Sourcefire ‘Radar For Malware’ Goes Beyond Point-In-Time

Of the 621 confirmed data breaches and more than 47,000 security incidents included in the recent Verizon 2013 Data Breach Investigations Report, large-scale financial cybercrime and state-affiliated espionage dominated the security landscape in 2012. Additionally, the compromise-to-discovery timeline continues to be measured in months and even years, as opposed to hours and days, and third parties continue to detect the majority of breaches (69%). “The bottom line is that unfortunately, no organization is immune to a data breach in this day and age,” said Wade Baker, principal author of the Data Breach Investigations Report series.

To help address the current when-not-if threatscape, Sourcefire, a developer of intelligent cybersecurity products and services for the enterprise, public sector and midmarket, is updating its malware trajectory (Retrospective Security) capabilities – which allow organizations to quickly identify, scope, track, investigate and remediate malware, even when malicious files are originally deemed safe or unknown – for networks. The new Network File Trajectory and Device Trajectory capabilities enable security personnel to locate malware point-of-entry, propagation and behavior, across the network and at the system level.

File Trajectory is radar for malware, said CP Morey, VP of Product Marketing. “It looks across the network, shows you who is patient zero. It can even show you threats that are true APTs (Advanced Persistent Threats).” Previously available in the company’s FireAmp malware analysis and protection offering, customers were asking for a network version of file trajectory, he said.

Available as part of the company’s Advanced Malware Protection for FirePOWER software license, a subscription that can be added to a Next-Generation Intrusion Prevention Systems (NGIPS) or Next-Generation Firewall (NGFW), or as a dedicated appliance, Network File Trajectory delivers the ability to track malware across the network, providing detailed information on point of entry, propagation, protocols used, and which users or endpoints are involved. Available as part of the FireAMP host-based protection for endpoints and virtual networks, Device Trajectory builds upon existing endpoint File Trajectory capabilities to deliver analysis of system level activities, file origination and file relationships for root cause and forensic analysis to track and pinpoint behaviors indicating a compromise has happened and a breach has most likely occurred.

Morey said they’re also enhancing FireAMP with new Indicators of Compromise (IoC) and Device Flow Correlation capabilities, which enable users to correlate seemingly benign and unrelated events, while also monitoring device activity and communications to uncover potential malware. IoC correlates malware intelligence and seemingly benign events to determine whether a system may have been compromised, providing users with a prioritized list of potentially compromised devices. Device Flow Correlation correlates activities on an endpoint with traffic on the network, providing integrated intelligence and automation across the advanced malware protection security infrastructure, which helps control malware proliferation on endpoints outside the protections of a corporate network, like remote or mobile workers.

Sourcefire announced a FirePOWER-based AMP appliance, which allows users to defend against sophisticated network malware from the point of entry, through propagation, to post-infection remediation, at the end of February. And in January it added new vendor-agnostic Incident Response Professional Services.

However, while the fact organizations are struggling to keep pace with the changing face of security should mean good news for the security industry, Sourcefire has had its own share of challenges. The company reported a net loss of $26,000 for its first quarter of 2013. Q1 revenue was up 21% year-over-year, to $56.2 million, but its U.S. Federal business was impacted by funding uncertainties and dropped 36%.

CTO and founder Martin Roesch said the company’s advanced malware solutions are at the forefront with an approach that is ahead of the market and the competition. “We believe we are well positioned as this market continues to evolve, and this is one of the keys of our long-term growth strategy.”


Author: Steve Wexler

Share This Post On


  1. World War Z: Security Solutions Treat Symptoms, Not Causes - […] security is a mess. Of the 621 confirmed data breaches and more than 47,000 security incidents included in the…

Leave a Reply