Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Sourcefire has launched a malware discovery and analysis solution that uses big data analytics.
FireAMP was designed for large enterprises and was born from Sourcefire's acquisition of Immunet last year.
Sourcefire senior vice-president Oliver Friedrichs cloud technology group, said anti-virus vendors generate up to from 10,000 signatures a day making security a big data problem.
"FireAMP's discovery and analysis capabilities can help these companies determine which systems are infected, how the infection occurred, the extent of the infection and how the malware behaves in order to both stop the malware and recover," Friedrichs said.
“Advanced malware is a new threat so it is about how you address it, while visibility and control are very important. It needs to be dynamic and you need to know if you have a problem and who was first infected and how.”
The program takes data and stores it in the cloud "in a type of black-box recorder" so future files and activity can be compared. “Now you will have all data for the enterprise, [know] how it got in, what it is and what it did. Otherwise you would spend 24 or 48 hours looking,” he said.
“You can have a detection engine that is better than anti-virus, but there is nothing that will stop everything. This is intended to diagnose what happened after the event. You can determine the core problem of what was causing the threat and find the malware on the system.”
He added that FireAMP has forensic capabilities.
FireAMP uses an agent to communicate with a cloud-based analysis engine, and only leverages metadata for evaluation.
Asked if Sourcefire's intention was to step into the ‘second security layer' sector, Friedrichs said that most of the focus in that sector is on advanced malware, but they detect at the gateway and cannot remove threats from the network; he said users have to be able to analyse the system and remove malware.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.