"The endpoint is now the new battleground for advanced malware."
"The capture rate by traditional anti-virus products is somewhere around the 40% - 50% mark."
"We're also finding that around 75% of malware is found on only one computer."
Chris Wood, Regional Director of Sourcefire Australia and New Zealand added "While developing this product, we spoke with more than 100 large enterprises and heard one common theme - while they have the latest security technologies with all of the latest updates, they still see malware infections."
Sourcefire's new product, FireAMP will add a small agent to every endpoint (PC etc) which feeds activity to a Sourcefire- controlled cloud server which is able to analyse potential malware with an expected 1 hour turn-around time.
According to Spiteri, this gives you visibility so you can detect and analyse malware or even items which you think might be malware. The problem which this software addresses is those narrow situations where you see something come into the organisation which looks and acts malicious, but has not yet been declared so.
FireAMP will automatically sample attachments for analysis in the cloud, advising site administrators when malicious software is found (which may or may not have already been discovered by the organisation's anti-virus installation).
The final step is perhaps the most important. Since the agents are communicating activity to the cloud servers in real time, once an infection is discovered, it is immediately known which machines are affected and which are not. This genealogy makes it very easy to perform a fully targeted clean up (nuke-and-pave, as they say) on only the affected machines with some certainty that the infection is contained.
Priced at $AU29 per seat, FireAMP includes these five primary components:
FireCLOUDâ„¢ - Cloud-based infrastructure encompassing a number of advanced detection capabilities that leverage big data analytics to identify and score threats missed by other security layers
File Trajectory - Tracks file movement within the enterprise, allowing organisations to identify the entry point and propagation path of malware
File Analysis - Provides detailed information on malware behavior backed by the elite Sourcefire Vulnerability Research Team (VRTâ„¢) and the company's collective security intelligence
Outbreak Control - Customer-defined detections that immediately block malware without requiring an update from your security vendor
Cloud Recallâ„¢ - Continuous in-the-cloud analysis of historical file activity to discover and remediate threats that were previously missed