Security Experts:

FireEye Unveils New Threat Protection Platform

FireEye on Monday announced a next-generation threat protection platform to detect new and increasingly sophisticated cyber-attacks along with a slew of partnerships at the RSA Conference in San Francisco.

The new threat protection plaform is designed to help organizations deploy new security models to battle cyber-attacks, FireEye said Monday. FireEye also designed the platform to interoperate with a broad ecosystem of more than two dozen technology companies, including Mandiant, Guidance Software, and Bit9.

FireEye next-generation threat platform The platform creates a cross-enterprise threat protection “fabric” using a next-generation threat detection engine and dynamic threat intelligence to enable rapid detection, validation, and response to cyber-attacks.

“We have enabled flexible options so customers can integrate our dynamic threat intelligence into their existing security infrastructure to automate the threat response and rapidly neutralize today's cyber-attacks,” said David DeWalt, chairman and CEO of FireEye.

FireEye platform unifies many security technologies to help enterprises modernize their security strategies, the company said. Many traditional defenses, such as firewalls and antivirus are not enough to counter the more advanced nature of today's cyber threats, FireEye said.

The Multi-Vector Virtual Execution (MVX) Engine captures and confirm attacks by “detonating” Web objects, files, suspicious attachments, and mobile applications within instrumented virtual environments, FireEye said. The signature-less technology is used across various threat vectors to automate discovery and forensic analysis. The end result is that security teams have access to multi-vector dynamic threat intelligence on attacks specific to their organization.

Dynamic Threat Intelligence (DTI) cloud provides the latest multi-vector threat intelligence on new criminal tactics, developing APT attacks, and malware outbreaks. By exchanging anonymized threat intelligence through DTI, participating organizations gain contextual visibility of global attacks. The teams can strengthen their collective security by putting in measures to neutrailize the attacks before they can cause catastrophic damage, FireEye said.

FireEye announced several new partnerships, including agreements with Mandiant, Bit9, and Guidance Software at the conference. FireEye and Mandiant will be integrating the Mandiant Intelligent Response appliance with FireEye's threat platform, FireEye said.

Organizations will be able to connect FireEye's threat intelligence with Mandiant's endpoint inspection capabilities to assemble all the evidence indicating a compromise, such as stolen user credentials or the existence of staging sites storing data before they are transferred out of the organization.The combination will provide organizations with visibility into and correlation of events on their networks and events on their endpoints, Kevin Mandia, CEO of Mandiant, said in a statement.

FireEye will be integrating Bit9's real-time endpoint and server security offering into the FireEye Malware Protection System. With this integration, when FireEye's platform detects malware on an enterprise network, Bit9's endpoint security sensor and recorder confirms the location and scope of the threat. Organizations will be able to take advantage of both features to accelerate incident response and remediation, FireEye said. The joint offering will also give customers immediate enterprise-wide visibility into all systems on the network that have been infected, along with a way to automatically configure trust-based rules for the endpoint using events identified by FireEye. Full details will be forthcoming in the second quarter.

FireEye also teamed up with Guidance Software to automate incident response workflow so that companies can detect and remediate cyber-attacks quickly. Under this partnership, FireEye's threat protection platform detects malware on the network and then shares threat intelligence with Guidance Software’s EnCase Cybersecurity, which automatically assesses endpoints to determine the risk profile, prioritize responses, and remediates any issues. With the joint offering, customers get access to signature-less detection for advanced threats, and remediation capablities to block command and control traffic, kill maliciosu processes and wipe offending files from the device.

The combined platforms will give security teams the ability to triage an advanced cyber attack immediately following detection, within minutes instead of weeks, FireEye said.

Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.