Razorback
The new Razorback platform developed by Sourcefire is basically a tool for tying together the various layers of detection within an organization, including antivirus, IDS/IPS, Web and email gateways, and firewalls, to use in concert to catch and examine potential threats and create mitigations on the fly.
Its creators say it’s not the same thing as a security information management tool, however, because it does more than capture events: “SIM collects events in a vacuum: It takes an AV event and says this host is infected by a virus … It doesn’t know anything about that piece of malware on the box,” says Matt Watchinski, senior director of Sourcefire’s vulnerability research team.
