The AMP appliance is built on the firm’s FirePower platform, and is designed to add further continuous file analysis, retrospective security, malware detection and blocking features. Sourcefire claimed the tool does this by adding forensic fingerprints to files that can be used to track file movements and identify the targets of advanced attacks. This network collates and shares information about known malware between the company’s clients to offer a fast alert and cyber response service. Sourcefire claimed the network is connected to millions of end points, making it one of the most comprehensive security information services in the world.