Sourcefire Security Intelligence


Let’s talk a little bit about a nice capability of Sourcefire system called “Security Intelligence(SI). With the SI we have the option to block the traffic based on its reputation, before it reaches detection engine. We had this functionality with the old CiscoIPS systems, and many other vendors have it. The basic idea behind this is why bother passing the traffic through the detection engine while everybody in the world knows that the source IP or the site our users are visiting are malicious? How the whole world knows this? Well, there are tons of security devices throughout the world that share the information about malicious sites or IPs. There are centers that collect this information and distribute it to everybody participating in this process. For example, someone in Bosnia received the attachment, sent it to the (Cisco) cloud for the sand box…

View original post 1,375 more words


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s