Organizations are facing the most sophisticated and damaging wave of threats ever seen.
Utilizing advanced malware and targeted threats, attackers take advantage of any gaps in network protection to accomplish their mission. Adding complexity, today’s networks extend beyond an organization’s physical walls to Internet-connected endpoints, mobile devices and virtual environments, creating an explosion of attack vectors. It’s no longer enough to focus solely on blocking and detection to defend against these cunning threats. Organizations need solutions that address the full attack continuum – before, during and after an attack.
With Sourcefire's dedicated Advanced Malware Protection (AMP) appliance now you can:
Key capabilities include:
Inline malware detection/blocking: Identify individual files as they cross the wire, create a fingerprint of the file, check that fingerprint against the Sourcefire collective security intelligence cloud to determine if the file is benign, unknown or malicious, and remediate according to your organization’s policies.
Continuous analysis: Track where a file has been and continue to analyze the file and how it is behaving if the file is unknown or even if the file has been previously deemed safe.
Retrospective alerting: Alert on files previously seen and thought to be safe but now, according to the latest threat information and analysis, are identified as malicious. Utilize targeted host and file analysis fingerprint information to speed remediation.
Network File Trajectory: Track malware and suspicious files across the network using existing Sourcefire sensors; providing detailed information on point of entry, propagation, protocols used, and which users or endpoints are involved.
Real-time cloud security intelligence: Leverage Sourcefire intelligence feeds to automatically update blacklists to block communication to malicious sites including not only malware Command and Control servers, but also to spam, phishing, botnet, and open proxies and relay sources.
Complete protection: Extend advanced malware protection from the network to end-devices, mobile and virtual by integrating with Sourcefire FireAMP. Gain greater visibility into malware impact, trajectory and correlate information to identify and remediate attacks from both perspectives; whether those devices are on or off the corporate network.