Network IPS technology originally was just about protecting enterprises from intrusion. The definition of IPS has evolved in recent years and now IPS vendor Sourcefire is adding malware protection to the list of IPS capabilities.
The Sourcefire FirePOWER product lineup was initially launched in April of 2011 with the 40 Gbps 3D8260 platform. The FirePOWER lineup is now being expanded with new software as well as new hardware platforms.
From a hardware perspective the 3D8000 series is being supplemented by three new FirePower 7000 series boxes, the FirePOWER 7010 with 50 Mbps throughput, the FirePOWER 7020 has 100 Mbps and the FirePOWER 7030 deliver 250 Mbps of throughput.
The new malware detection capability is delivered by way of Sourcefire’s cloud. Zulfikar Ramzan, Chief Scientist, Cloud Technology Group at Sourcefire, explained to EnterpriseNetworkingPlanet that FireAMP is powered by complex cloud back-end that does advanced analytics to identify new malware.
“What we’re doing with this new release is we’re making that FireAMP intelligence capability available to our network appliances,” Ramzan said.
FireAMP was first announced at the beginning of this year and leverages technologies that Sourcefire obtained through the acquisition of Immunet in 2011 for $21 million. Until this week, FireAMP was primarily available as a standalone technology and not something that was deliverable or integrated with Sourcefire’s IPS portfolio.
“Sourcefire has a number of technologies in place to help our customers protect their information assets,” Ramzan said. “For some time, we’ve realized that our technologies are not disparate and that there is a symbiotic relationship among them.”
Ramzan noted that the risk of false positives can also be reduced, since Sourcefire now has more context on which to base decisions.
The FireAMP malware detection capability is an additional licensed feature that is available on top of the stock Sourcefire operating system, which is also being updated. Among the new features in the new Sourcefire 5.1.1 release is an enhanced file detection engine.
“Our file detection engine lets you see all file types, direction of transfer and protocol use,” David Stuart, Director of Product Marketing at Sourcefire explained. “So you can use that information create granular policy.”
Looking forward, Ramzan noted that the focus for Sourcefire will continue to be on gathering intelligence as well as improving the ability to react quickly on that intelligence.
“Today we’re able to gather data from the network and the endpoint side,” Ramzan said. “With our cloud backend we’re able to combine those two pieces of information and for the first time we’re providing customers with the benefit of that combination.”
“I’m willing to bet that we can now identify new network threats by combining these two views of the world,” Ramzan added.