Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Razorback Provides Multi-Vendor Threat Detection Collaboration

Sourcefire : 29 July, 2010  (New Product)
The latest in open source threat detection from Sourcefire ties the threat collection and detection capabilities of multiple vendor solutions together for enhanced protection capabilities
Sourcefire has announced Razorback, an open source framework designed to deliver deep inspection capabilities for combating today's most complex threats. In addition, Razorback has the ability to link together an organization's detection investments and maximize their effectiveness -- providing greater visibility and intelligence into the threats detected by a variety of security solutions. Developed to help coordinate the response against Advanced Persistent Threats (APT), Razorback enables users to easily collect, analyze and store threat data from disparate technologies, so that they can implement customized enterprise- and threat-specific detection and remediation.

'The fear attributed to the common computer security breach has been elevated by the concept of an adaptive persistent adversary (APA) and the potential for multiple advanced persistent threat (APT) vectors,' explains Andrew Hay, Senior Analyst at The 451 Group. 'We are pleased to see this evolutionary step in the right direction, and hope it is the first of many.'

¬Razorback's goal is to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Intelligence Driven Response (IDR) processes using custom built and existing security tools (anti-virus, IDS, gateways, email, etc.). IDR goes beyond traditional incident response. It allows users to drive the information learned about specific attackers back into their security infrastructure for a truly customizable response to human adversaries. Razorback provides deep analysis and reporting by storing, in full, every piece of data identified that could indicate a compromise or attack and specifically highlights the components of that data which cause the system to trigger an alert. Additionally, Razorback enables targeted forensics information on common attack vectors.

"Open source is at the core of everything Sourcefire does, and Razorback is the latest innovation providing users with the ability to protect themselves from today's sophisticated threats," said Martin Roesch, Founder and CTO of Sourcefire and Creator of Snort. "Sourcefire is known for pushing the detection envelope and Razorback's near-real time detection and analysis engine delivers a timely solution for addressing client-side malware and attacks. We leveraged this knowledge to provide a framework that can tie together disparate security technologies and convert intelligence gathered on attacker methodology into detection and remediation capabilities."

The innovative Razorback framework performs detection in near-real time (in terms of seconds), allowing for in-line blocking on "store and forward" services, such as email services or web proxies, and providing timely alerts in the event of an attack. It also provides enterprises with the ability to convert intelligence gathered on attacker methodology into detection capabilities, enabling them to rapidly develop and protect against targeted threats or Zero-Day vulnerabilities.

"Razorback was designed to address the current challenges of today's threat landscape where attackers are specifically creating attacks to avoid off the shelf tools and technologies," said Matt Watchinski, Senior Director of the Sourcefire Vulnerability Research Team (VRT). "The power is in combining the intelligence of an organization's security infrastructure with fast and detailed analysis. By providing advanced detection capabilities for uncovering highly obfuscated, difficult-to-detect attacks along with detailed output, Razorback gives response teams a head start on analyzing attacks."

A simple interface allows enterprises to integrate and extend functionality quickly and easily. Sourcefire will continue to develop additional capabilities and publish data collectors, detection engines, analysis software and output handlers to maximize the value of Razorback and encourage innovation from the open s¬ource community. Like other open source technologies, Razorback is available at no charge.

Sourcefire is scheduled to speak at DEFCON, August 1, 2010 at 3 p.m. To learn more about Razorback, journalists are invited to attend the session: Open Source Framework for Advanced Intrusion Detection Solutions.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo