Sourcefire has bolstered its cyber-security arsenal with the release of Razorback, an open source security framework designed to deliver 'deep inspection' functionality. The new product is designed to collect, analyze and store threat data from disparate technologies, so that customized enterprise- and threat-specific detection and remediation can be implemented.
As the company behind the Snort open source network intrusion prevention and detection system, Sourcefire says it is aiming for Razorback to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Intelligence Driven Response (IDR) processes using custom built and existing security tools (anti-virus, IDS, gateways, email, etc.).
According to Sourcefire, "IDR goes beyond traditional incident response. It allows users to drive the information learned about specific attackers back into their security infrastructure for a truly customizable response to human adversaries. Razorback provides deep analysis and reporting by storing, in full, every piece of data identified that could indicate a compromise or attack and specifically highlights the components of that data, which cause the system to trigger an alert. Additionally, Razorback enables targeted forensics information on common attack vectors."
This type of cyber-security development is still relatively new, so we await its industry response and the wider reaction from software developers focused on building the security fabric of the organizations that they work for. As new adaptive persistent adversary (APA) threats becomes more prevalent, our ability to build attacker methodology profiles and malicious code detection capabilities in general will be crucial in terms of protecting against targeted threats and zero-day vulnerabilities.
"Razorback was designed to address the current challenges of today's threat landscape where attackers are specifically creating attacks to avoid off the shelf tools and technologies," said Matt Watchinski, senior director of the Sourcefire Vulnerability Research Team. "The power is in combining the intelligence of an organization's security infrastructure with fast and detailed analysis. By providing advanced detection capabilities for uncovering highly obfuscated, difficult-to-detect attacks along with detailed output, Razorback gives response teams a head start on analyzing attacks."
Razorback is available at no charge.