It’s almost impossible to stop every online outlaw from breaking into your network. So, an enterprise security firm has decided to go after the repeat offenders.
Sourcefire Inc. a Maryland-based cyber-security company, has just updated its line of FirePower appliances with more advanced malware protection software that can do “restrospective alerting,” said Alfred Huger, vice-president of development in SourceFire’s cloud technology group.
This means that suspicious files are exposed to a new kind of scrutiny: Not only are they examined as they first pass through the network, but they’re also given a pat-down before they leave it. FirePower will strip out attachments coming in— and out — over the Web or SMTP and identify anything suspicious. In security parlance, this is known as “forensic fingerprinting.”
Sourcefire customers, says Huger, are looking for more context on the state of their network security, including whether it has already been compromised. They’re demanding more than an intrusion protection system that will just “detect and drop things,” he said.
“We have a large backend, which is built here in Calgary, that does file and data analytics from several million end points and a number of other data sources,” explained Huger. “And what we’re looking for in the data are trends that would infer that a particular file is malicious."
Sourcefire will then go to customers running the FirePower platform and find out if the same file has turned up before.
The updated software that will run on the appliances, now in version 5.1.1, also provides intelligence on whether users on the network are going places that put them, and therefore their company, at risk, added Huger. The platform has been upgraded with better visualization tools and dashboards that give security administrators quick insight into potential problems, according to the company.
Sourcefire also announced it was expanding the range of its FirePower 700 intrusion detection hardware, adding in three more appliances with 50 Mbps, 100 Mbps and 250 Mbps capacities. The company’s highest performance FirePower appliance runs at more than 40 Gbps, and the smaller models are aimed at giving companies more flexibility in their infrastructure, said Huger.
For example, some bigger clients might be running the higher performance boxes, “but they also have branch offices that don’t need that sort of heavy iron, necessarily,” he said.
Prices for existing customers that want to buy the advanced malware protection start at $1,599 USD a year, while new customers can purchase it together with the appliances, with prices beginning just under $20,000 USD.