Sourcefire FireAMP for Advanced Malware Protection
Sourcefire appliances were built using the Snort intrusion prevention system developed by Martin Roesch in 1998. Roesch is still with the company, which has built on top of the foundation with the Sourcefire Advanced Malware Protection (AMP) appliance. The company uses a crowdsourcing model to detect threats. Individual files are analyzed, fingerprinted and shared with other FireAMP users. The analysis engine checks suspicious files against 400 characteristics to detect malicious behavior. The appliance connects to blacklist feeds and can extend to mobile devices and virtual environments.