View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
November 12, 2012

Sourcefire adds malware protection to network security appliance

Company claims tech will help detect malware that has previously been deemed safe

By Steve Evans

Sourcefire has added advanced malware protection to its FirePower range of security appliances, which underpin its Next-Generation IPS and Next-Generation Firewall.

Sourcefire said this means it can now provide visibility and control over malware on a network, from the point of entry to propagation to post-infection remediation.

The protection works in real-time and constantly analysis files as they cross the network. It also has the ability to retrospectively alert IT admins to an issue.

Sourcefire said this is important as malware can, if it gets through the initial inspection, often lie dormant and undetected for a significant amount of time as the security software simply does not know to look for it.

The advanced malware protection works by creating what Sourcefire calls a forensic fingerprint of each file. The files are then tracked as they move around the network, which the company says can help with identifying attack targets.

Sourcefire’s malware database is kept up to date in real-time, meaning that if a file becomes active having previously been deemed safe it will still be picked up.

Leon Ward, field product manager at Sourcefire, said monitoring files as they move around the network is more effective than scanning at the gateway, as new malware can get by traditional security software if it doesn’t know what to look for, as is the case with zero day attacks.

Content from our partners
Five key challenges facing the fashion industry
<strong>How to get the best of both worlds in the hybrid cloud</strong>
The key to good corporate cybersecurity is defence in depth

"Advanced malware is one of the biggest challenges anyone has to deal with right now. Traditional antivirus, antimalware, gateway AV scanning and so on are all letting them down when it comes to dealing with advanced, targeted persistent threats. Malware is becoming embedded in these environments and is difficult to get rid of," Ward told CBR.

Ward mentioned the likes of Stuxnet and Flame, which were not discovered by any security tool. For example Stuxnet was only discovered when centrifuges at an Iranian nuclear facility malfunctioned. "They got entrenched in networks before they were known to be bad," he said.

"Malicious threats hone in on their victims, disguise themselves to evade defences, can hide for extended periods and then launch their attacks at any time," said Marty Roesch, interim CEO.

"Given this new level of sophistication it’s clear that the foundation of any security solution needs to be addressing the threat – before, during and after an attack. Layers of security infrastructure must work together for better protection. Constraining and eliminating attack vectors and marginalising the impact of an attack is the end game," he said.

Advanced malware protection for Sourcefire FirePower will be available this month to existing customers on a subscription licence basis.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.