fireamp presentation
DESCRIPTION
FireAMP is Sourcefire's malware protection with "big data" technology to combat new and unknown threats.TRANSCRIPT
![Page 1: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/1.jpg)
AGILE SECURITY™:Security for the Real World
Doak AdamsFireAMP Specialist
Prepared for:
![Page 2: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/2.jpg)
Advanced Malware Protection
![Page 3: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/3.jpg)
33
Introducing FireAMP
The only way to get the visibility & control needed to fight threats missed by other
security layers.
![Page 4: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/4.jpg)
44
Our Approach to Advanced Malware
Lightweight Connector• Watches file actions• Fingerprint & attributes
Web Console
• Transaction Processing• Analytics• Intelligence
Mobile Connector• Watches for apps• Fingerprint & attributes
Virtual Connector• “VMWare Vshield • One instance per Host
![Page 5: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/5.jpg)
55
Visibility▸ Which endpoint was infected first?▸ How did we get infected?▸ How extensive is the outbreak?▸ How does the malware behave?
Control▸ What is needed to recover?▸ Can we stop the outbreak?
How do you Fight Advanced Malware?(Also Unknown, APT, Zero Day)
![Page 6: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/6.jpg)
66
Spotlight: File Trajectory
Fingerprint
Visibility
Droppers
Malware “Flight Recorder” shows:
Entry Point
![Page 7: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/7.jpg)
77
FireAMP File AnalysisDeep Insight into Malware Behavior
![Page 8: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/8.jpg)
88
Spotlight: Outbreak Control
Tool How it Works When to Use
Simple Custom Detections
Cloud-based, uses SHA or original file Fastest way to block specific malware.
Advanced Custom Signatures
Client-based, uses advanced techniques (e.g. offsets, wildcards, regular expressions)
Useful for families of malware or to close gap when waiting on sig. from security vendor
Application Blocking Lists
Cloud-based, uses SHA or original file Blocks execution of applications based on group policy (e.g. no Skype in HR) – good for Zero Day
Custom Whitelists Cloud-based, uses SHA or original file Prevent false positives on trusted apps and standard images
Create custom protection policies to stop outbreaks without updates
Cloud Recall quarantines malware based on past exposure
![Page 9: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/9.jpg)
Collective Security Intelligence
Private & PublicThreat Feeds
Honeypots
Advanced Microsoft & Industry Disclosures
50,000 MalwareSamples per Day Snort® & ClamAV™
Open SourceCommunities
SourcefireAEGIS™ Program
SourcefireFireCLOUD™
IPS Rules
MalwareProtection
IP & URLBlacklists Vulnerability
DatabaseUpdatesSourcefire
VulnerabilityResearch
Team
Global Visibility Through Open Community
![Page 10: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/10.jpg)
1010
FireAMP IPS Integration
Security Intelligence Integration of End Point <> Network
● FireAMP Events to Defense Center
• Transaction Processing• Analytics• Intelligence
![Page 11: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/11.jpg)
1111
FireAMP > Defense Center
![Page 12: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/12.jpg)
FireAMP > Defense Center
![Page 13: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/13.jpg)
1313
FireAMP>Defense Center
![Page 14: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/14.jpg)
1414
Revolutionary Approach to the Problem Known/Unknown Malware Visibility Known/Unknown Malware Control Security Intelligence is Key
Conclusion
![Page 15: FireAMP Presentation](https://reader034.vdocuments.mx/reader034/viewer/2022051615/552e4ffb5503461f168b4975/html5/thumbnails/15.jpg)
1515
Questions?