Sourcefire Razorback – Open Source Framework Ties Together Various Threat Collection and Detection Technologies
Sourcefire, Inc. (Nasdaq:FIRE), a provider cybersecurity solutions, this week is launching Razorback, an open source framework designed to deliver deep inspection capabilities to help combat complex cyber threats.
The Razorback framework (formerly known as Near Real-Time Detection) can link together an organization’s detection investments and maximize their effectiveness, allowing greater visibility and intelligence into the threats detected by a variety of security solutions.
Developed to help coordinate the response against Advanced Persistent Threats (APT), Razorback enables users to collect, analyze and store threat data from different technologies and vendors, so that they can implement customized enterprise- and threat-specific detection and remediation.
Razorback is designed to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Intelligence Driven Response (IDR) processes using custom built and existing security tools such as anti-virus, IDS, gateways, email, etc.
IDR allows users to utilize the information learned about specific attackers back into their security infrastructure for a customizable response. Razorback provides deep analysis and reporting by storing pieces of data identified that could indicate a compromise or attack and specifically highlights the components of that data which cause the system to trigger an alert.
“Open source is at the core of everything Sourcefire does, and Razorback is the latest innovation providing users with the ability to protect themselves from today’s sophisticated threats,” said Martin Roesch, Founder and CTO of Sourcefire.
The Razorback framework performs detection in near-real time (think seconds), allowing for in-line blocking on “store and forward” services, such as email services or web proxies, and providing alerts in the event of an attack. It also provides enterprises with the ability to convert intelligence gathered on attacker methodology into detection capabilities, enabling them to develop and protect against targeted threats or Zero-Day vulnerabilities.
“Razorback was designed to address the current challenges of today’s threat landscape where attackers are specifically creating attacks to avoid off the shelf tools and technologies,” said Matt Watchinski, Senior Director of the Sourcefire Vulnerability Research Team.“
Sourcefire will continue to develop additional capabilities and publish data collectors, detection engines, analysis software and output handlers to maximize the value of Razorback and encourage innovation from the open s¬ource community.
Being an open source technology, Razorback is available for free and can be downloaded at: http://labs.snort.org/razorback