Sourcefire in Our Data Center – The First Inline Production Deployment at Cisco
In October, we were delighted to announce the completion of our acquisition of Sourcefire. With Sourcefire on board, Cisco provides one of the industry’s most comprehensive advanced threat protection portfolios, as well as a broad set of enforcement and remediation options that are integrated, pervasive, continuous, and open.
Within three weeks of the acquisition closing, we completed the first deployment into a highly secure data center and we are quite impressed with the results, to say the least! Within the first hour, we began seeing some interesting things from our network. The implementation was already giving us insights into our data center that we never had before!
We’ve also gained more visibility into the various versions of host operating systems connecting to the data center as well as applications on the network designated as having low business relevance or personal uses. We now have the ability to look beyond a signature and correlate an individual data flow with a specific host and user in order to understand the vulnerabilities associated with that connection. We also now have the ability to refine and implement our security policy from an enforcement standpoint.
As we move forward, it will be interesting to see what we can consider “normal” and how it will affect the security policy for our data center.
With this enhanced depth of visibility, we can better understand what is happening on our network and effectively take action based on this new information. At the end of the day, better visibility allows for better protection, and that is the goal. We’re excited to explore some of the more advanced tracking features of Sourcefire over the coming weeks—we’ll keep you posted!
For more information on Sourcefire, please visit: http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html