Advanced Malware Protection for Endpoints, Mobile Devices and Virtual Systems
Sourcefire FireAMP™ is the only solution that goes beyond point-time-detection to provide you the level of visibility and control you need to stop advanced threats missed by other security layers. FireAMP is an intelligent, enterpriseBenefits
class advanced malware analysis and protection solution that uses a telemetry model that leverages big data and advanced analytics to detect, track, analyze, control and block advanced malware outbreaks across endpoints, virtual systems and mobile devices.
visibility • Complete to track and analyze control • Robust capabilities to stop the spread and communication of malware malware
Continuous detection of malware - immediately and retrospectively
Comprehensive Advanced Malware Protection
Companies struggle to find a solution that can effectively address the full lifecycle of the advanced malware problem, providing protection, incident response and remediation against the latest threats without over-burdening the budget or sacrificing operational efficiency. Part of the challenge resides in the lack of continuity and intelligence that exists between detect/blocking technologies and incident response/remediation technologies.
extends • Protection across virtual systems with • Integration Sourcefire AMP for networks and mobile devices
Often, this lack of intelligence can leave an organization blind to the full extent and depth of an outbreak, causing incident response and remediation efforts to begin well after an outbreak. In addition, lack of continuity can cause infected systems and root causes to be missed during these efforts, leading to an endless cycle of reinfection.
allowing FireAMP to also retrospectively detect files that become malicious after the initial point of entry. it’s easy to see if advanced malware is a problem by reviewing powerful dashboards. Sophisticated machine learning techniques evaluate more than 400 characteristics associated with each file to analyze and block advanced malware. With FireAMP. advanced malware that may be unique.
.As a result. security professionals often don’t have visibility into the scope of advanced malware in their network. trouble spots.
• Advanced Persistent Threats shows
Dashboards with Indications of Compromise
• Global Data shows how your environment compares with anonymous data
from other users around the world. charts and reports. applications introducing malware. struggle to contain and remediate it after an outbreak and are unable to address fundamental questions needed to be effective:
• What was the method and point of entry? • Can I stop the threat and root cause? • What systems were affected? • How do we recover from it? • What did the threat do? • How do we prevent it from happening again?
FireAMP Discovers. require immediate attention.
• Dashboard gives a quick overview of • Heat Map shows which systems • High Risk Computers shows systems • Threat Root Cause shows top
already infected with advanced malware. Analyzes and Blocks Advanced Malware
FireAMP delivers a lattice of detection capabilities combined with big data analytics and continuous analysis to determine if advanced malware is on your network. The combination gives you detection capabilities that go Continuous Analysis Vs Point-in-time beyond traditional point-in-time detection.
File Analysis produces detailed information on file behavior. it can evade discovery once it has compromised a system. This gives you complete visibility into the events that occurred leading up to and following a compromise.Visibility to See More than Ever Before
Today’s malware is more sophisticated than ever. Armed with this information. connections to remote hosts and unknown files that may have been downloaded by malware. secure sandbox environment to analyze the behavior of malware and suspect files.
. backed by the Sourcefire VRT® (Vulnerability Research Team). including parent processes. Evolving quickly.
What was the method and point of entry? What systems were affected?
Powerful innovations like FireAMP File Trajectory and Device Trajectory leverage Sourcefire’s big data analytics and continuous analysis capabilities to show you the systems impacted by malware. Device Trajectory further aids in quick analysis of threat activity on a computer by tracking file and network activity at the endpoint in chronological order. while providing a launching pad for a persistent attacker to move laterally within an organization. the original file name. you’ll have a better understanding of what is necessary to contain the outbreak and block future attacks. screen shots of the malware executing and sample packet captures. provides a safe. the severity of behaviors.
Deep Analysis with Device Trajectory
What did the threat do?
FireAMP File Analysis. This helps to quickly understand the scope of the problem by identifying malware gateways and the path attackers are using to gain a broader foothold into other systems. including patient-zero and the root causes associated with a potential compromise.
significantly reducing the time a threat can have to spread or do more damage and the time it normally takes to put controls in place. like call-back communications or dropped file execution. Senior Principal
Analyst. no wasted time or effort Get ahead of a dynamic invader before it can change to evade detection Easy way to stop the re-infection lifecycle Keep the right applications running Sourcefire VRT powered IP blacklists
Custom White Lists Device Flow Correlation
A powerful innovation called Cloud Recall automatically remediates systems without a full scan. This gives you the power to move directly from investigation to control with a few mouse clicks. “With Sourcefire’s
FireAMP Extends Advanced Malware Protection Across Networks.Can I stop the threat and root causes? Can we prevent it from happening again?
