Sourcefire brings big security data to IT departments

Security-software company Sourcefire is trying to help large-enterprise IT teams leverage big data analytics in fighting malware. A new product, called FireAMP, utilizes a cloud-based approach to detecting malware and letting IT teams dig deep to find out how malware entered the system, where it is now, and what damage it might have done.

FireAMP is essentially an enterprise version of Sourcefire’s consumer-based Immunet product we covered in November. Sourcefire utilizes big-data tools such as Hadoop and some homegrown software to store and analyze security data across potentially millions of customer endpoints. Sourcefire Chief Clou Scientist Zulfikar Ramzan told me FireAMP builds on top of what’s in place for Immunet to give enterprises the capabilities they need that consumers typically do not.

Sample FireAMP Malware Heat Chart

By utilizing FireAMP’s built-in analytics features and cloud-based backend, IT teams “can really deal with the source of the problem rather than the ultimate symptoms,” Ramzan said. They might do this by simply tracking the movement of a piece of malware, or they could drill deeper to determine how their experience compares with that of others, or whether there’s activity within a certain subset of users that’s leading to malware being present. With every piece of information discovered, he explained, organizations can make themselves and their security systems smarter to prevent similar occurrences from happening.

That big data and security data are a great match isn’t news, but this is the next step in the process of merging the two. Giving users the tools and data sets necessary to analyze data relevant to them rather than simply making users rely on what their security vendors are discovering in aggregate should be a welcome capability.