Sourcefire launches malware analytics tool

Sourcefire has launched a malware discovery and analysis solution that uses big data analytics.

FireAMP was designed for large enterprises and was born from Sourcefire's acquisition of Immunet last year.

Sourcefire senior vice-president Oliver Friedrichs cloud technology group, said anti-virus vendors generate up to from 10,000 signatures a day making security a big data problem.

"FireAMP's discovery and analysis capabilities can help these companies determine which systems are infected, how the infection occurred, the extent of the infection and how the malware behaves in order to both stop the malware and recover," Friedrichs said.

“Advanced malware is a new threat so it is about how you address it, while visibility and control are very important. It needs to be dynamic and you need to know if you have a problem and who was first infected and how.”

The program takes  data and stores it in the cloud "in a type of black-box recorder" so future files and activity can be compared. “Now you will have all data for the enterprise, [know] how it got in, what it is and what it did. Otherwise you would spend 24 or 48 hours looking,” he said.

“You can have a detection engine that is better than anti-virus, but there is nothing that will stop everything. This is intended to diagnose what happened after the event. You can determine the core problem of what was causing the threat and find the malware on the system.”

He added that FireAMP has forensic capabilities.

FireAMP uses an agent to communicate with a cloud-based analysis engine, and only leverages metadata for evaluation.

Asked if Sourcefire's intention was to step into the ‘second security layer' sector, Friedrichs said that most of the focus in that sector is on advanced malware, but they detect at the gateway and cannot remove threats from the network; he said users have to be able to analyse the system and remove malware.

This article originally appeared at scmagazineuk.com