Sourcefire, a developer of intelligent cybersecurity products and services for the enterprise, public sector and midmarket, is expanding its protection portfolio with new vendor-agnostic Incident Response Professional Services to help customers address advanced malware challenges. The intent is to clearly identify an event, evaluate the risk and determine the most effective approach to remediate.
“Historically Sourcefire focused on professional services for our customers,” said Oliver Friedrichs, SVP cloud technology. “We’ve seen an increase in demand for security incidents and advanced threats like malware. Every incident is different, and requires expertise to understand that particular case and factors.”
According to a prepared statement from Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group, given the inevitability of a security breach, large organizations must supplement Advanced Malware Detection/Prevention network and host-based controls with effective and efficient incident response policies, processes and metrics. “Many security solutions were designed for advanced malware detection and blocking alone, and lack the intelligence and integration necessary for incident detection and response. One notable exception of products and services comes from network security leader Sourcefire.”
Enterprises need to improve security intelligence, analytics, and automation to address skills deficits, he wrote in a blog last week. ‘So many enterprises don’t have enough security professionals, or their existing security staff lacks the necessary level of security skills, or both. Any one of these issues will undoubtedly increase the time it takes to detect and respond to security events.’
To deal with this, ESG’s Oltsik tells CISOs (Chief Information Security Officers) that they need appropriate compensating controls and strategies. ‘Given the increasingly dangerous threat landscape, highly effective incident detection and response processes, technologies, and skills are mission-critical.’
Friedrichs said his company’s new set of Incident Response services can be broken down into a four-part process: evaluate the technical details of the attack (method) itself; counter-measure development, develop measures to stop an attack if its still happening or prevent future incidents; counter-measure deployment, helping customer deploy solution, either a Sourcefire product, preferably, or somebody else’s; and counter-measure validation, confirming that the counter-measure is going to work, reviewing and enhancing the counter-measure if required.
Customers can use any one or a combination of the these processes, he said. What the new offering does is formalize a custom service… independent of our products. “That’s something we didn’t have before.”
As recently as 4-5 years ago, traditional incident response was more breach-oriented, said Friedrichs. “Today, a lot of that is happening through custom malware, very complex and very hard to remove.”
He believes initially the new services will appeal to Sourcefire’s installed base of 2,500 customers. However, as the offering itself will be vendor agnostic, it will open us up to working with other vendors, said Friedrichs
Expanding its total addressible market (TAM) should be good news for Sourcefire, especially as it has been picked as one of the top security takeover cadidates in 2013, according to a Stifel Nicolaus report.
“Consolidation has and will remain a key theme in the security space,” wrote analyst Todd Weller in a report published on Friday. “We continue to believe that larger tech companies (EMC, IBM, Hewlett-Packard could continue to view security as an attractive area from a growth perspective and as they continue to integrate compute, networking and storage. Within our coverage, we continue to view Fortinet and Sourcefire as representing the most attractive consolidation candidates.”