Company claims tech will help detect malware that has previously been deemed safe
Sourcefire has added advanced malware protection to its FirePower range of security appliances, which underpin its Next-Generation IPS and Next-Generation Firewall.
Sourcefire said this means it can now provide visibility and control over malware on a network, from the point of entry to propagation to post-infection remediation.
The protection works in real-time and constantly analysis files as they cross the network. It also has the ability to retrospectively alert IT admins to an issue.
Sourcefire said this is important as malware can, if it gets through the initial inspection, often lie dormant and undetected for a significant amount of time as the security software simply does not know to look for it.
The advanced malware protection works by creating what Sourcefire calls a forensic fingerprint of each file. The files are then tracked as they move around the network, which the company says can help with identifying attack targets.
Sourcefire’s malware database is kept up to date in real-time, meaning that if a file becomes active having previously been deemed safe it will still be picked up.
Leon Ward, field product manager at Sourcefire, said monitoring files as they move around the network is more effective than scanning at the gateway, as new malware can get by traditional security software if it doesn’t know what to look for, as is the case with zero day attacks.
"Advanced malware is one of the biggest challenges anyone has to deal with right now. Traditional antivirus, antimalware, gateway AV scanning and so on are all letting them down when it comes to dealing with advanced, targeted persistent threats. Malware is becoming embedded in these environments and is difficult to get rid of," Ward told CBR.
Ward mentioned the likes of Stuxnet and Flame, which were not discovered by any security tool. For example Stuxnet was only discovered when centrifuges at an Iranian nuclear facility malfunctioned. "They got entrenched in networks before they were known to be bad," he said.
"Malicious threats hone in on their victims, disguise themselves to evade defences, can hide for extended periods and then launch their attacks at any time," said Marty Roesch, interim CEO.
"Given this new level of sophistication it’s clear that the foundation of any security solution needs to be addressing the threat – before, during and after an attack. Layers of security infrastructure must work together for better protection. Constraining and eliminating attack vectors and marginalising the impact of an attack is the end game," he said.
Advanced malware protection for Sourcefire FirePower will be available this month to existing customers on a subscription licence basis.