Вы находитесь на странице: 1из 6

Sourcefire FireAMP

Advanced Malware Protection for Endpoints, Mobile Devices and Virtual Systems

Sourcefire FireAMP is the only solution that goes beyond point-time-detection to provide you the level of visibility and control you need to stop advanced threats missed by other security layers. FireAMP is an intelligent, enterpriseBenefits

class advanced malware analysis and protection solution that uses a telemetry model that leverages big data and advanced analytics to detect, track, analyze, control and block advanced malware outbreaks across endpoints, virtual systems and mobile devices.

visibility Complete to track and analyze control Robust capabilities to stop the spread and communication of malware malware

Continuous detection of malware - immediately and retrospectively

Comprehensive Advanced Malware Protection


Companies struggle to find a solution that can effectively address the full lifecycle of the advanced malware problem, providing protection, incident response and remediation against the latest threats without over-burdening the budget or sacrificing operational efficiency. Part of the challenge resides in the lack of continuity and intelligence that exists between detect/blocking technologies and incident response/remediation technologies.

extends Protection across virtual systems with Integration Sourcefire AMP for networks and mobile devices

Often, this lack of intelligence can leave an organization blind to the full extent and depth of an outbreak, causing incident response and remediation efforts to begin well after an outbreak. In addition, lack of continuity can cause infected systems and root causes to be missed during these efforts, leading to an endless cycle of reinfection.

Sourcefire FireAMP

As a result, security professionals often dont have visibility into the scope of advanced malware in their network, struggle to contain and remediate it after an outbreak and are unable to address fundamental questions needed to be effective:

What was the method and point of entry? Can I stop the threat and root cause? What systems were affected? How do we recover from it? What did the threat do? How do we prevent it from happening again?
FireAMP Discovers, Analyzes and Blocks Advanced Malware
FireAMP delivers a lattice of detection capabilities combined with big data analytics and continuous analysis to determine if advanced malware is on your network. Sophisticated machine learning techniques evaluate more than 400 characteristics associated with each file to analyze and block advanced malware. The combination gives you detection capabilities that go Continuous Analysis Vs Point-in-time beyond traditional point-in-time detection, allowing FireAMP to also retrospectively detect files that become malicious after the initial point of entry. With FireAMP, its easy to see if advanced malware is a problem by reviewing powerful dashboards, charts and reports.

Dashboard gives a quick overview of Heat Map shows which systems High Risk Computers shows systems Threat Root Cause shows top
already infected with advanced malware. applications introducing malware. advanced malware that may be unique. require immediate attention. trouble spots.

Advanced Persistent Threats shows


Dashboards with Indications of Compromise

Global Data shows how your environment compares with anonymous data
from other users around the world.

SOURCEFIRE FIREAMP

Visibility to See More than Ever Before


Todays malware is more sophisticated than ever. Evolving quickly, it can evade discovery once it has compromised a system, while providing a launching pad for a persistent attacker to move laterally within an organization.

What was the method and point of entry? What systems were affected?
Powerful innovations like FireAMP File Trajectory and Device Trajectory leverage Sourcefires big data analytics and continuous analysis capabilities to show you the systems impacted by malware, including patient-zero and the root causes associated with a potential compromise. This helps to quickly understand the scope of the problem by identifying malware gateways and the path attackers are using to gain a broader foothold into other systems.

Deep Analysis with Device Trajectory

What did the threat do?


FireAMP File Analysis, backed by the Sourcefire VRT (Vulnerability Research Team), provides a safe, secure sandbox environment to analyze the behavior of malware and suspect files. File Analysis produces detailed information on file behavior; the severity of behaviors, the original file name, screen shots of the malware executing and sample packet captures. Armed with this information, youll have a better understanding of what is necessary to contain the outbreak and block future attacks. Device Trajectory further aids in quick analysis of threat activity on a computer by tracking file and network activity at the endpoint in chronological order. This gives you complete visibility into the events that occurred leading up to and following a compromise, including parent processes, connections to remote hosts and unknown files that may have been downloaded by malware.
File Analysis

