Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Sourcefire Uses Big Data Analytics To Stop Malware

Cyber security vendor Sourcefire's latest product uses big data analytics methods to search data to discover patterns in malware attacks and intervene to stop them. The release of FireAMP comes the same week that Cisco Systems released its fourth-quarter 2011 Global Threat Report detailing how pervasive the malware threat is to organizations.

Cisco reports that in the fourth quarter of 2011, enterprise users experienced an average of 339 Web malware encounters per month. For all of 2011 the average was 362 per month. Cisco also reports that 20,141 unique Web malware hosts were encountered per month in 2011, up from 14,217 in 2010.

FireAMP features five main capabilities to detect and block malware. FireCloud is a cloud-based infrastructure offering advanced detection capabilities and leveraging big data analytics to identify and score malware threats. File Trajectory tracks file movement within the enterprise, allowing organizations to identify the entry point and likely path the malware will take. File Analysis provides detailed information on malware behavior using the Sourcefire Vulnerability Research Team. Outbreak Control handles customer-defined detections that immediately block malware without requiring an update from an enterprise's security vendor. And Cloud Recall provides continuous in-the-cloud analysis of historical file activity to discover and remediate threats that were previously missed.

Sourcefire refers to "advanced malware," which it says has gotten more sophisticated in recent years. Gartner analysts Neil MacDonald and Peter Firstbrook note mass-propagated malware attacks being replaced by targeted attacks to fewer potential victims. The analysts also refer to the "dwell time" of malware attacks, in which a piece of malicious code can lie dormant on a network "for months or even years" before being activated and doing its damage.

Cisco released a study in July 2011 that documented the same trend of a decline in mass phishing attacks (a form of malware) and a rise in the volume of targeted attacks.

The new targeted variation of phishing is called spear phishing, which uses "customization methods superior to those used in mass attacks" and is likely to result in more people responding to the messages and being victimized, according to the report. The Cisco study said cyber criminals can actually make more money targeting a few victims that may have more resources to steal than targeting many people and making relatively little money per victim.

Big data is the industry term for the petabytes of data that are piling up inside of businesses and the analytics tools that are being deployed to manage that data, glean business intelligence from it, and, in the case of Sourcefire, use the technology to spot and block malware.

In December, the company started shipping its next-generation firewall built around its contextual-awareness technologies and delivering enterprise visibility, adaptive security and advanced threat protection. IDC says the main advantage of next-generation firewalls is the ability to granularly control application traffic by user. The additional visibility and awareness into behavioral patterns, hosts and operating systems help move the Sourcefire system beyond a signature-based approach.

Learn more about Data Encryption by subscribing to Network Computing Pro Reports (free, registration required).