FireEye Threat Prevention Platform
A Real-Time Global Exchange of Threat Data Helps Preempt Emerging, Zero-Day Attacks
The FireEye threat prevention platform delivers multi-vector threat intelligence and partner interoperability to create a cross-enterprise protection fabric that stops today's cyber attacks. The FireEye platform enables rapid detection, validation, and response to cyber attacks that are increasingly sophisticated and successful at evading current defensive technologies. The FireEye platform has been purpose-built to counter today's cyber attacks and supplements security defenses, such as traditional and next-generation firewalls (NGFW), IPS, anti-virus (AV), and gateways, which can't stop advanced malware. The platform is formed by these core components that work in concert:
- Multi-Vector Virtual Execution (MVX) engine – A signature-less, virtualized detection engine
- Dynamic Threat Intelligence (DTI) enterprise – Multi-vector threat intelligence correlation and ecosystem of partner interoperability
- DTI cloud for global sharing of threat intelligence metadata
Multi-Vector Virtual Execution (MVX) engine
FireEye Virtualized Detection Model
The core of the FireEye platform is the patented MVX engine, which provides dynamic, signature-less, and virtualized analysis of today's advanced cyber attacks. The MVX engine can be deployed across attack vectors and detonates suspicious files, Web pages, and email attachments within instrumented virtual machine environments to confirm a cyber attack. After confirming an attack, the MVX engine also dynamically generates threat intelligence about the indicators of compromise specific to this attack and the targeted enterprise. This intelligence is multi-vector in nature and in a standards-based format, which enables the intelligence to be correlated and shared among the entire FireEye deployment and partner ecosystem for automated validation and protection against today's cyber attacks.
Dynamic Threat Intelligence enterprise Threat Prevention Model
Enterprise Threat Intelligence Sharing
FireEye has created a new threat prevention model featuring multi-vector threat intelligence, which is enterprise-specific to provide in-depth, cyber attack life cycle protection against unknown and known attacks as well as targeted, APT attacks. With FireEye, organizations have real-time threat prevention against blended attacks, malicious URLs, and spear phishing campaigns used to bypass traditional security. By correlating the multi-vector dynamic threat intelligence for a particular enterprise, customers can block attacks, respond to validated infected systems, and automatically share the indicators of compromise throughout the entire FireEye deployment and partner ecosystem technologies. The actionable FireEye threat intelligence enables customers to better leverage their existing infrastructure and achieve greater security ROI.
Standards-based threat intelligence metadata enables flexible, interoperability options for customers to gain stronger security, automated rapid response, and leverage their existing infrastructure. Partner integrations utilize the FireEye threat intelligence to address the network visibility, endpoint validation, and enforcement options needed by today's organizations to automate key cyber security workflows. Today's integrations use the FireEye XML-based alert format that provides rich threat intelligence to the alliance partner's solution enabling such activities as quarantining of infected IP addresses, restricting ports and protocols used by the malware, and infection confirmation based on the malware MD5 hash, for example.
Dynamic Threat Intelligence cloud Enables Global Sharing of Threat Intelligence
Global Threat Intelligence Sharing
The FireEye Dynamic Threat Intelligence cloud interconnects FireEye platforms deployed within customer networks, technology partner networks, and service providers around the world. This worldwide cloud efficiently shares the anonymized, standards-based threat intelligence metadata. The metadata format enumerates malware attributes, actions, and forensics captured in the FireEye MVX engine, such as covert callback channels, as well as new threat findings from FireEye Labs. By exchanging anonymized threat intelligence through the DTI cloud, participants gain contextual visibility of global attacks and can strengthen their collective security with the latest threat intelligence and neutralize attacks before they cause catastrophic damage.
Advanced persistent threat (APT) actors continue to innovate and utilize sophisticated malware exploits to bypass traditional security. Data theft, cyber espionage, system sabotage, and data corruption are some of the scenarios occurring today in targeted APT attacks.
The FireEye platform features the following integrated products, the NX series, EX series, FX series, and AX series. The FireEye CM series, which unifies reporting, configuration, and threat data sharing, centrally manages the overall FireEye platform deployment. Each platform can connect directly, or via a CM, into the Dynamic Threat Intelligence cloud, which offers global threat data sharing to stop emerging, zero-day threats.