Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Sourcefire Brings Added Malware Protection and Analytics to the Enterprise

New Solution Helps Enterprises Discover, Understand and Block Malware Utilizing Big Data Analytics

Sourcefire today introduced a new malware protection and analysis solution designed to work alongside traditional endpoint security solutions and help discover malware threats that may have been missed by existing endpoint defenses.

New Solution Helps Enterprises Discover, Understand and Block Malware Utilizing Big Data Analytics

Sourcefire today introduced a new malware protection and analysis solution designed to work alongside traditional endpoint security solutions and help discover malware threats that may have been missed by existing endpoint defenses.

Sourcefire FireAMPDubbed FireAMP, the new offering provides increased visibility and control to help discover and block threats missed by other security layers.

“FireAMP is not anti-virus software,” explained Alfred Huger, VP of Development, at Sourcefire’s Cloud Technology Group. “The solution works in conjunction with deployed endpoint software, trying to help cover areas that don’t have coverage today.”

The solution analyzes and blocks malware by utilizing what the company calls “big data analytics”, and brings powerful reporting that delivers visibility into the state of malware in enterprise environments.

FireAMP reports identify and detail high-risk systems; threat root cause, showing applications that are introducing malware; and advanced persistent threats, listing advanced malware that could be unique to a customer’s environment. FireAMP also includes comparative reporting, so that users can evaluate activities within their environment in the context of their overall organization or the installed base of FireAMP customers.

Sourefire FireAMPIf a malicious file is discovered, FireAMP can help discover the spread of a file in the enterprise and prevent it from being spread further. “We want to take a customer and show them every single endpoint that experienced a file that they think is malicious,” Huger told SecurityWeek. “We want to tell them not only where malicious files have been, but where they came from, and what they did.”

The solution marks the latest addition to the company’s portfolio of products designed to encompass its Agile Security vision for context-aware, adaptive and automated security solutions.

A breakdown of FireAMP’s capabilities include:

FireCLOUD – Cloud-based infrastructure encompassing a number of advanced detection capabilities that leverage big data analytics to identify and score threats missed by other security layers

File Trajectory – Tracks file movement within the enterprise, allowing organizations to identify the entry point and propagation path of malware

File Analysis – Provides detailed information on malware behavior backed by the elite Sourcefire Vulnerability Research Team (VRT™) and the company’s collective security intelligence

Outbreak Control – Customer-defined detections that block malware without requiring an update from your security vendor

Cloud Recall – Continuous in-the-cloud analysis of historical file activity to discover and remediate threats that were previously missed

On the endpoint, FireAMP uses a lightweight kernel-based agent that connects to a cloud-based platform and only uses metadata to analyze files, requiring less storage and system resources than traditional endpoint security products.

“While developing this product, we spoke with more than 100 large enterprises and heard one common theme – while they have the latest security technologies with all of the latest updates, they still see malware infections,” said Oliver Friedrichs, senior vice president of Sourcefire’s Cloud Technology Group.

“Test results consistently show that the endpoint protection platforms currently available still do not protect endpoints against mass-propagated consumer threats — and their performance is even more dismal when faced with handcrafted targeted attacks,” said Neil MacDonald, vice president and fellow, and Peter Firstbrook, research director, at Gartner. “Gartner currently estimates that 4% to 7% of enterprise endpoints are infected at any given time, and that the next scheduled scan will catch only 1% of threats.” 

FireAMP supports endpoints running Windows XP SP2+, Windows Vista SP2+, Windows 7, and Windows Server 2008.

Pricing starts at $30 per seat annually, and includes 24×7 technical support, maintenance releases and content updates, and access to the Sourcefire hosted FireAMP Management Console and FireCLOUD analytics platform.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Funding/M&A

More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem