Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

FireEye Unveils New Threat Protection Platform

FireEye on Monday announced a next-generation threat protection platform to detect new and increasingly sophisticated cyber-attacks along with a slew of partnerships at the RSA Conference in San Francisco.

FireEye on Monday announced a next-generation threat protection platform to detect new and increasingly sophisticated cyber-attacks along with a slew of partnerships at the RSA Conference in San Francisco.

The new threat protection plaform is designed to help organizations deploy new security models to battle cyber-attacks, FireEye said Monday. FireEye also designed the platform to interoperate with a broad ecosystem of more than two dozen technology companies, including Mandiant, Guidance Software, and Bit9.

FireEye next-generation threat platform The platform creates a cross-enterprise threat protection “fabric” using a next-generation threat detection engine and dynamic threat intelligence to enable rapid detection, validation, and response to cyber-attacks.

“We have enabled flexible options so customers can integrate our dynamic threat intelligence into their existing security infrastructure to automate the threat response and rapidly neutralize today’s cyber-attacks,” said David DeWalt, chairman and CEO of FireEye.

FireEye platform unifies many security technologies to help enterprises modernize their security strategies, the company said. Many traditional defenses, such as firewalls and antivirus are not enough to counter the more advanced nature of today’s cyber threats, FireEye said.

The Multi-Vector Virtual Execution (MVX) Engine captures and confirm attacks by “detonating” Web objects, files, suspicious attachments, and mobile applications within instrumented virtual environments, FireEye said. The signature-less technology is used across various threat vectors to automate discovery and forensic analysis. The end result is that security teams have access to multi-vector dynamic threat intelligence on attacks specific to their organization.

Dynamic Threat Intelligence (DTI) cloud provides the latest multi-vector threat intelligence on new criminal tactics, developing APT attacks, and malware outbreaks. By exchanging anonymized threat intelligence through DTI, participating organizations gain contextual visibility of global attacks. The teams can strengthen their collective security by putting in measures to neutrailize the attacks before they can cause catastrophic damage, FireEye said.

FireEye announced several new partnerships, including agreements with Mandiant, Bit9, and Guidance Software at the conference. FireEye and Mandiant will be integrating the Mandiant Intelligent Response appliance with FireEye’s threat platform, FireEye said.

Organizations will be able to connect FireEye’s threat intelligence with Mandiant’s endpoint inspection capabilities to assemble all the evidence indicating a compromise, such as stolen user credentials or the existence of staging sites storing data before they are transferred out of the organization.The combination will provide organizations with visibility into and correlation of events on their networks and events on their endpoints, Kevin Mandia, CEO of Mandiant, said in a statement.

FireEye will be integrating Bit9’s real-time endpoint and server security offering into the FireEye Malware Protection System. With this integration, when FireEye’s platform detects malware on an enterprise network, Bit9’s endpoint security sensor and recorder confirms the location and scope of the threat. Organizations will be able to take advantage of both features to accelerate incident response and remediation, FireEye said. The joint offering will also give customers immediate enterprise-wide visibility into all systems on the network that have been infected, along with a way to automatically configure trust-based rules for the endpoint using events identified by FireEye. Full details will be forthcoming in the second quarter.

FireEye also teamed up with Guidance Software to automate incident response workflow so that companies can detect and remediate cyber-attacks quickly. Under this partnership, FireEye’s threat protection platform detects malware on the network and then shares threat intelligence with Guidance Software’s EnCase Cybersecurity, which automatically assesses endpoints to determine the risk profile, prioritize responses, and remediates any issues. With the joint offering, customers get access to signature-less detection for advanced threats, and remediation capablities to block command and control traffic, kill maliciosu processes and wipe offending files from the device.

The combined platforms will give security teams the ability to triage an advanced cyber attack immediately following detection, within minutes instead of weeks, FireEye said.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Cybercrime

Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers.