Following a record third quarter and in the middle of a search to replace CEO John Burris, who passed away in October, security vendor Sourcefire, Inc. is making significant announcements about its FirePOWER appliances line. In addition to upgrading protection against such malware as advanced persistent threats (APTs) and targeted attacks, the company has added new FirePOWER 7000 Series appliances, new software (v5.1.1) with file type detection and control, as well as security intelligence for IP reputation and blacklisting.
“When you look at these point solutions, no one is delivering universal platforms and that’s where the value is,” said Zulfikar Ramzan, Chief Scientist, Cloud Technology Group, Sourcefire. “Customers don’t want to deal with the pieces.”
He said with these announcements Sourcefire is improving its capabilities across the board. “Now we’re able to provide that end-to-end solution.”
John Grady, Research Manager, Security Products, IDC, believes this holistic approach is the most significant aspect of the announcements. “Today’s threats are advanced, multi-vector, and persistent. Solutions that can address more than one area have better visibility into the overall landscape and are better equipped to deal with today’s threat environment. In Sourcefire’s case, the ability to tie in advanced IPS (intrusion prevention systems) and NGFW (next-generation firewalls) on the same platform, and now add advanced malware protection to that, which uses the same cloud intelligence engine as the FireAMP endpoint malware solution, could be a strong differentiator.”
Sourcefire’s Dave Stuart, Director, Product Marketing, added that cost is another major pain point that his company addresses. The company’s customer base is large enterprise and government. “They’re the ones making the investment in protection, and the ones that tend to be targeted.”
However they’re spending hundreds of thousands of dollars for point solutions. “This is a lower-cost solution that gives you added value… an end-to-end solution,” he said.
Grady agreed that TCO is important because even as security has become more top of mind, budgets remain somewhat constrained. “It’s absolutely a differentiator if the security capabilities of different solutions are equal or close. That being said, if a product can’t show strong metrics for stopping attacks, it could be free and it wouldn’t be used.”
One of the issues enterprises are dealing with is BYOD and how to control access to the network and critical information while being able to set granular policies and ensure they’re being enforced., he said. The other major threat is advanced malware.
“Purely signature-based defenses just don’t work anymore. It’s not a matter of enterprises being hit with mass amounts of malware, but the threat of one specialized, targeted, undetectable malicious file getting through defenses. Many attacks today resemble embezzlement more than a bank robbery. Once a foothold is gained, information can be slowly stolen over time without the organization even knowing.” Dynamic defenses are needed that tie in advanced analytics to detect malicious software, said Grady, hopefully at the point of entry, but at the very least before sensitive information is exfiltrated from the network. Another issue, and one that Sourcefire addresses is advanced malware that may be encrypted, or have its intentions hidden through sleep techniques, etc.
“With the continuous analysis and retrospective reporting, the system can go back and alert on a file it previously allowed through, providing a list of destination IPs so an organization can begin the remediation process,” said Grady. “Tied in with the host-based FireAMP solution, this does become a differentiator because an organization can then use that platform (FireAMP) to scan for that particular file in case it had spread since it was initially allowed onto the network.”
New features in 5.1.1 include: detection and control of all file types, file protocols and file direction; security intelligence for IP Reputation blacklisting and alerting / blocking botnets, attackers, spam sources and other malicious IPs; Context Explorer to visualize and explore contextual information about most-used applications, hosts and user identity; and updated dashboards and event reporting to provide graphical summary views. The three new FirePOWER appliances, which extend the performance range from 50 Mbps to 40+ Gbps, are the 7010 (50 Mbps), the 7020 (100 Mbps) and the 7030 (250 Mbps).