Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Sourcefire Launches Incident Response Services

Network security firm Sourcefire on Monday unveiled a new services offering to expand its advanced malware protection portfolio.

Network security firm Sourcefire on Monday unveiled a new services offering to expand its advanced malware protection portfolio.

With Incident Response Professional Services, Sourcefire will assist customers to clearly identify an event, evaluate the risk, and determine the most effective approach to remediate the issue, Sourcefire said Jan. 14. The Sourcefire Incident Response Team will help customers eliminate uncertainty and make educated decisions for better protection, the company said.

SourcefireThe team brings incident response capabilities to the organization, such as understanding whether data has been compromised or exfiltrated, studying the scope of the attack to determine if it is unique to the customer or part of a larger pattern, and analyzing whether the threat target the organization again, Oliver Friedrichs, senior vice-president of Sourcefire’s Cloud Technology group, told SecurityWeek. Incident response generally has four different stages, but customers have the flexibility to have Sourcefire’s team in place for only the areas they need help with, Friedrichs said.

“Advanced malware protection is not just about having the right technologies in place but also the right response when the technologies identify an event,” Jonathan Goldberger, vice president of professional services for Sourcefire, said in a statement.

The incident response team will be offering vendor agnostic suggestions when it is appropriate for the customer, Friedrichs said. The customer “many not be a Sourcefire IPS customer, but they look to us for our expertise,” he said.

The first stage of incident response is evaluation—doing the “heavy lifting,” Friedrichs said. The team will document what happened and understand what has happened using existing security technologies in place. The investigation is typically the largest undertaking because it is time-consuming, he said. The team can easily be vendor agnostic at this stage because the investigation will rely on whatever tools—automated and manual—the organization has along with intelligent data the organization has captured, Friedrichs explained.

The second stage is developing countermeasures. Once the threat has been understood, it is time for the team to figure out how to stop it, Friedrichs. If the attack is still ongoing, then the team will figure out how to stop it. In this stage, the team may develop new signatures or rules and recommend the customer invest in new Sourcefire technologies, or create signatures that can be used for existing deployed non-Sourcefire products.

“We can help make rules for other products, but it will depend on what they [customers] actually have, and whether we know how to work with it,” Friedrichs said. The third stage is deploying the countermeasures, tuning and adjusting the rules as necessary. And finally the fourth stage is validating the countermeasure that had been deployed. The team will make sure the new rules and signatures are working and that threats are being blocked, Friedrichs said.

It is possible for the customer to go with another vendor for deployment and validation after Sourcefire develops the countermeasures, Friedrichs said. In short, the customer always has the flexibility to choose when to bring in Sourcefire’s professional services team and when to stick with internal teams or other vendors.

“Our incident response service helps our customers bridge the knowledge and experience gap so that they can take a more proactive stance to identifying, mitigating and eliminating risks using the intelligence from FireAMP and advanced malware protection for FirePOWER,” Goldberger said in a statement.

Related Resource: Download the Advanced Malware Survival Kit

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.