FireAMP provides smart malware protection
David Heath
Sunday, 29 January 2012 12:53
Business IT –
Security
Imagine being able to retro-actively identify exactly which computers were affected by some piece of malware and which others they affected as the infection propagated.
<![CDATA[
<!–
.moveup {
position: relative;
top: -20px;
}
–>
]]>Microsoft Office 365
A scene-setting few observations from Sourcefire’s Gary Spiteri:
“The endpoint is now the new battleground for advanced malware.”
“The capture rate by traditional anti-virus products is somewhere around the 40% – 50% mark.”
“We’re also finding that around 75% of malware is found on only one computer.”
Chris Wood, Regional Director of Sourcefire Australia and New Zealand added “While developing this product, we spoke with more than 100 large enterprises and heard one common theme – while they have the latest security technologies with all of the latest updates, they still see malware infections.”
Sourcefire’s new product, FireAMP will add a small agent to every endpoint (PC etc) which feeds activity to a Sourcefire- controlled cloud server which is able to analyse potential malware with an expected 1 hour turn-around time.
According to Spiteri, this gives you visibility so you can detect and analyse malware or even items which you think might be malware. The problem which this software addresses is those narrow situations where you see something come into the organisation which looks and acts malicious, but has not yet been declared so.
FireAMP will automatically sample attachments for analysis in the cloud, advising site administrators when malicious software is found (which may or may not have already been discovered by the organisation’s anti-virus installation).
The final step is perhaps the most important. Since the agents are communicating activity to the cloud servers in real time, once an infection is discovered, it is immediately known which machines are affected and which are not. This genealogy makes it very easy to perform a fully targeted clean up (nuke-and-pave, as they say) on only the affected machines with some certainty that the infection is contained.
Priced at $AU29 per seat, FireAMP includes these five primary components:
FireCLOUD™ – Cloud-based infrastructure encompassing a number of advanced detection capabilities that leverage big data analytics to identify and score threats missed by other security layers
File Trajectory – Tracks file movement within the enterprise, allowing organisations to identify the entry point and propagation path of malware
File Analysis – Provides detailed information on malware behavior backed by the elite Sourcefire Vulnerability Research Team (VRT™) and the company’s collective security intelligence
Outbreak Control – Customer-defined detections that immediately block malware without requiring an update from your security vendor
Cloud Recall™ – Continuous in-the-cloud analysis of historical file activity to discover and remediate threats that were previously missed
Loading comments …
Please enable JavaScript if you wish to view comments.
Article source: http://www.itwire.com/business-it-news/security/52413-fireamp-provides-smart-malware-protection
View full post on National Cyber Security » Virus/Malware/Worms