23 Jan 2012
Advanced Malware Protection: What Your Enterprise Really Needs
posted by Oliver Friedrichs
Today Sourcefire introduced its new FireAMP™ product, an intelligent, enterprise-class advanced malware protection solution that uses big data analytics to discover, analyze and block advanced malware. This release is the culmination of years of hard development work by the Immunet team that was acquired by Sourcefire in 2010. It's also an evolution of the radically disruptive big data security platform that we've been building for the past 3 ½ years since the birth of Immunet.
All of the celebration aside, you might ask yourself – another anti-malware product? Well, no. This isn't just another anti-malware product. FireAMP is representative of what your enterprise really needs to address advanced malware. Over the course of the past year we've talked to well over 100 enterprises and heard one common theme: they have the latest endpoint security products, with the latest DAT files, but they are still heavily infected (in fact, our data shows that in many organizations, up to 10 percent of all computers are infected). More importantly, they don't know how these threats got in, how they are spreading when inside, or which computers have them.
The industry has certainly been trying as hard, if not harder, than we always have. The attackers have been working pretty hard too, but it doesn't take much effort to defeat today's anti-malware defenses. Most threats can be packed and repacked with publicly available tools in order to bypass most endpoint security technologies. The industry has been stuck in a never-ending cycle of trying to develop better detection technologies. Vendors have spent 20 years building signature engines, heuristic engines, behavioral engines, emulators, sandboxes, reputation services, and clouds, to name just a few, and most still cannot detect today's advanced malware.
|Figure 1. FireAMP File Trajectory|
FireAMP turns the cloud into what I like to call, a "flight recorder" for the endpoint, allowing you to track ALL file activity across the enterprise. By using this approach we gain an unprecedented level of detail, including identifying the root cause of threats as well as their entry point, trajectory, infected computers, and their specific behaviors. This simplifies the laborious and costly forensic and cleanup effort. This advanced visibility can only be accomplished on the endpoint, and not from the network where other similar products reside.
Just the act of discovering and analyzing threats is clearly not enough if the threats themselves remain resident. Modern anti-malware solutions rely on a lengthy and proprietary signature update process that leaves organizations exposed for days, and in some cases, weeks, before providing a defense. Sourcefire has embraced an open architecture since day one, as witnessed by our open source Snort platform.
With the launch of FireAMP we are introducing a second disruptive technology into the advanced malware battle – Outbreak Control. FireAMP offers Outbreak Control for customers to create custom signatures and to tag and quarantine malware themselves, immediately, sidestepping the traditional vendor detection process. Next, FireAMP's Cloud Recall technology quickly rechecks all endpoints without a full scan, using data that has already been collected in the cloud, and automatically quarantining files as needed. This approach dramatically reduces the exposure window for organizations experiencing advanced malware infections.
In the course of one's career in the technology world, you have only a few opportunities to develop and introduce an entirely new product. The Visibility and Control capabilities in this FireAMP™ release mark a unique new approach to fighting the advanced malware problem that is plaguing many of the world's largest organizations. We are proud to introduce FireAMP™ as a new, powerful tool in your arsenal to fight this battle.
For more information on FireAMP, register for one of three webinars.
Labels:advanced malware protection fireamp
comments powered by Disqus