SAN FRANCISCO – RSA CONFERENCE 2017 – Cyber threat protection and intelligence firm FireEye today unveiled major updates to its endpoint security platform, including two new protection engines and support for Apple’s macOS systems.
The new capabilities are the first of several no-cost upgrades for FireEye Endpoint Security customers that are coming in 2017, the company says.
As part of the latest FireEye Endpoint Security platform, a new “Exploit Guard” engine leverages behavioral analysis capabilities to detect known threats, while a new partnership integrates Bitdefender’s anti-malware engine to protect against more traditional commodity malware. The combination allows FireEye Endpoint Security to serve as an Anti-Virus replacement with a single agent that can satisfy compliance requirements.
The company claims that its behavioral analysis engine that powers the new Exploit Guard feature, has in testing environments, been able to detect and block nearly all the previously unknown exploits – without signatures or indicators – that were publicly reported over the past three years.
“We took every zero-day exploit that affected Windows machines from 2014, 2015 and 2016 and fed them into this engine,” FireEye CTO Grady Summers told SecurityWeek at the company’s recent internal Momentum 2017 conference. Summers, who previously served as CISO at GE, explained that FireEye pulled down all the ransomware and exploit kits they could find on Virus Total and were able to achieve a 99.74% efficacy (detection) rate with no signatures or prior knowledge.
The company boasts an advantage of continually responding to high profile breaches around the world via its Mandiant team, where incident responders and analysts are able to see where other products fail. The company says that in Q4 2016, Mandiant responded to more security breaches than in any prior quarter in the company’s history.
“Well over 80 percent of the time, if I’m reading a headline, we are there,” Kevin Mandia, CEO at FireEye, told SecurityWeek in a meeting at the Momentum Conference last month. “That makes me feel good.”
In addition to insights gained from the Mandiant Incident Response team, context from FireEye iSIGHT Intelligence helps security teams prioritize and triage threats, the company says.
“FireEye Endpoint Security is built to speed up and simplify endpoint protection and response with high-fidelity alerts, context from FireEye iSIGHT Intelligence, and forensic and investigation capabilities scaled to hundreds of thousands of endpoints,” the company explains. “This seamless integration of prevention, detection and response capabilities in a single agent also greatly simplifies the customer deployment and lowers the performance impact on the endpoint.”
These new capabilities are generally available to customers globally immediately.
The integration of Bitdefender’s anti-virus engine is expected to occur during the first quarter of 2017, with additional roll-out of other detection and prevention capabilities following later this year.
In addition to the recently added support for macOS endpoints, support for Linux servers will be added later in 2017. Other enhancements coming this year will include virtual and cloud form factors and expanded behavioral analysis and machine learning capabilities to protect against unknown malware and exploits.
After seeing its stock price decline significantly over the past years, along with major executive leadership changes, FireEye is betting on new products and partnerships to help improve its position in the cybersecurity solutions market.
In late 2016, FireEye launched new cloud-based network security and threat intelligence offerings. The company also announced a deal with Microsoft that allows Windows Defender Advanced Threat Protection (WDATP) users to gain access to FireEye’s iSIGHT adversary based intelligence.
In December 2016, FireEye and the NATO Communications and Information Agency (NCI) announced an information sharing partnership, under which the two organizations will exchange non-classified technical information related to cyber threats and vulnerabilities.