Security software vendor Sourcefire announced today a new kind of endpoint security solution called FireAMP that couples the power of big data analytics with real-time threat detection and prevention. The idea is to use what is happening around the Internet in real time to lock down Windows endpoints and prevent them from running malware.
As you can imagine, this is not a completely new concept. Network Box gathers intelligence from data collected around the world at major Internet peering points. What is new is the ability to take this intelligence and remove the infection from the actual endpoint. The catch is that you have to run Sourcefire’s agents on every endpoint on your network. And if you have non-Windows endpoints, you will have to wait: the company is planning on widening its net but right now only Windows is instrumented.
One of the more interesting features is called File Trajectory. This tracks file movement within the enterprise, allowing organizations to identify the entry point and propagation path of malware. As you see from the below display, you have a list of every endpoint that has touched a particular file.
You can get more information about FireAMP here. Prices start at $30 per seat annually. This single price includes 24×7 platinum technical support, all maintenance releases and content updates, the Sourcefire hosted FireAMP Management Console, and access to Sourcefire’s FireCLOUD analytics platform.