Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cisco Integrates Sourcefire’s Malware Protection Technologies

SAN FRANCISCO – RSA CONFERENCE 2014 – Cisco Systems made multiple announcements Monday touting the integration of recently-acquired security technologies into the company’s efforts to address malware protection.

SAN FRANCISCO – RSA CONFERENCE 2014 – Cisco Systems made multiple announcements Monday touting the integration of recently-acquired security technologies into the company’s efforts to address malware protection.

This starts with the addition of Advanced Malware Protection (AMP) to its portfolio Content Security products. Originally developed by Sourcefire and integrated with its own FirePOWER security appliances in November 2012, AMP is one of the initial integration efforts since Cisco acquired Sourcefire last year for $2.7 billion. According to Cisco, AMP uses the company’s cloud-based security intelligence network to improve the ability to detect and block malware.

Rather than relying on malware signatures, AMP uses a mix of file reputation, file sandboxing and retrospective file analysis to identify and block threats. The file reputation analyzes file payloads inline as they travel across the network, while the file retrospection capability can be used to deal with malicious files that have passed through perimeter defenses but are subsequently determined to be a threat through AMP’s cloud-based intelligence network.

“Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response versus point in time solutions,” said Christopher Young, senior vice president of the Cisco Security Business Group, in a statement. “Web and Email gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content. By bringing together AMP and threat analytics with our Web, Cloud Web and Email Security gateways, we provide our customers with the best advanced malware protection from the cloud to the network to the endpoint.”

The addition of the AMP to Cisco Web and Email Security Solutions was accompanied with the inclusion of technology from the acquisition of Cognitive Security. Purchased last year, the addition of Cognitive Threat Analytics brings behavioral modeling and anomaly detection to Cisco’s Cloud Web Security customers. Both Cognitive Threat Analytics and AMP are available on Cisco Cloud Web Security as an optional license.

AMP is also included in the arsenal for the FirePOWER series of appliances. 

Also joining Cisco’s integration party is OpenAppID, a new set of open source application identification capabilities now delivered to the Snort engine. The capabilities are enabled by the OpenAppID application-focused detection language. As new applications are developed, the language offers users increased flexibility to control those apps on the network and apply application-level understanding to security events, according to the company.

“Open source is very important because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive threats,” said Martin Roesch, creator of Snort and vice president and chief architect of the Cisco Security Business Group, in a statement. “By open sourcing application visibility and control, Cisco is empowering the community to create technically superior solutions to address their most complex and unique security challenges.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.