its first two app-aware, next-gen firewalls

Sourcefire Monday said it expects to begin shipping its first two next-generation firewall appliances later this month, entering an increasingly crowded market.

BACKGROUND: What you should know about next-generation firewalls

Traditional network firewalls examine and control traffic based on ports, but next-gen models add application-layer filtering. "It's the ability to see the applications traversing your network," says Sourcefire Director of Product Marketing Dave Stewart, who says the two appliances -- the 10Gbps 3D8140 Next-Generation Firewall Edition and the 20Gbps 3D8250 Next-Generation Firewall Edition -- can recognize more than 1,000 applications, down to granular controls. "And we'll constantly be adding more," he points out.

"We don't just identify Facebook, we identify Facebook chat, video and postings, and we can set user groups for Web filtering by URL," Stewart said, adding that the appliances provide a way to monitor and block what's occurring across the network, such as learning who's watching Netflix when they shouldn't be. The two new Sourcefire appliances also include intrusion detection and protection capabilities, the company's more traditional product focus.

Sourcefire anticipates that its customers will be working to gradually adapt the context-based application-layer controls to their networks even as they continue to use port-based firewalling, basically operating in dual-mode.

Operating in application-aware and port-based firewalling modes simultaneously has been the customary experience with other firewall vendors' "application-aware" firewalls, including those from Palo Alto Networks, Check Point and SonicWall.

One limitation in the new Sourcefire firewalls concerns their use in virtualized environments. The appliances cannot yet go deep into the hypervisor layer to inspect traffic which might, for example, be traveling between virtual machines on the same physical machine. But that kind of capability for the VMware environment is expected to be introduced around mid-2012.

Both NGFW appliances, expected to ship Dec. 23, start at $140,000.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Check Point, Facebook, IPS, LAN, Netflix, Palo Alto Networks, SonicWall, Sourcefire, Sourcefire, VMware
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Facebook, Firewall & UTM, netflix, security, sourcefire
Latest Blog Posts
Whitepapers
  • Leveraging the Service Catalog to Scale Your MSP Business
    When assessing an MSP’s maturity and prospects, one question provides more insights than any other: “What’s in your service catalog?” A well-defined service catalog can set the framework for growth. The lack of a service catalog can significantly impede an MSP’s ability to scale. This paper explores why the service catalog is so vital, and provides some practical guidelines MSPs can apply in order to ensure their service catalog provides maximum utility and benefit.
    Learn more »
  • The Case for Real-Time Networking
    CIOs are facing several powerful trends and inflection points that are defining the new IT landscape, including cloud computing, virtualization, the consumerization of IT, smart computing, and communications to collaboration. Taken individually, each one of these trends will have significant ripple effects throughout the planning and operations of IT network infrastructure. In aggregate, they will have an even more dramatic impact on the way that future network architectures need to be planned and designed. Read on.
    Learn more »
  • Protecting Generation Web
    From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.