SOURCEFIRE FIREAMP

Can I stop the threat and root causes? Can we prevent it from happening again?
FireAMP Outbreak Control gives you a suite of control capabilities to effectively stop the spread of malware and malware related activities, like call-back communications or dropped file execution, without waiting for updates from your security vendor. This gives you the power to move directly from investigation to control with a few mouse clicks, significantly reducing the time a threat can have to spread or do more damage and the time it normally takes to put controls in place.
Tool Simple Custom Detections Advanced Custom Signatures Application Blocking Lists When to use Quickly block a specific file across all or select systems Effectively block families of polymorphic malware Enforce application policies or contain a compromised application being used as a malware gateway Keep safe, custom or mission critical applications running no matter what Stop call-back communications at the source, especially for remote endpoints outside the corporate network Benefits Fast and specific, no wasted time or effort Get ahead of a dynamic invader before it can change to evade detection Easy way to stop the re-infection lifecycle Keep the right applications running Sourcefire VRT powered IP blacklists

Custom White Lists Device Flow Correlation

A powerful innovation called Cloud Recall automatically remediates systems without a full scan. The technology continuously cross-references files analyzed in the past against the latest threat intelligence and quarantines any files previously deemed clean or unknown that are now known to be a threat. With Sourcefires

FireAMP Extends Advanced Malware Protection Across Networks, Virtual Systems and Mobile Devices
FireAMP Virtual FireAMP Mobile

FireAMP Virtual is one of the first virtual security products to use big data analytics for increased security intelligence across virtual environments. FireAMP Virtual simplifies defensein-depth requirements to address advanced malware by eliminating the need for traditional anti-virus (AV) security layers which can add significant performance and resource constraints on virtual machines.

FireAMP Mobile delivers the real-time visibility and control you need to secure against threats targeting Android-based devices. FireAMP Mobile relies on cloudbased detection capabilities to quickly analyze Android applications for possible threats in real time. With this visibility, you can quickly understand which systems are infected and which applications are introducing the malware.

host-based Advanced Malware Detection/ Prevention, nextgeneration network security offerings, and cloud-based big data intelligence and analytics, Sourcefire offers an enterpriseclass security architecture. This will likely make Sourcefire extremely popular with CISOs and large organizations.
Jon Oltsik, Senior Principal
Analyst, Enterprise Security Group

SOURCEFIRE FIREAMP

FireAMP integrates with Sourcefires Advanced Malware Protection for FirePOWER as well as Sourcefires dedicated Advanced Malware Protection (AMP) appliance to deliver comprehensive protection across extended networks and endpoints. Both AMP solutions for the network enable inline malware detection/blocking, continuous analysis and retrospective alerting and leverage Sourcefires vast cloud security intelligence to deliver the following benefits:

Detection and blocking of malware infected files attempting to enter or Continuous analysis and subsequent retrospective alerting of infected files Tracking of malware that has entered the network; identifying point of entry, Correlation of malware related events with broader security events and Identification and control of employee-owned devices (BYOD) on the
network propagation, protocols used, users and host affected contextual data to provide a comprehensive picture of malicious activity in the event malware determination changes after initial analysis traverse the network

Enterprise-ready to Scale Protection


Manageability: FireAMP Console provides complete management, deployment, policy configuration and reporting for Windows systems, mobile devices and virtual systems. Performance: FireAMP, FireAMP Virtual and FireAMP Mobile leverage lightweight connector architectures, requiring less storage, computation and memory than other security solutions, speeding protection against attacks. FireAMP Virtual leverages VMwares vShield EPSEC integration to deliver agentless protection, which maximizes performance, minimizes resource consumption and avoids possible AV storm conditions. Privacy: All FireAMP connectors use metadata for analysis. Actual files are not needed and not sent to the cloud for analysis.

SOURCEFIRE FIREAMP

Take the Next Step Toward Agile Security


To learn more about Sourcefire Advanced Malware Protection solutions contact a member of the Sourcefire Global Security Alliance today to view a demonstration, request an onsite evaluation, or schedule a meeting, or visit us at www.sourcefire.com for more information.

System Requirements:
FireAMP works with following operating systems.
FireAMP Software Requirements:

Microsoft Windows XP with Service Pack 3 or later Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008
FireAMP Virtual Software Requirements:

VMware vCenter Server 5 Patch 1 or vCenter Server 4.1


Patch 3:
ESXi 5.0 Patch 1 build 474610+

VMware vShield Manager 5,


minimum build 47379+:
447150+

ESXi 4.1 Patch 3 build 433742+

vShield Endpoint Loadable Kernel Module (LKM) 5.0.0-

VMware Tools 8.6.0 build 515842+: Installed on guest virtual machines via ESXi 5.0
Patch 1

FireAMP Mobile

Works with Android mobile devices (Android version 2.1 and above)

2013 Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, Agile Security and the Agile Security logo, ClamAV, FireAMP, FirePOWER, FireSIGHT and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. 5.13 | REV1B

SOURCEFIRE FIREAMP

Вам также может понравиться