(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

FireEye, Inc - STOP Advanced Persistent Threats (APT's)

Company Overview

FireEye, Inc. is the leader in stopping advanced targeted attacks that use advanced malware, zero-day exploits, and APT tactics. FireEye solutions supplement traditional and next-generation firewalls, IPS, antivirus and gateways, which cannot stop advanced threats, leaving security holes in networks.

FireEye offers the industry’s only solution that detects and blocks attacks across Web and email threat vectors as well as malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.

Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners and Juniper Networks.

Solutions for Government

U.S. federal agencies were disproportionately targeted in 2010, facing 39 percent more cyber incidents than in 2009 while overall cyber incidents declined, according to the Office of Management and Budget (OMB).

To counter cyber incidents such as nation-state sponsored espionage, data breaches and advanced persistent threats (APTs), government agencies must fill the hole left by next-generation firewalls, IPS, antivirus, and Web gateways. These tools, reacting based primarily on rules and signatures, are no match for well-funded adversaries employing a new generation of dynamic, stealthy threats.

Unique adoption points

Consistent with FISMA and NIST directives to embrace risk management through continuous monitoring and attack-based metrics, government agencies everywhere are turning to FireEye. FireEye offers the only appliances that can detect and block threats in real time for a proactive stance against advanced malware, zero-day and targeted APT attacks.

The FireEye family of Web and Email Malware Protection Systems continuously detects, confirms and blocks both unknown and known threats. FireEye's comprehensive protection continuously monitors and acts on both inbound and outbound paths. Operating either in-line or out-of-band, FireEye strengthens government security infrastructures without disrupting operations. FireEye adds a vital layer of protection as agencies adopt the cloud.

Actively analyse unknown code and suspicious web objects

Objects are executed against a range of browsers, plug-ins, applications, and operating environments. The signature-less VX engine identifies the use of zero-day exploits, confirms a Web attack is underway, and blocks call-backs and subsequent malware downloads over multiple protocols.

Virtual environments

All attachments can be safely and accurately analysed to identify zero-day exploits. Beyond signature- and reputation-based systems, the VX engine can detect if previously legitimate files have been re-armed and sent via spear phishing email to penetrate enterprise defences.

Analyses for infected files on network file shares

The VX engine can be used to scan CIFS-compatible file shares to detect and stop advanced targeted attacks embedded within infected Microsoft Office files, images, PDFs, Flash, or ZIP/RAR/TNEF archives.

Proprietary virtualization technology

The VX engine analyses and confirms true, zero-day malware, such as Trojans, targeted attacks, bots, VM-aware malware, and advanced persistent threats.

Multi-stage inspection and blocking engine

Stops known and zero-day attacks while simultaneously eliminating false positives. The multi-stage inspection process unifies virtualization and network security to accurately block advanced malware that are used to penetrate networks and steal resources and sensitive data.

Products Overview

The FireEye Malware Protection System is the only complete solution to stop advanced targeted attacks across the Web and email threat vectors and malware resident on file shares. It consists of the following segments.

Web Malware Protection System (MPS)

The Web Malware Protection System (MPS) stops Web-based attacks that traditional and next-generation firewalls, IPS, AV, and Web gateways miss. It protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe. Advanced targeted attacks use the Web as a primary threat vector to compromise key systems, perform reconnaissance on existing defenses, establish long-term control and access to networked systems, and exfiltrate data.

FireEye Web MPS appliances are a turnkey system that can be deployed inline at Internet egress points to block inbound Web exploits and outbound multi-protocol callbacks. They employ the most sophisticated Virtual Execution (VX) engine in the world to accurately confirm zero-day attacks, create real-time protections, and capture dynamic callback destinations. Dynamic analysis of zero-day attacks within a full-featured virtual analysis environment yields real-time malware security content to protect the local network and share with subscribers of the FireEye Malware Protection Cloud (MPC). In addition, the Web MPS can signal into incident response mechanisms, such as SIEM, and also offers TCP resets for out-of-band blocking of TCP, UDP, or HTTP connections.

FireEye Email Malware Protection System

The FireEye Email Malware Protection System (MPS) secures against spear phishing email attacks that bypass anti-spam and reputation-based technologies. Spear phishing attacks have soared in popularity with the availability of user-specific information on social networks and other Internet resources. With all the personal information available online, a criminal can socially engineer almost any user into clicking a URL or opening an attachment with a zero-day exploit, and the criminal quickly collects control of a privileged system and user accounts.

To quarantine the spear phishing emails used in advanced targeted attacks, the Email MPS analyzes every attachment using a signature-less, Virtual Execution (VX) engine that can safely and accurately identify zero-day attacks. It goes beyond signature and reputation-based systems by detonating each attachment against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. Administrators can quarantine emails with malicious content for further analysis or deletion.

File Malware Protection System (MPS)

The FireEye File Malware Protection System (MPS) analyzes network file shares to detect and quarantine malware brought into the network through the Web, email, or other manual means, such as online file sharing. This halts the lateral spread of advanced malware that traditional and next-generation firewalls, IPS, AV, and gateways miss. Advanced targeted attacks use sophisticated malware and APT tactics, not only to penetrate defenses, but also to spread laterally and establish a long-term foothold in the network.

FireEye File MPS security appliances analyze file shares using the patented FireEye Virtual Execution (VX) engine that detects zero-day malicious code embedded in common file types. The File MPS performs recursive, scheduled, and on-demand scanning of accessible network file shares to identify and quarantine resident malware without impact to corporate productivity. This halts a key stage of the advanced attack lifecycle.

FireEye testimonial - Department of Defense

Published on 5 Dec 2012
Robert Lentz, former CISO of the Department of Defense, discusses the rising tide of advanced persistent threats and the need for advanced threat protection solutions from FireEye.

The best and brightest choose FireEye

Published on 29 Aug 2012
CISOs speak to why they chose FireEye to stop unknown threats, such as advanced persistent threats and spear phishing.

FireEye Malware Analysis System (MAS)

The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely execute and inspect advanced malware, zero-day, and targeted APT attacks embedded in common file formats, email attachments, and Web objects. With advanced instrumentation, the FireEye Virtual Execution (VX) environments provide forensic details on the exploit, such as the vulnerability exploited to create a buffer overflow condition, attempts to escalate privileges within Windows, and the callback coordinates used to exfiltrate data.

When threat analysts need a secure environment to test, replay, characterize, and document advanced malicious activities, they can simply load a suspicious file or set of files into the FireEye MAS' VX engine. As it analyzes files such as suspicious email attachments, PDF documents, or Web objects via a URL, the MAS reports a full 360-degree view of the attack, from the initial exploit and malware execution path to the callback destinations and follow-on binary download attempts.