Pinpointing malware movement

Sourcefire, Inc. has introduced innovative malware trajectory capabilities across its Advanced Malware Protection portfolio, giving customers detailed visibility into malware attack activity and enabling them to detect, remediate and control malware outbreaks. With these additions, Sourcefire Advanced Malware Protection solutions are the only offerings that add a continuous capability to its malware blocking, going beyond point-in-time detection to confirm an infection, trace its path, analyse its behaviour, remediate its targets and report on its impact regardless of when a file is determined to be malware.

  • 11 years ago Posted in

“Even organisations which are diligent in their security measures realise that breaches are entirely too likely in the face of modern threats and they need solutions that help them deal with malware before, during and after an attack,” said Martin Roesch, Sourcefire founder and CTO. “The enhanced trajectory features in our Advanced Malware Protection portfolio provide customers with decisive insight when a breach occurs and extend Sourcefire’s innovative Retrospective Security with the ability to immediately locate and eradicate malicious files everywhere they surface.”


With Sourcefire’s new Network File Trajectory and Device Trajectory capabilities, customers can quickly determine the scope of an outbreak and track malware or suspicious files across the network and at the system level. These new features enable security personnel to quickly locate malware point-of-entry, propagation and behaviour. This is an innovative component of Sourcefire’s revolutionary Retrospective Security, which allows organisations to quickly identify, scope, track, investigate and remediate malware, even when malicious files are originally deemed “safe” or “unknown.”


Network File Trajectory delivers the ability to track malware across the network, providing detailed information on point of entry, propagation, protocols used, and which users or endpoints are involved. This is available as part of Sourcefire’s Advanced Malware Protection for FirePOWER™ software license, a subscription that can be added to a Next-Generation Intrusion Prevention Systems (NGIPS) or Next-Generation Firewall (NGFW), or as a dedicated appliance, both of which provide advanced malware protection for networks.


Device Trajectory builds upon existing endpoint File Trajectory capabilities to deliver critical analysis of system level activities, file origination and file relationships for root cause and forensic analysis to track and pinpoint behaviors indicating a compromise has happened and a breach has most likely occurred. Device Trajectory is available as part of the FireAMP™ host-based protection available for endpoints and virtual networks.


Sourcefire is further enhancing FireAMP with new Indicators of Compromise and Device Flow Correlation capabilities, which enable users to correlate seemingly benign and unrelated events, while also monitoring device activity and communications to uncover potential malware.


Indicators of Compromise (IoC) – Correlates malware intelligence and even seemingly benign events to determine whether a system may have been compromised – providing users with a prioritised list of potentially compromised devices.


Device Flow Correlation – Correlation of activities on an endpoint with traffic on the network, providing integrated intelligence and automation across the advanced malware protection security infrastructure. This provides distinct advantages in controlling malware proliferation on endpoints outside the protections of a corporate network, like remote or mobile workers.


In addition, the trajectory and IoC features leverage the captured network activity to accelerate investigation and compromise prioritisation.
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Palo Alto Networks has introduced Prisma® Cloud 3.0, said to be the industry’s first integrated...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...