Sourcefire announced Razorback, an open source framework designed to deliver deep inspection capabilities for combating today’s most complex threats.
Developed to help coordinate the response against Advanced Persistent Threats (APT), it enables users to easily collect, analyze and store threat data from disparate technologies, so that they can implement customized enterprise- and threat-specific detection and remediation.
Razorback’s goal is to act as an overlay solution and deliver centralized correlation, analysis and action by coordinating Intelligence Driven Response (IDR) processes using custom built and existing security tools (anti-virus, IDS, gateways, email, etc.). IDR goes beyond traditional incident response. It allows users to drive the information learned about specific attackers back into their security infrastructure for a truly customizable response to human adversaries.
Razorback provides deep analysis and reporting by storing, in full, every piece of data identified that could indicate a compromise or attack and specifically highlights the components of that data which cause the system to trigger an alert. Additionally, it enables targeted forensics information on common attack vectors.
The Razorback framework performs detection in near-real time (in terms of seconds), allowing for in-line blocking on “store and forward” services, such as email services or web proxies, and providing timely alerts in the event of an attack. It also provides enterprises with the ability to convert intelligence gathered on attacker methodology into detection capabilities, enabling them to rapidly develop and protect against targeted threats or Zero-Day vulnerabilities.
Sourcefire will continue to develop additional capabilities and publish data collectors, detection engines, analysis software and output handlers to maximize the value of Razorback and encourage innovation from the open source community. Like other open source technologies, Razorback is available at no charge.