The FireEye Dynamic Threat Intelligence (DTI) cloud interconnects FireEye threat prevention platforms deployed within customer networks, technology partner networks, and service providers around the world. This worldwide cloud efficiently shares auto-generated threat intelligence, such as covert callback channels, as well as new threat findings from FireEye Labs.
How FireEye Combats Today's New Breed of Cyber Attacks
When a platform confirms an attack locally, it generates dynamic and anonymized threat intelligence of the attack and distributes it through the DTI cloud to warn other users. Threat intelligence includes:
Malware attack profiles, including identifiers of malware code, exploit URLs, and other sources of inbound infections and attacks
Analysis of email attachments and URLs
Fully qualified malware callback destinations (destination IP address, protocols used, ports used) that identify malicious websites and email sources
Malware communication protocol characteristics, such as custom commands used to instantiate transmission sessions
Third-party threat intelligence feeds from many different sources, which are then automatically validated using FireEye technology and added into the DTI cloud subscription feed
Unlike reputation and risk-based threat intelligence networks, which make assumptions about potentially risky code and broadcast signatures that may either falsely block or falsely allow traffic, FireEye systems confirm malicious activity. The assessments captured by the FireEye systems are conclusive because suspicious code is fully tested in a virtual execution environment.