Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Sourcefire Launches Incident Response Services

Network security firm Sourcefire on Monday unveiled a new services offering to expand its advanced malware protection portfolio.

Network security firm Sourcefire on Monday unveiled a new services offering to expand its advanced malware protection portfolio.

With Incident Response Professional Services, Sourcefire will assist customers to clearly identify an event, evaluate the risk, and determine the most effective approach to remediate the issue, Sourcefire said Jan. 14. The Sourcefire Incident Response Team will help customers eliminate uncertainty and make educated decisions for better protection, the company said.

SourcefireThe team brings incident response capabilities to the organization, such as understanding whether data has been compromised or exfiltrated, studying the scope of the attack to determine if it is unique to the customer or part of a larger pattern, and analyzing whether the threat target the organization again, Oliver Friedrichs, senior vice-president of Sourcefire’s Cloud Technology group, told SecurityWeek. Incident response generally has four different stages, but customers have the flexibility to have Sourcefire’s team in place for only the areas they need help with, Friedrichs said.

“Advanced malware protection is not just about having the right technologies in place but also the right response when the technologies identify an event,” Jonathan Goldberger, vice president of professional services for Sourcefire, said in a statement.

The incident response team will be offering vendor agnostic suggestions when it is appropriate for the customer, Friedrichs said. The customer “many not be a Sourcefire IPS customer, but they look to us for our expertise,” he said.

The first stage of incident response is evaluation—doing the “heavy lifting,” Friedrichs said. The team will document what happened and understand what has happened using existing security technologies in place. The investigation is typically the largest undertaking because it is time-consuming, he said. The team can easily be vendor agnostic at this stage because the investigation will rely on whatever tools—automated and manual—the organization has along with intelligent data the organization has captured, Friedrichs explained.

The second stage is developing countermeasures. Once the threat has been understood, it is time for the team to figure out how to stop it, Friedrichs. If the attack is still ongoing, then the team will figure out how to stop it. In this stage, the team may develop new signatures or rules and recommend the customer invest in new Sourcefire technologies, or create signatures that can be used for existing deployed non-Sourcefire products.

“We can help make rules for other products, but it will depend on what they [customers] actually have, and whether we know how to work with it,” Friedrichs said. The third stage is deploying the countermeasures, tuning and adjusting the rules as necessary. And finally the fourth stage is validating the countermeasure that had been deployed. The team will make sure the new rules and signatures are working and that threats are being blocked, Friedrichs said.

It is possible for the customer to go with another vendor for deployment and validation after Sourcefire develops the countermeasures, Friedrichs said. In short, the customer always has the flexibility to choose when to bring in Sourcefire’s professional services team and when to stick with internal teams or other vendors.

Advertisement. Scroll to continue reading.

“Our incident response service helps our customers bridge the knowledge and experience gap so that they can take a more proactive stance to identifying, mitigating and eliminating risks using the intelligence from FireAMP and advanced malware protection for FirePOWER,” Goldberger said in a statement.

Related Resource: Download the Advanced Malware Survival Kit

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...