1 / 9

FireEye Overview

FireEye Overview. Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel. Sophisticated attacks are more common . What the Analysts are Saying. “Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.”

zudora
Download Presentation

FireEye Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FireEye Overview Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel

  2. Sophisticated attacks are more common

  3. What the Analysts are Saying “Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.” Gartner, 2011 “The widening gap between hacker capabilities and security defenses has security organizations struggling to keep up with the changing nature, complexity, and scale of attacks.” Forrester, 2011 “Incumbent defenses fall short…existing antimalware initiatives are no longer enough.” Forrester, 2011 “Organizations that rely on desktop AV and secure web gateways as their primary antimalware technologies may very well find themselves falling victim to malware-based attacks.” Forrester, 2011 ““There is widespread agreement that advanced attacks are bypassing our traditional signature-based security controls and persisting undetected on our systems for extended periods of time. The threat is real. You are compromised; you just don't know it yet.” – Gartner, January 2012

  4. Hackers Evade Existing Defenses • Utilizes advanced techniques and/or malware • Unknown • Polymorphic • Dynamic • Multi-stage • Personalized • Uses zero-dayexploits, commercial quality toolkits, and social engineering • Often targets IP, credentials and often spreads laterally throughout network • Same techniques – whether mass crimeware or targeted APT The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted ADVANCED Advanced Targeted Attack TRADITIONAL

  5. Multi-Protocol, Real-Time VX Engine Global loop sharing into DTI Cloud Intelligence Phase 3 alerts on infections as well as C&C destinations Fast Path Real-time Blocking in Appliance • Phase 1: Aggressive capture heuristics • Deploys out-of-band/passive or inline • Multi-protocol capture of HTML, files (e.g. PDF), & EXEs • Maximizes capture of potential zero-day attacks • Phase 2: Virtual machine analysis • Confirmation of malicious attacks • Removal of false positives • Phase 3: Block Call Back • Stop data/asset theft • Local, Enterprise Wide, Global (DTI Cloud)

  6. Next-Gen Malware Protection System (MPS) FireEyeHardware Platform 7000 Series: 1Gbps 4000 Series: 250 Mbps 2000 Series: 50 Mbps 1000 Series: 20 Mbps • KEY FEATURES: • Detects inbound 0-day & custom malware via virtual machine analysis • Tracks outbound call-backs and subsequent malicious payloads • Extremely accurate detection with near-zero false positive • Copper and Fiber models • 10-Gig native solution coming soon!

  7. Advanced Malware Protection Architecture • Real-time Web, Email, & File Security to stop Advanced Targeted Attacks • Centralized Management, Reporting • Augments Zero-Day gaps traditional security misses • Platform for sharing FireEye Intel with 3rd party products • Automation ensures higher detection accuracy & low TCO • Malware Protection Cloud provides unique, zero-day intelligence MALWARE PROTECTION CLOUD Firewall File MPS Proxy Anti-Spam Internet Facing SharePoint Web MPS CMS Email MPS MAS LAN Mail Servers

  8. Technology Alliances - Moving Closer to the Breach MSSP SIA Partner Member Host Gateway NetworkMonitoring SIEM Threat Attribution GRC SSL Alliances subject to change. Integration levels vary based on purpose and investment.

  9. Summary • Pace of advanced threats accelerating, targeting all verticals and all segments • Traditional defenses (NGFW, IPS, AV, and Web gateways) no longer combat these attacks • Real-time, proactive signature-less solution is required across Web and Email to solve issue • FireEye has engineered the best threat protection solution to supplement traditional defenses and combat advanced attacks

More Related