Security

iboss FireSphere Adds Network Anomaly Monitoring to APT Functions

• By Dian Schaffhauser
• 02/11/15

A security technology company has upgraded one of its tools to flag malware that may already be working inside the network. iboss, which last fall released FireSphere, its advanced persistent threat software, has enhanced it with new functionality.

FireSphere was launched with several features:

• Infection monitoring to detect and respond to malware in progress;
• Network baselining to establish the normal chain of activities in order to be able to spot anomalies;
• A device quarantine to fence off infected devices;
• A behavioral sandbox to detect, isolate and "dissect" malware and other kinds of attacks;
• Intrusion prevention through data inspection, network traffic scanning and SSL anomaly detection; and
• Signature and heuristic antivirus, which uses feeds from multiple sources to stay up on the latest malware.

The latest version uses technology developed by the company to perform anomaly monitoring on network traffic to expose more sophisticated and evasive forms of malware. The software compares previous data logs of network traffic to current traffic in order to "pinpoint" odd behavior or activities that can signal a compromise. Then it stops data transfer, quarantines the traffic and alerts network administrators.

The monitoring process examines device category, number of bytes in or out, number of connections being attempted, who owns the device and the intended destination, among other parameters.

The software can be deployed from the cloud or in appliance form.

"Organizations must have technology in place to mitigate loss if and when a network is compromised," said CEO Paul Martini. "FireSphere focuses on data movement across the network, particularly on outbound communication, to ensure organizations have complete insight into threats to immediately remediate potential problems."