Connect with us

Hi, what are you looking for?


Network Security

FireEye Announces Foray Into Orchestration and Automation

After acquiring security orchestration firm Invotas in February of this year, FireEye has announced the first product resulting from the union of the two firms: the FireEye Security Orchestrator.

After acquiring security orchestration firm Invotas in February of this year, FireEye has announced the first product resulting from the union of the two firms: the FireEye Security Orchestrator.

Announced today, FireEye Security Orchestrator’s purpose is to automate interaction between FireEye’s own product suite, and then to provide an open platform for automation and integration with third party products.

The Security Orchestrator  will provide more efficient security by eliminating repetitive manual processes, reducing process errors, and automating the correct response between different security controls.

The Invotas website claims a 99% reduction in human errors, a 98% gain in efficiency, and a 40% reduction in risk exposure through its orchestration software. Although not specifically claiming the same figures for the FireEye Security Orchestrator, Paul Nguyen, CEO and Founder of Invotas – and now FireEye’s VP of Orchestration & Integration – told SecurityWeek that similar figures can be achieved for FireEye customers.

It will, of course, vary between customers depending on just how much automation they accept, and how much they retain on manual oversight. Nevertheless, FireEye’s SVP & CTO Grady Summers told SecurityWeek that a major side benefit is that members of the security team will be released from tedious manual work to spend more time on intruder hunting.

All of this will be realized by orchestrating FireEye’s own products and those of third-parties via the Orchestrator under ‘a single pane of glass’. For now these third-parties are mainstream vendors like Blue Coat and CyberArk; but Summers told SecurityWeek that he would welcome all vendors, including new small start-ups, to join the Cyber Security Coalition (CSC). FireEye will provide an SDK to make the integration possible.

Key to the efficiency and effectiveness gains will be the ‘Course of Action Workflows’ that will act as incident response playbooks. These define the required automatic response to different incidents. They will start by leveraging Mandiant’s incident response expertise, but customers will be able to develop their own. High level workbooks could be shared between different verticals, or between customers with similar product mixes.

As an example of a workflow, Summers confirmed that an incident detected by FireEye as a privilege escalation attempt could transmit to CyberArk as an instruction to change affected passwords. The detail and purpose of the response playbook, said Summers, is limited only by the imagination and requirement of the customer – and the desired extent of automation.

Advertisement. Scroll to continue reading.

CyberArk’s Adam Bosnian, executive vice president, global business development, comments, “As a CSC partner and through integrations of our respective solutions, which incorporate privileged account security best practices and privileged activity data, we enable customers to better detect and respond to threats.”

Of course effective orchestrated incident response depends upon effective incident detection. Many threats first show themselves in email, and FireEye will be enhancing its Email Security within the next few months. This will include intelligence-led capabilities for detecting and blocking spear-phishing emails seeking to deliver malware such as ransomware or harvest credentials.

FireEye’s Network Security already includes new improvements to help monitor files for malicious activity and disturbing behavioral patterns. The Threat Analytics Platform will be enhanced with a new Guided Investigations feature designed to improve investigation capabilities and reduce response times. The intent is to automate investigation based on specific attack scenarios.

The Security Orchestrator will become available within the next month.

Related Reading: Suffocating Volume of Security Alerts Challenge Incident Response

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet