FireAMP Fights Malware with Big Data Analytics
SourceFire is a trusted name in information security. It has been around for over 10 years, and it is the steward of popular open source tools like Snort intrusion detection. Now, SourceFire is using big data analytics to give organizations better tools to fight malware with FireAMP.
FireAMP is a malware discovery and analysis platform that can identify advanced malware threats, and provide data necessary to understand the scope of the threat, and contain it. It uses a small agent on endpoints to relay data to FireCLOUD--a cloud-based analysis engine that uses big data analytics to identify and score threats that are missed by other security tools.
In and of itself, FireAMP defies easy classification. It is a new type of security tool that does not fit easily into any standard categories like antivirus, or antispyware, or firewall. Yet, it seems to have some overlap with existing security tools to augment their capabilities.
Oliver Friedrichs, senior vice president of Sourcefire’s Cloud Technology Group, explains, “We developed FireAMP with sophisticated detection, visibility and control especially for enterprises whose primary solutions are lacking. FireAMP’s discovery and analysis capabilities can help these companies quickly determine which systems are infected, how the infection occurred, the extent of the infection and how the malware behaves in order to both stop the malware and recover.”
I had an opportunity for an early sneak peek at FireAMP with Al Huger, vice president of development in Sourcefire's Cloud Technology Group. As a former network administrator and security consultant, I appreciated what I saw.
I was particularly impressed with the degree of visibility provided by FireAMP. Having managed incident response for malware outbreaks like Code Red, Nimda, and SQL Slammer, I know that trying to understand the scope and impact of the threat, tracking its origin, and containing it is a daunting task when you’re flying blind. FireAMP can determine “patient zero”, plot how the threat is spreading through your network, and provide details on the behavior of the malware that are crucial to containing the threat and minimizing damage.
FireAMP is not a replacement, though, for traditional endpoint security. Antimalware products are still necessary to detect and block known threats, and protect the endpoint PCs. Where FireAMP comes in is as an analysis tool that fills in the gaps, and provides crucial data that can help identify and contain malware that slips through the cracks.
If I were in charge of security at an organization, I would want a tool like FireAMP to give me a more complete real-time view of the threats affecting my network.