Open source innovator and SNORT® creator, Sourcefire, Inc., a network intrusion prevention solution provider, announced its latest industry-changing technology, Sourcefire RUA™ (Real-time User Awareness), delivering powerful user identification capabilities to speed incident containment, enhance control, eliminate manual efforts and associated costs, and improve security decision-making.
The latest addition to the Sourcefire 3D™ System, RUA will enable customers for the first time to correlate threat, endpoint, and network intelligence with user identity information, equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. By linking network behaviour, traffic, and events directly to individual users, Sourcefire RUA will empower administrators to mitigate risk, block users or user activity, and take action to protect others from disruption – tightening security without hindering business operations or employee productivity. These capabilities also will significantly improve customers’ audit controls and enhance regulatory compliance.
“Sourcefire is dedicated to providing customers with innovative solutions to complex real-world issues, and RUA is the latest industry-altering technology to fill what has been a significant hole in companies’ security strategies,” said Martin Roesch, Founder and CTO of Sourcefire and creator of Snort.
“Building on Sourcefire innovative network awareness, we are now providing our customers with the same level of user awareness, so that they can set and enforce policies based on exact knowledge of specific users and their activities on the customers’ networks. We believe that this is a significant advantage for any company that has implemented a network access control (NAC) strategy only to find out that they are still having network usage issues.”
As part of Sourcefire’s integrated Enterprise Threat Management (ETM) approach, RUA allows customers to create user-based policies and response rules and to apply these policies and rules across Sourcefire’s intrusion prevention systems (IPS), network behavior analysis (NBA), NAC, and vulnerability assessment security components. As a result, RUA will enable users to implement and enforce policies specific to individuals, departments, or other user characteristics.
Sourcefire RUA delivers integrated user awareness previously unavailable, including 24x7 passive identity discovery with comprehensive user identity information capture including e-mail address, IM address, port information, and IP address. It can also identify all the IP addresses to which a user is connected, along with a time stamp to support long-time horizon analysis and forensics. With the user intelligence provided by RUA, administrators can immediately identify, list, and respond to users who continually download enormous files or run unauthorised applications.