Call a Specialist Today! 844-294-0776
Free Shipping! Free Shipping!

The Latest FireEye News
Product and Solution Information, Press Releases, Announcements

Enhanced Email Visibility and DLP Awareness in FireEye Helix with Virtru
Posted: Mon Dec 16, 2019 10:22:09 AM

December 16, 2019 | by Christopher Unick

As the cyber security threat landscape continues to evolve and attacks become increasingly sophisticated, security operations center (SOC) teams need to incorporate email and file protection, sharing, and access to event logs that correlate with endpoint and network activity. All of this can provide organizations with comprehensive security intelligence to help strengthen monitoring workflows, quickly flag incidents, trace their impact and enable immediate remediation.

A recent collaboration between encryption company Virtru and FireEye does just that. Mutual customers get persistent protection, control and visibility of sensitive email and file attachments as they travel in and out of customersí environments. For SOC teams, this means that as content is created and shared in the cloud, they can maintain granular visibility into who has accessed protected data, when and where they did it, and for how long.

How Does it Work?

Customers can use the Virtru Audit Export API to push telemetry to the FireEye Helix security operations platform. Together, Virtru and FireEye provide customers with advanced user-behavior analytics, a process that utilizes set data loss prevention (DLP) rules to identify abnormal email usage and suspicious or malicious activity and gives insight into who is sharing sensitive data. In the event of a data breach, or if a userís credentials become compromised, Virtru can immediately disable access via its advanced access control capabilities.

FireEye Helix has more than 70 rules set up for Virtru that generate alerts for SOC analysts to review. These alerts are normal day-to-day activities that Virtru customers would perform such as:

  • Email/Content Access: Revoked or Granted Access, Sharing Enabled/Disabled
  • User Behavior: Failure/Success to Access Email/Content, Forwarded Emails
  • Admin Items: New/Deleted Admins, New API Tokens Created, Users Added/Removed
  • Policy Information: New/Update/Deleted Policies or DLP Rules, Violated Policy Info

There are five Virtru Dashboards in FireEye Helix that visualize what alerts (Figure 1) are happening in an environment: Email Information, Email Advanced Control Usage, Organizational Events, User Events and User Activations. These dashboards (seen in Figure 2) allow SOC analysts to quickly view key information and take action.

Figure 1: Virtru Alerts In FireEye Helix

Figure 2: Virtru Dashboards in FireEye Helix

« Return to News List