FireAMP Outbreak Control gives you a suite of control capabilities to effectively stop the spread of malware and malware related activities. you can quickly understand which systems are infected and which applications are introducing the malware. without waiting for updates from your security vendor.
Tool Simple Custom Detections Advanced Custom Signatures Application Blocking Lists When to use Quickly block a specific file across all or select systems Effectively block families of polymorphic malware Enforce application policies or contain a compromised application being used as a malware gateway Keep safe. custom or mission critical applications running no matter what Stop call-back communications at the source. Virtual Systems and Mobile Devices
FireAMP Virtual FireAMP Mobile
FireAMP Virtual is one of the first virtual security products to use big data analytics for increased security intelligence across virtual environments. The technology continuously cross-references files analyzed in the past against the latest threat intelligence and quarantines any files previously deemed clean or unknown that are now known to be a threat. “
Jon Oltsik. nextgeneration network security offerings. FireAMP Mobile relies on cloudbased detection capabilities to quickly analyze Android applications for possible threats in real time. and cloud-based big data intelligence and analytics.
FireAMP Mobile delivers the real-time visibility and control you need to secure against threats targeting Android-based devices. This will likely make Sourcefire extremely popular with CISOs and large organizations. Sourcefire offers an enterpriseclass security architecture. Enterprise Security Group
. FireAMP Virtual simplifies defensein-depth requirements to address advanced malware by eliminating the need for traditional anti-virus (AV) security layers which can add significant performance and resource constraints on virtual machines. especially for remote endpoints outside the corporate network Benefits Fast and specific. With this visibility.
host-based Advanced Malware Detection/ Prevention.
minimizes resource consumption and avoids possible AV storm conditions. users and host affected contextual data to provide a comprehensive picture of malicious activity in the event malware determination changes after initial analysis traverse the network
Enterprise-ready to Scale Protection
Manageability: FireAMP Console provides complete management. policy configuration and reporting for Windows systems. which maximizes performance.
. continuous analysis and retrospective alerting and leverage Sourcefire’s vast cloud security intelligence to deliver the following benefits:
• Detection and blocking of malware infected files attempting to enter or • Continuous analysis and subsequent retrospective alerting of infected files • Tracking of malware that has entered the network. identifying point of entry. • Correlation of malware related events with broader security events and • Identification and control of employee-owned devices (BYOD) on the
network propagation. Privacy: All FireAMP connectors use metadata for analysis. FireAMP Virtual and FireAMP Mobile leverage lightweight connector architectures. mobile devices and virtual systems. speeding protection against attacks.FireAMP integrates with Sourcefire’s Advanced Malware Protection for FirePOWER® as well as Sourcefire’s dedicated Advanced Malware Protection (AMP) appliance to deliver comprehensive protection across extended networks and endpoints. FireAMP Virtual leverages VMware’s vShield EPSEC integration to deliver agentless protection. Performance: FireAMP. Both AMP solutions for the network enable inline malware detection/blocking. protocols used. requiring less storage. Actual files are not needed and not sent to the cloud for analysis. deployment. computation and memory than other security solutions.
or schedule a meeting.1 Patch 3 build 433742+
»» vShield Endpoint Loadable Kernel Module (LKM) 5.0
Works with Android mobile devices (Android version 2.13 | REV1B
. FireAMP. 5. ClamAV. Inc. the Snort and Pig logo.sourcefire. product and service names may be trademarks or service marks of others.6. FireSIGHT and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire.
FireAMP works with following operating systems. Snort.0-
• VMware Tools 8.
minimum build 47379+:
»» ESXi 4. in the United States and other countries.0 Patch 1 build 474610+
• VMware vShield Manager 5.1
»» ESXi 5. Other company.com for more information.0. Agile Security and the Agile Security logo. the Sourcefire logo. or visit us at www. request an onsite evaluation.1 and above)
©2013 Sourcefire.0 build 515842+: • Installed on guest virtual machines via ESXi 5.Take the Next Step Toward Agile Security®
To learn more about Sourcefire Advanced Malware Protection solutions contact a member of the Sourcefire Global Security Alliance™ today to view a demonstration.
FireAMP Software Requirements:
• Microsoft Windows XP with Service Pack 3 or later • Microsoft Windows Vista • Microsoft Windows 7 • Microsoft Windows Server 2003 • Microsoft Windows Server 2008
FireAMP Virtual Software Requirements:
• VMware vCenter Server 5 Patch 1 or vCenter Server 4. FirePOWER.