The cloud can be a very effective tool for helping to immunize PCs against malware, just ask Sourcefie.
Sourcefire (NASDAQ:FIRE) first debuted their ClamAV for Windows Desktop solution in March of 2010 as a way to help Windows users secure their PCs. Initially, the ClamAV for Windows solution included elements of the open source ClamAV scanning solution and proprietary bits from Immunet. Sourcefire acquired Immunet for $21 million in January of this year, bringing all of the technology together. In February of this year, the newly integrated solution was rebranded as Immunet 3.0 and this week Sourcefire announced a major milestone for the AV software.
According to Sourcefire, there are now 2 million active users of the Immunet 3.x solution. Zulfikar Ramzan, Sourcefire’s Chief Scientist for the Immunet product told InternetNews.com that he’s pleased with the usage numbers, since most of it has come from word of mouth.
The Immunet solution is available in both a free version as well as a paid version. The majority of the two million users according to Ramzan, are free users. The paid version provides additional scanning capabilities that supplements the free version.
One of the key differentiators for Immunet is that it is intended and able to run alongside other AV solutions. Typically AV vendors require users to uninstall other AV solutions and don’t allow for multiple solutions to be running simultaneously. According to Ramzan, half of Immunet’s users run the AV tool alongside other anti-virus solutions. While some of those existing AV installations are free software, there are also a lot of users that use Immunet alongside existing paid AV software.
“People are augmenting their protection whether it’s free or paid, they just install us to get the extra layer of security on top,” Ramzan said. “We’re definitely seeing quite a few threats on systems that are already running anti-virus software.”
According to Ramzan, the reason why Sourcefire’s Immunet solution is able to find additional threats has a lot to do with data intelligence. The Immunet solution uses the power of the cloud to collect and scan end points for possible malware infections.
“Since we’re cloud based, it turns out you can find a lot more threats if you look across the whole user base, instead of just looking at individual endpoints by themselves,” Ramzan said. “Somewhere between five to seven percent of detections come from the advanced analytics capabilities that are really unique to us.”
The cloud based approach might also well be the key to detecting advanced persistent threats (APT). In Ramzan’s view, the term ‘APT’ is just a new name for a type of threat that is not new.
“It used to be the case that you had a small number of threats on a large number of machines, now we’re seeing a large number of threats on a small number of machines,” Ramzan said. “That’s why we have heuristic technology for threats that don’t have signatures and we employ techniques like machine learning that is data driven to able to find those new threats.”
Moving forward, Sourcefire is currently working on then next generation Immunet 4.0 solution that will move to include enterprise features to the product. Ramzan noted that the client piece will be the same in Immunet 4.0 for both consumer and enterprise releases. The enterprise release will layer additional reporting and management capabilities for corporate users.