Defending the IT infrastructure of a large enterprise against threats posed by malware is an ongoing, never-ending battle. Malware authors are constantly exploring new ways to get past security safeguards, and keeping track of the what, when, and how of malware attacks can be problematic, especially for organizations required to operate under restrictive auditing, compliance, and governance requirements. Security vendor Sourcefire thinks they have a solution to that problem with their new FireAMP product, which was announced earlier this week.
I recently spoke with Alfred Huger, Sourcefire's VP of Development for their Cloud Technology Group, about some of the challenges that malware presents to IT security professionals. "Detecting and removing malware is only part of the problem," Huger said. "You still need to know what happened from a governance perspective. Have you been comprehensively compromised and have there been multiple infections? Security data needs context...events seen in isolation are often viewed differently when viewed in the proper context."
Huger explained that FireAMP tries to provide IT security professionals with that information by relying on a number of new product features, including the ability to leverage a cloud-based service (FireCLOUD) that relies on data analytics to perform more rigorous analysis of detected malware, including the ability to analyze historical file activity to track down overlooked threats. Another feature called "file trajectory" takes a visual approach to malware reporting by displaying the movement of files by using a series of icons and other visual cues. Large enterprises may have millions upon millions of files for administrators to protect and sort through, and file trajectory looks to help alleviate that problem.
In a statement announcing the news, Oliver Friedrichs, the Senior VP of Sourcefire's Cloud Technology Group, touted FireAMP's malware discovery and analysis capabilities. "While developing this product, we spoke with more than 100 large enterprises and heard one common theme – while they have the latest security technologies with all of the latest updates, they still see malware infections,” Friedrichs said. "We developed FireAMP with sophisticated detection, visibility and control especially for enterprises whose primary solutions are lacking. FireAMP’s discovery and analysis capabilities can help these companies quickly determine which systems are infected, how the infection occurred, the extent of the infection and how the malware behaves in order to both stop the malware and recover."
So how are you handling malware protection, detection, and analysis in your IT environment? Feel free to add a comment to this blog post or contribute to the discussion on Twitter.