October 28, 2010, 3:13 PM — Sourcefire Wednesday said it will enter the next-generation firewall market in mid-2011 with appliances that combine firewall/VPN functionality with intrusion prevention, Web URL and anti-virus filtering.
Best known today for its intrusion-prevention technology and shepherding of open-source code Snort, Sourcefire says it will come out with a range of stateful packet-filtering and application-control firewalls expected to support 10M to 10Gbps speeds. The Sourcefire firewall/VPN models will also include anti-virus filtering — Sourcefire acquired anti-virus open-source Clam AntiVirus three years ago — as well as blacklisting controls.
Sourcefire CTO Martin Roesch says the company believes it can thrive in an increasingly competitive field because "our IPS technology is fundamentally superior to what's out there."
While definitions of what a "next-generation firewall" (NGFW) is can differ, it is certainly equipment that goes far beyond simple-port-based filtering of earlier firewalls, especially as port-based filtering is increasingly viewed as inefficient if not irrelevant. In some definitions, such as one espoused by Gartner, these systems include intrusion-prevention controls well-integrated within the firewall, not running each separately. Many would also see the need for a next-generation firewall to be able to recognize applications and make decisions on whether these are to be allowed in the enterprise and for whom.
"The enterprise firewall market is primarily one of displacement — any firewall being offered from an IPS vendor has to be able to meet or beat the incumbents on enterprise firewall capabilities," says Gartner analyst Greg Young. "A mistake for any IPS vendor would be to have anything less than a full-featured NGFW."
Roesch says: "Our awareness technologies will allow us to make this 'user aware' for identity-based policies."