Sourcefire goes beyond the sandbox
Posted on 21 May 2013.
Sourcefire introduced malware trajectory capabilities across its Advanced Malware Protection portfolio, giving customers visibility into malware attack activity and enabling them to detect, remediate and control malware outbreaks.

“Even organizations which are diligent in their security measures realize that breaches are entirely too likely in the face of modern threats and they need solutions that help them deal with malware before, during and after an attack,” said Martin Roesch, Sourcefire founder and CTO.

With Sourcefire’s new Network File Trajectory and Device Trajectory capabilities, customers can determine the scope of an outbreak and track malware or suspicious files across the network and at the system level. These new features enable security personnel to locate malware point-of-entry, propagation and behavior.

Network File Trajectory delivers the ability to track malware across the network, providing detailed information on point of entry, propagation, protocols used, and which users or endpoints are involved. This is available as part of Sourcefire’s Advanced Malware Protection for FirePOWER software license, a subscription that can be added to a NGIPS or NGFW, or as a dedicated appliance.

Device Trajectory builds upon existing endpoint File Trajectory capabilities to deliver critical analysis of system level activities, file origination and file relationships for root cause and forensic analysis to track and pinpoint behaviors indicating a compromise has happened and a breach has most likely occurred. Device Trajectory is available as part of the FireAMP host-based protection available for endpoints and virtual networks.

Sourcefire is further enhancing FireAMP with new Indicators of Compromise and Device Flow Correlation capabilities, which enable users to correlate seemingly benign and unrelated events, while also monitoring device activity and communications to uncover potential malware.

Indicators of Compromise (IoC) – Correlates malware intelligence and even seemingly benign events to determine whether a system may have been compromised – providing users with a prioritized list of potentially compromised devices.

Device Flow Correlation – Correlation of activities on an endpoint with traffic on the network, providing integrated intelligence and automation across the advanced malware protection security infrastructure. This provides distinct advantages in controlling malware proliferation on endpoints outside the protections of a corporate network, like remote or mobile workers.





Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //