Call a Specialist Today! 844-960-3901
Free Shipping! Free Shipping!

The Latest FireEye News
Product and Solution Information, Press Releases, Announcements

FireEye Introduces Endpoint Threat Detection & Response Capabilities for FireEye Security Platform
Posted: Fri Feb 14, 2014 01:45:28 PM

New Offering Shrinks the Time to Resolve Security Incidents by Validating the Impact of Network-based Events and Containing Compromised Endpoints.

Milpitas, CA -- February 14, 2014 -- FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today introduced FireEye Endpoint Threat Prevention for the FireEye Security Platform. The new solution, which incorporates endpoint products acquired from Mandiant, is designed to enable security teams to resolve security incidents in a fraction of the time it takes using conventional approaches that knit together endpoint and network-detection capabilities from multiple vendors.

"Once a threat has been identified, rapid incident response is the key to preventing the theft of intellectual property, minimizing disruption to the business, and eliminating reputational impact," said Manish Gupta, senior vice president of products at FireEye. "FireEye Endpoint Threat Prevention helps reduce the cost of response by equipping security analysts to make faster, more accurate decisions about potential threats. It connects the dots between what's happening on their network and what's happening on their endpoints so they can shorten the time required to resolve security incidents."

According to Gartner, "Endpoint threat detection and response tools enable an organization to achieve comprehensive endpoint visibility, simplify security incident response, and detect malicious activities." The report goes on to say "In particular, organizations that face attacks from advanced persistent threat actors must evaluate these tools and accelerate the deployment alongside network forensics and other "lean forward" security technologies and practices." (Source, Gartner, Endpoint Threat Detection and Response Tools and Practices, A. Chuvak, September 25, 2013).

By incorporating endpoint threat detection and response capabilities into the FireEye platform, organizations can realize additional value from the FireEye advanced threat detection capabilities. With FireEye Endpoint Threat Protection, security teams can automatically trace alerts generated by the FireEye Multi-Vector Virtual Execution (MVX) engine directly to compromised servers, laptops, and file shares and then contain devices with a single click.

FireEye Endpoint Threat Prevention is an appliance-based solution that utilizes a lightweight agent deployed on the endpoints and is engineered to perform the following tasks:

Threat Monitoring & Validation

  • Validate Network-based Alerts. Alerts from the FireEye email and Web security products are automatically converted into indicators of compromise (IOC) and correlated with recent activity on all endpoints with deployed agents to confirm which endpoints may have been compromised.
  • Immediately Detect Compromised Devices. Notifies users when an IOC identifies a compromised device.
  • Find Out What Happened, Without Forensics. Agents deployed to endpoints continuously monitor and record key events to establish a timeline for suspected incidents by correlating alerts with past events.
  • Eliminate Blind Spots. Innovative Agent Anywhere technology works with remote and off-VPN agents no matter what kind of Internet connection they have to provide uninterrupted coverage for assets outside the corporate network.
  • Search for Advanced Attackers and the APT. Host-based indicators of compromise from FireEye identify known threats based on proprietary intelligence; users can also create their own IOCs to look for compromised endpoints.

Threat Containment

  • Contain Endpoints. Take non-destructive action to isolate compromised devices with a single click and deny attackers access to systems while still allowing remote investigation.
  • Preserve Evidence for Incident Response. Automatic collection of evidence from endpoints to provide security analysts with pre-staged information about endpoints within the context of their existing workflow.

FireEye Endpoint Threat Prevention is generally available. Attendees at the 2014 RSA Conference in San Francisco will be able to view demonstrations at the FireEye booth on February 24-27, 2014.

« Return to News List