FireEye Threat Intelligence
Scalable Threat Intelligence for Added Context across The Organization
Against cyber threats, knowledge is power
To anticipate and respond to sophisticated cyber attacks, you need to understand attacker motivations, intentions, characteristics, and methods. You can mitigate risk, bolster incident response efforts and enhance your overall security by understanding who is most likely to attack you, what they want, why they want it and how they plan to get it.
FireEye Threat Intelligence delivers the insights you need based on deep adversarial intelligence, extensive machine intelligence and detailed victim intelligence.
- Improve investigations and response plans with contextual intelligence that provides answers
- Gain visibility into the attack life cycle with pre- and postattack threat intelligence
- Consume actionable threat intelligence tailored to your security mission
Relevant, actionable intelligence tailored to your security mission
Modern cyber attackers are sophisticated, well-funded, well-organized and use highly-targeted techniques that leave technology-only security strategies exposed. To identify and stop attackers, organizations need to understand how they think, how they work, and what they want. But most organizations rely solely on legacy, signature-based intelligence feeds that provide a false sense of safety. Those types of intelligence cannot help anticipate attacks or guide responses.
Only FireEye iSIGHT Threat Intelligence combines outward-looking adversary intelligence with best-of-breed breach victim and machine-based intelligence for a full 360° view of proliferating threats before, during and after attacks.
Our intelligence solutions will help you:
- Quickly assess risk, prioritize the alerts and threats that matter most, and minimize your exposure to attack
- Save time and money by increasing the efficiency of your security operation
- Devise strategies around changing threat conditions and secure resources to defend against them
- Identify, analyze, and remediate threats across your entire network
- Understand the TTPs used by threat actors
- Effectively integrate cyber threat intelligence into your existing security technologies
The FireEye threat intelligence advantage
FireEye intelligence is unique in the industry. Our team of more than 150 security researchers and experts from around the globe draws upon decades of intelligence experience to transform raw information into finished intelligence. We combine human analytics with a technical data collection platform to provide actual threat insights and understand the tactics, techniques, and procedures (TTPs) used by specific threat actors.
The result? We have an unmatched view across adversaries, victims, and networks worldwide that enables us to give you visibility into the entire lifecycle of an extended cyber attack from initial reconnaissance to exfiltration.
Response to the Threat Environment
Organizations continue to fight an asymmetric battle on the cyber front. Attackers are sophisticated, well-funded, well-organized and use highly targeted techniques. Security teams routinely struggle to understand which cyber threats pose the greatest risk to them and how to prioritize those they discover.
Most organizations stake their security efficacy on legacy, signature-based tactical intelligence feeds that can’t anticipate attacks or provide context to guide response. Instead, these feeds increase alert volumes with false positives that make it nearly impossible to detect attacks and provide a false sense of security. The right threat intelligence can help organizations improve detection and response capabilities and business efficiencies.
Rich context to mitigate threats
FireEye iSIGHT Threat Intelligence is unique in the industry. It is developed by more than 150 FireEye security researchers and experts around the globe who apply decades of experience to deliver knowledge about adversaries and their motivations, intentions and methods. They help organizations:
- Proactively assess and manage the risks that are relevant
- Detect and prevent attacks
- Build attack context for the alerts that they face Threat Intelligence is mainly derived from three areas:
- Deep within the attacker’s development environment before attacks are even launched
- First responders to the world’s most advanced cyber threats
- MVX-driven technology that identifies never-before seen attacks By providing comprehensive intelligence that is immediately actionable, organizations can better manage their risk and response to today’s attacks.
Flexible threat intelligence suite to meet your requirements
FireEye helps operationalize your intelligence with standalone iSIGHT Threat Intelligence and intelligence integrated with FireEye technology, which includes Dynamic Threat Intelligence (DTI) and Advanced Threat Intelligence (ATI).
Standalone Threat Intelligence
FireEye iSIGHT Threat Intelligence can be integrated with any FireEye security solution as well as with any of your existing infrastructure and tools. It is a comprehensive offering that provides tactical, operational and strategic intelligence. It goes beyond the basic information that data feeds provide and adds the forward-looking and highly contextual information you need to build proactive defenses, prioritize alerts and resources and improve incident response.
It includes various consumable intelligence streams as well as direct access to analysts and dedicated client support. Intelligence is available in:
- Machine-to-machine format via the iSIGHT API
- Human readable format through the MySIGHT Portal
- iSIGHT Threat Media Highlights, a daily analysis of the top global security news stories
Intelligence can be tailored to the role or function of the personnel using it, empowering both mature and growing security teams with critical context on the intents and activities of their attackers. FireEye iSIGHT Threat Intelligence subscriptions can be customized across these five functional use cases: tactical, operational, fusion, executive and vulnerability.
Intelligence Integrated within FireEye Technology
Threat intelligence subscriptions for your FireEye technology can enhance your detection, investigation and response capabilities. Two intelligence variants are offered as add-on subscriptions for FireEye detection and investigation products: DTI and ATI.
Dynamic Threat Intelligence (DTI)
This intelligence facilitates unsurpassed detection with machine learning and analytics that codify attacker intent and tactics, techniques and procedures (TTPs) through the FireEye Multi-Vector Virtual Execution (MVX) engine. DTI provides hourly updates to ensure that your organization is finding the most recent attacks FireEye has seen across its global network of customers.
Advanced Threat Intelligence (ATI)
When FireEye detects an attack ATI provides the context required to prioritize resources and develop an appropriate response. Available intelligence includes who the associated threat actor is, what their likely motives are, industry and global views, information about the malware and other indicators that can be used to search for the attackers in your environment.
How FireEye threat intelligence is different
The FireEye iSIGHT Threat Intelligence portfolio provides extensive insight into adversaries and their motivations, intentions and methods:
- Deep and broad visibility into the extended attack lifecycle and attacker’s motives, tools and procedures. Early visibility and access to information on the latest and most sophisticated threats from hundreds of embedded analysts deep within the adversary’s development ecosystem, decade long visibility at the front lines of major cyber attack investigations and a global network of sixteen million virtual threat detection nodes through codified understanding of the attacker intent.
- Flexible and scalable analysis engine to track an everevolving attacker. 125+ million node mathematical graph database that dynamically models the relationships between the tools and tactics cyber threat groups use, the operations they conduct and their sponsors.
- Subject matter experts from diverse domains who rigorously track and analyze the financial and political dimensions of over 16,000 cyber threats worldwide.
With this type of threat intelligence security teams shrink the attack surface and move from a resource intensive, alert- reactive security posture to a proactive one that addresses threats significantly more effectively and efficiently.
iSIGHT Intelligence Subscriptions
Enhance your current security and risk management infrastructure to build proactive defenses, prioritize alerts and improve incident response.
- Qualify threats poised to disrupt your business based on the intents, tools and tactics of the attacker
- Delivers visibility beyond the typical attack lifecycle, adding context and priority to global threats
Cyber Threat Intelligence Services
Design and build cyber threat intelligence (CTI) processes and solutions within your security operations.
- Optimize your ability to consume, analyze and apply threat intelligence
- Focus on strategic planning, threat communications, technical solutions and workforce expertise
Forward Deployed Analyst
Extend your team with an on-site FireEye intelligence analyst who leverages FireEye and Mandiant expertise and visibility.
- Includes threat intelligence and information security expertise to reveal meaningful insights
- Delivers customized intelligence and analysis for decision makers and front line network defenders
|Visibilit y of Extended Kill Chain||DTI||ATI||iSIGHT Intelligence|
|Stage of an attack where intelligence comes from||Attack||Attack||Pre-attack, attack, post-attack|
|Type of intelligence||Tactical||Contextual||Broad, comprehensive intelligence and analysis tools|
|Detection from FireEye appliances|
|Detection profiles for FireEye appliances|
|FireEye alert correlation to geolocations and industry verticals|
|Attribution of FireEye alerts to known threat actors|
|Threat group profiles|
|Malware family profiles|
|Threat indicators via API|
|API and SDK for integration into non-FireEye tools|
|iSIGHT browser plugin for scanning, querying and pivoting into iSIGHT intelligence|
|Attribution of iSIGHT Threat Indicators to known threat actors|
|Extended coverage of threat actors|
|Business system vulnerability tracking|
|Critical infrastructure vulnerability tracking|
|Context for alerts across the existing IT infrastructure|
Download the FireEye Threat Intelligence Datasheet (PDF).