This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Sourcefire boosts remediation technology with trajectory and indictators of compromise features

Share this article:

Sourcefire has added file detection and trajectory software to its advanced malware protection portfolio to allow visibility of threats for remediation.

It said that the cloud-based technology gives users detailed visibility into malware attack activity and enables them to detect, remediate and control malware outbreaks.

Two types of trajectory capabilities are offered: Network File Trajectory that it said allows malware to be tracked across the network with detailed information given on point of entry, propagation, protocols used and which users or endpoints are involved; and Device Trajectory, which builds upon existing endpoint file trajectory capabilities to deliver critical analysis of system level activities, file origination and file relationships for root cause and forensic analysis.

Speaking to SC Magazine, Sean Newman, field product manager EMEA at Sourcefire, said that a major problem in remediation is on when malware gets in undetected, knowing what to look for and how it acted.

He said: “We focus on the trajectory within the network and understanding where the files go and keep track of them in future. It is about stopping malware propagation and finding indicators of compromise.

“Often with advanced attacks, you cannot see it and cannot do anything about it. Once you have determined it to be bad, the trajectory can do something about it. The real forensic part is when it is known to be bad, you can look into devices to see what it is doing and specify malware when it starts to run.”

Also added are Indicators of Compromise and Device Flow Correlation capabilities, which Sourcefire claims enable users to correlate seemingly benign and unrelated events, while also monitoring device activity and communications to uncover potential malware. Newman said that the Indicators of Compromise technology works with Sourcefire's cloud and Big Data backend to see what was impacted.

Asked if this was using signatures, Newman said it was not and instead looks for common malware behaviours and correlates it to the backend database. “We use the malware to find a bad file, or the cloud looks at all the files that we know and we can tell the state of the malware and the user will get an alert and can do something about it,” he said.

The device flow correlation technology looks at network-based connections to make a determination of what was compromised. According to the company, this helps determine whether a system may have been compromised by providing users with a prioritised list of potentially compromised devices and helping control malware proliferation on endpoints outside the protections of a corporate network.

Martin Roesch, Sourcefire founder and CTO, said: “Even organisations which are diligent in their security measures realise that breaches are entirely too likely in the face of modern threats and they need solutions that help them deal with malware before, during and after an attack.

“The enhanced trajectory features in our Advanced Malware Protection portfolio provide customers with decisive insight when a breach occurs and extend Sourcefire's innovative retrospective security with the ability to immediately locate and eradicate malicious files everywhere they surface.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...