Powered by Max Banner Ads
Malware sandboxing is becoming a common protection method for detecting advance persistent threats or new stealthy malware. Malware analysis using sandboxing has been around for many years but was primarily used by anti-virus companies or malware researchers. Fireeye was able to commercialize this technology and bring it into mainstream. IT and Security departments are able to utilize this technology to detect and respond to malicious threats.
While Fireeye has been the market leader in this space there are Fireeye competitors. Below are a list of Fireeye competitors.
In early 2013 McAfee acquired the ValideEdge Sandboxing technology from Lynuxworks. This gives McAfee a viable anti-malware solution. What sets this solution apart from the competition is the level of integration that McAfee is able to do with other technologies. For example, instead of needing a sandbox appliance at every egress and ingress point McAfee can integrate the solution with its Network Security Platform (IPS). The IPS can forward files that have passed to the sandbox for malware analysis. By also integrating the solution with the McAfee ePO console and endpoint security products McAfee can also submit samples, identify what other systems may have been compromised and provide remediation to infected devices.
McAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch antivirus signatures, reputation, and real-time emulation defenses with in-depth static code and dynamic, malware analysis (sandboxing) to analyze the actual behavior of malware. Combined, this represents the strongest advanced anti-malware technology in the market, and effectively balances the need for both security and performance.
With the addition of Advanced Threat Defense to the McAfee security portfolio, McAfee addresses the three key requirements to solve today’s advanced malware problem: find, freeze, and fix. Advanced Threat Defense finds advanced malware and integrates with McAfee network security solutions to freeze the threat, while McAfee Real Time initiates a fix or remediation actions.
Sourcefire has advanced malware protection with the Fireamp product line. The Fireamp products consist of a network, host based and cloud based solution. Of most interest here is the cloud based sandbox technology. Sourcefire is utilizing the Joe Sandbox (more information below) web based service for its cloud based malware analysis.
Sourcefire’s Advanced Malware Protection cloud-based sandbox helps organizations address the malware threat by augmenting protection, improving visibility and enhancing control.
How it works:
- On a daily basis Sourcefire analyzes hundreds of thousands of malware samples in its sandbox infrastructure.
- Sourcefire’s cloud-based sandbox safely executes and analyzes files for malicious behavior and other indicators of compromise. File formats include: Windows Portable Executable (e.g., .exe, .dll, etc.), Adobe PDF, Adobe Flash and Microsoft Office files.
- Customers collectively benefit from the analysis of all these files. Users can access analysis results and also search to find out if a file has already been analyzed and, if so, view the analysis report immediately.
- The resulting analyses can be used to determine whether the file’s intent was malicious, what actions it might have performed in a given environment, what artifacts might be related to the file (e.g., companion files and malicious hosts on the Internet), as well as other indicators of compromise.