Sourcefire has introduced a solution that enables users to tie together various threat collection and detection technologies.
Razorback, a framework for multi-vendor threat detection and protection which is designed to deliver deep inspection capabilities for combating today's most complex threats, is developed to help coordinate the response against advanced persistent threats.
Sourcefire said that Razorback enables users to easily collect, analyse and store threat data from disparate technologies, so that they can implement customised enterprise and threat-specific detection and remediation.
Matt Watchinski, senior director of the Sourcefire vulnerability research team, said: “Razorback was designed to address the current challenges of today's threat landscape where attackers are specifically creating attacks to avoid off the shelf tools and technologies.
“The power is in combining the intelligence of an organisation's security infrastructure with fast and detailed analysis. By providing advanced detection capabilities for uncovering highly obfuscated, difficult-to-detect attacks along with detailed output, Razorback gives response teams a head start on analysing attacks.”
Sourcefire explained that the goal of Razorback was to act as an overlay solution and deliver centralised correlation, analysis and action by coordinating intelligence driven response processes using custom built and existing security tools. It also provides deep analysis and reporting by storing every piece of data identified that could indicate a compromise or attack.
Martin Roesch, founder and CTO of Sourcefire and creator of Snort, said: “Open source is at the core of everything Sourcefire does, and Razorback is the latest innovation providing users with the ability to protect themselves from today's sophisticated threats.
“Sourcefire is known for pushing the detection envelope and Razorback's near real-time detection and analysis engine delivers a timely solution for addressing client-side malware and attacks. We leveraged this knowledge to provide a framework that can tie together disparate security technologies and convert intelligence gathered on attacker methodology into detection and remediation capabilities.”
The Razorback framework performs detection in near real-time, allowing for inline blocking on 'store and forward' services, such as email services or web proxies, and providing alerts in the event of an attack. According to Sourcefire, it also provides enterprises with the ability to convert intelligence gathered on attacker methodology into detection capabilities, enabling them to rapidly develop and protect against targeted threats or zero-day vulnerabilities.