Feeds

Sourcefire jumps into anti-malware market

Cyber-outbreak defence tech to shore up big biz

SANS - Survey on application security programs

Sourcefire, the security biz behind the commercial versions of the open-source Snort intrusion-detection software, is bowling itself at enterprises and touting tech designed to quickly detect and block malware outbreaks.

FireAMP offers a malware discovery and analysis tool that offers visibility of threats and outbreak control. The technology offers a means to limit the damage from virus infections, which Sourcefire argues are more or less inevitable, especially in the face of ever more sophisticated and numerous threats.

Oliver Friedrichs, senior vice president of Sourcefire’s Cloud Technology Group, told El Reg that "threats are getting by existing defences". Sourcefire has positioned FireAMP to cover for the shortcomings of endpoint protection technology, rather than offering a replacement, at least with the first iteration of the technology.

"We're not necessarily interested in replacing anti-virus or building better mousetraps," explained Friedrichs, an ex-staffer at both Symantec and McAfe. "FireAmp could replace anti-virus, but it's not going to replace it immediately, especially because firms have invested in conventional security software. We're offering FireAMP as a way to shore up defences."

"We don't pretend our tool can detect 100 per cent of malware - nothing can," he added.

FireAMP uses data analytics to analyse and block malware. Security analysts can write their own signatures for digital nasties in much the same way that they create Snort attack signatures, albeit in a slightly different context. Sourcefire claims the cloud-based approach the technology uses is capable of identifying and scoring threats missed by other security layers.

Whitelisting

The technology can be used to block particular strains of malware without running system scans. It can equally be used to whitelist benign apps, an approach that helps to reduce the possibility of false positives.

Deploying the technology involves deploying a "flight-recorder"-like client agent on PCs, which allows firms to quickly figure out which process introduced malware into their environment and how malicious files subsequently spread on their network. This agent communicates with a cloud-based analysis engine and is designed to co-exist with any anti-virus or security software running on computers (so it unlike running two anti-virus clients on the same PC, a set-up that would always ends in tears).

Sourcefire's technology allows the "patient zero" of outbreaks that get missed to be later identified, Friedrichs explained, adding that this saves time on computer forensics. File trajectory technology bundled within FireAmp shows how malware spread across a firm, he said. Once problems are identified, remedial actions can be carried out from the FireAMP console.

FireAMP, which is based on technology Sourcefire acquired from Immunet last year, comes only a month after it released a next-generation application-aware firewall, twin moves designed to allow it to sell kit outside its traditional IDS niche.

FireAMP is been positioned against gateway technology designed to thwart botnets from the likes of FireEye or Damballa as well as malware/based analysis and forensics tools from HB Gary and Guidance Software. All these technologies aim to cover for the security shortcomings of anti-malware suites in one way or another. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.