I love sourcefire (and would like to RENT this applicance)
The new Advanced Malware Protection (AMP) Appliance from Columbia, Maryland-based Sourcefire is built on the company’s FirePOWER platform and provides increased deployment flexibility for organizations needing immediate protection against advanced malware, Sourcefire said.
The appliance is deployed inline, and provides malware detection and blocking, as well as continuous file analysis and "retrospective security". By creating forensic fingerprints of files to identify known malware, the solution tracks file movement across the enterprise and helps identify attack targets for more efficient remediation, the company explained. As a result, users can be alerted of potentially malicious files that may have entered their environment, even if they were previously classified as a non-threat.
"Networks are constantly evolving and expanding and attackers are taking advantage of any gaps to permeate a network and accomplish their mission," said Martin Roesch, Sourcefire founder and interim CEO. "Thwarting attacks isn't just about blocking but also about using retrospective security to mitigate the impact once an attacker gets in. Sourcefire's threat-centric approach to security gives organizations continuous visibility, analysis and control across their environment and along the full attack continuum -- before, during and after an attack."
but if you have geeks or people who know how to set up the opensource version, you should - if you could at least test your networktraffic with (which doesn't mean that everything that will be stopped will be malware, you will see a lot of malconfiguration and other things)
sourcefire is for business who are too big for snort (or where you want to check everything with snort and not only a versy specific traffic to a versy specific part of your network)
renting it would be a solution as a checkup with all the signatures out there in the community in which it would run from time to time (on all the network or on specific parts of it) and you would let it run a few weeks after which you can start the cleanup (first just observing, than investigation and intervening if necessary)
depending on one is sometimes a bit dangerous and here you have an enormous community of millions of users
I don't say I have, I am just saying I love sourcefire as a concept (or snort) and it has always been my whish to use it and if anybody is looking for second opinions about traffic - this is a good guest - and if a firm would rent it out for a few weeks to doublecheck - this is not a bad idea (having secondary checks beginning with a clean sheet)