Security Experts:

Sourcefire Adds Advanced Malware Protection to FirePOWER Appliances

Network security firm Sourcefire has expanded and enhanced its line of FirePOWER appliances with advanced malware protection capabilities.

SOURCEfire LogoWith an increasing number of complex and evasive threats hitting networks, organizations are shifting their focus and budget dollars towards security analytics and advanced malware protection. Sourcefire has refreshed its FirePOWER product portfolio with new appliances, new malware protection capabilities, and a software update with additional protection features, the company said Monday. The new Advanced Malware Protection provides administrators with visibility and control over sophisticated malware, advanced persistent threats and targeted attacks on the network, Alfred Huger, vice-president of development for Sourcefire's cloud technology group, told SecurityWeek.

The company included features such as file type detection and control, security intelligence for IP reputation, and blacklisting in the latest version of the software with an updated dashboard and reports. The software, at version 5.1.1, serves as the foundation for its FirePOWER and virtual-appliance-based solutions and enhances network awareness, Sourcefire said.

Advanced malware protection for FirePOWER helps organizations "combat threats before, during and after an attack," said Martin Roesch, founder and interim CEO at Sourcefire, noting that organizations need to be proactive about "mitigating the impact of sophisticated malware that can quickly permeate a network."

With the ability to blacklist and block botnets, attackers, spam sources, and other malicious IP addresses, administrators can keep the bad traffic out of the network. The new system looks at over 20 different file types, including the ones most frequently targeted by attackers, including PDF, Excel, Word, archives, and executables, Huger said. Administrators can decide how to control whether or not to allow those filetypes into the network.

The alerting and blocking policy and file-type detection can be used to create policies that are as granular as the organization needs them to be, such as allowing employees to send and view PDF files sent internally, but block all attempts to download PDF files from the Internet, Huger said.

The new FirePOWER products give administrators the ability to examine threats from point-of-entry, through network propagation, all the way to post-infection remediation, the company said. Thanks to big data analytics, Sourcefire's advanced malware protection includes forensic file fingerprinting, file movement tracking and the ability to identify attack targets for remediation. With continuous file analysis, users are notified when a malicious file is detected on the network, even if that same file had earlier been tagged as being safe, the company said.

Screenshot of Sourcefire's FirePOWER Interface

FIREPower Screenshot

Retrospective detection catches the malware the system didn't recognize the first time around, but recognizes as malicious after more data becomes available, Huger said.

In addition to the new protection capabilities and the new software, Sourcefire added three new appliances to the FirePOWER 7000 series. The new models include FirePOWER 7010 for 50 Mbps, FirePOWER 7020 for 100 Mbps, and the FirePOWER 7030 for 250 Mbps, giving Sourcefire a performance range from 50 Mbps to over 40 Gbps, the company said. The new appliances give enterprises more flexibility since their bandwidth requirements may vary across locations, Huger said.

FirePOWER's advanced malware protection is intended to operate inline to provide continuous network protection without disrupting normal network flow. FirePOWER will be integrating its malware detection capabilities with the collective intelligence gathered by Sourcefire's FireAMP products to provide in-depth visibility into threats on devices.

FirePOWER integrates threat protection capabilities with Sourcefire's next-generation intrusion prevention system, application control, and next-generation firewall. IPS is still important, but Sourcefire recognizes that it needs to be able to do more than just detect threats, Huger said. Customers are tired of being reactive and want to be proactive, and IPS can be part of a platform that goes beyond just detection to limit exposure and provide administrators with "context awareness, user awareness, and application awareness," Huger said.

"It's not the only ticket to the dance," Huger said.

The Advanced malware protection for FirePOWER starts at $1,599 per year for existing FirePOWER customers. New customers can purchase the offering as an integrated feature in combination with the appliance platform starting at less than $20,000.

Both advanced malware protection for FirePOWER and 5.1.1 are scheduled to be available by end of this month. The new 7000 series appliances are targeted for availability in the next three months, the company said.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.