Channels ▼
RSS

Tools

Sourcefire's Razorback Deep-Dive Threat Detection



Sourcefire has bolstered its cyber-security arsenal with the release of Razorback, an open source security framework designed to deliver 'deep inspection' functionality. The new product is designed to collect, analyze and store threat data from disparate technologies, so that customized enterprise- and threat-specific detection and remediation can be implemented.

As the company behind the Snort open source network intrusion prevention and detection system, Sourcefire says it is aiming for Razorback to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Intelligence Driven Response (IDR) processes using custom built and existing security tools (anti-virus, IDS, gateways, email, etc.).

According to Sourcefire, "IDR goes beyond traditional incident response. It allows users to drive the information learned about specific attackers back into their security infrastructure for a truly customizable response to human adversaries. Razorback provides deep analysis and reporting by storing, in full, every piece of data identified that could indicate a compromise or attack and specifically highlights the components of that data, which cause the system to trigger an alert. Additionally, Razorback enables targeted forensics information on common attack vectors."

This type of cyber-security development is still relatively new, so we await its industry response and the wider reaction from software developers focused on building the security fabric of the organizations that they work for. As new adaptive persistent adversary (APA) threats becomes more prevalent, our ability to build attacker methodology profiles and malicious code detection capabilities in general will be crucial in terms of protecting against targeted threats and zero-day vulnerabilities.

"Razorback was designed to address the current challenges of today's threat landscape where attackers are specifically creating attacks to avoid off the shelf tools and technologies," said Matt Watchinski, senior director of the Sourcefire Vulnerability Research Team. "The power is in combining the intelligence of an organization's security infrastructure with fast and detailed analysis. By providing advanced detection capabilities for uncovering highly obfuscated, difficult-to-detect attacks along with detailed output, Razorback gives response teams a head start on analyzing attacks."

Razorback is available at no charge.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video