New Offering Shrinks the Time to Resolve Security Incidents by Validating the Impact of Network-based Events and Containing Compromised Endpoints
Milpitas, CA - Feb 14, 2014 – FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today introduced FireEye® Endpoint Threat Prevention™ for the FireEye Security Platform. The new solution, which incorporates endpoint products acquired from Mandiant, is designed to enable security teams to resolve security incidents in a fraction of the time it takes using conventional approaches that knit together endpoint and network-detection capabilities from multiple vendors.
“Once a threat has been identified, rapid incident response is the key to preventing the theft of intellectual property, minimizing disruption to the business, and eliminating reputational impact,” said Manish Gupta, senior vice president of products at FireEye. “FireEye Endpoint Threat Prevention helps reduce the cost of response by equipping security analysts to make faster, more accurate decisions about potential threats. It connects the dots between what’s happening on their network and what’s happening on their endpoints so they can shorten the time required to resolve security incidents.”
According to Gartner, “Endpoint threat detection and response tools enable an organization to achieve comprehensive endpoint visibility, simplify security incident response, and detect malicious activities.” The report goes on to say “In particular, organizations that face attacks from advanced persistent threat actors must evaluate these tools and accelerate the deployment alongside network forensics and other "lean forward" security technologies and practices.” (Source, Gartner, Endpoint Threat Detection and Response Tools and Practices, A. Chuvak, September 25, 2013).
By incorporating endpoint threat detection and response capabilities into the FireEye platform, organizations can realize additional value from the FireEye advanced threat detection capabilities. With FireEye Endpoint Threat Protection, security teams can automatically trace alerts generated by the FireEye Multi-Vector Virtual Execution™ (MVX) engine directly to compromised servers, laptops, and file shares and then contain devices with a single click.
FireEye Endpoint Threat Prevention is an appliance-based solution that utilizes a lightweight agent deployed on the endpoints and is engineered to perform the following tasks:
Threat Monitoring & Validation
Validate Network-based Alerts. Alerts from the FireEye email and Web security products are automatically converted into indicators of compromise (IOC) and correlated with recent activity on all endpoints with deployed agents to confirm which endpoints may have been compromised.
Immediately Detect Compromised Devices. Notifies users when an IOC identifies a compromised device.
Find Out What Happened, Without Forensics. Agents deployed to endpoints continuously monitor and record key events to establish a timeline for suspected incidents by correlating alerts with past events.
Eliminate Blind Spots. Innovative Agent Anywhere™ technology works with remote and off-VPN agents no matter what kind of Internet connection they have to provide uninterrupted coverage for assets outside the corporate network.
Search for Advanced Attackers and the APT. Host-based indicators of compromise from FireEye identify known threats based on proprietary intelligence; users can also create their own IOCs to look for compromised endpoints.
Contain Endpoints. Take non-destructive action to isolate compromised devices with a single click and deny attackers access to systems while still allowing remote investigation.
Preserve Evidence for Incident Response. Automatic collection of evidence from endpoints to provide security analysts with pre-staged information about endpoints within the context of their existing workflow.
FireEye Endpoint Threat Prevention is generally available. Attendees at the 2014 RSA Conference in San Francisco will be able to view demonstrations at the FireEye booth on February 24–27, 2014.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,500 customers across more than 40 countries, including over 100 of the Fortune 500.