For organizations tasked with maintaining the security and continuity of these systems, Cyber Physical Intelligence provides early warning on critical vulnerabilities, as well as the threat campaigns and adversaries targeting them. With Cyber Physical Intelligence, security teams can stay ahead of attackers and make better-informed decisions about the security posture of their cyber physical systems. The Cyber Physical Intelligence subscription includes in-depth reporting on cyber physical-focused malware and malicious tactics, techniques and procedures, threat actors, threat activity, vulnerabilities and strategic insights.

Stay Ahead of the Next Generation of Threats

Cyber physical systems come with a complex set of benefits and risks. To anticipate and block threats that target cyber physical systems, you must maintain current information on the unique security requirements of these technologies:

• Increase awareness of relevant cyber physical security vulnerabilities and support vulnerability management efforts through FireEye vulnerability scoring and analysis of remediation options.
• Gain situational awareness of threats, campaigns and actors targeting your cyber physical systems.
• Educate your internal teams and external stakeholders with in-depth reference material and topical event coverage tailored to the cyber physical world.
• Make better-informed decisions about your evolving cyber physical security program and controls.
• Get actionable intelligence to help evolve your cyber physical risk management posture from reactive to proactive.

Highlights

• Analysis and reporting on cyber physical vulnerabilities
• Technical analysis of cyber physical-focused threat actor TTPs
• All-source intelligence analysis of cyber physical threats
• Analysis of operational technology-focused news and research
• Access to educational content to increase security awareness across your team

FireEye Email Security delivers dynamic defense to detect attacks from the very first time they’re seen and blocks the most dangerous cyber threats including malware-laden attachments and URLs, credential phishing sites and business email compromise attacks. Email-borne cyber attacks are targeted, automated and hidden amongst millions of messages, easily morphing before signatures can be created. Leveraging FireEye’s extensive threat intelligence from frontline investigations and millions of sensors, FireEye Email Security prioritizes critical alerts and enables endpoint and network incident mitigation and remediation. FireEye Email Security works seamlessly with the FireEye security operations platform – FireEye Helix – providing visibility across the entire infrastructure. Flexible deployment options FireEye Email Security - Server Edition is an on-premises appliance that protects against advanced email attacks. Real-time updates from the entire FireEye ecosystem combined with attribution of alerts to known threat actors provide context for prioritizing and acting on critical alerts and blocking spear-phishing emails. With nothing to install, FireEye Email Security - Cloud Edition is ideal if you’re migrating email to the cloud. It integrates seamlessly with cloud-based email systems such as Office 365 with Exchange Online Protection to stop targeted, advanced attacks faster and more accurately than Exchange Online Protection alone. Full stack email security solution FireEye MVX engine Rapidly detects and blocks unknown malicious attacks. Advanced URL defense Inspects URLs for links to credential-phishing sites and rewrites URLs. Impersonation detection Stops difficult to detect malware-less attacks. Retroactive analysis and alerting Detects and alerts on URLs that go live after email delivery

To prevent common malware, Endpoint Security uses a signature based endpoint protection platform (EPP) engine. To find threats for which a signature does not yet exist, MalwareGuard uses machine learning seeded with knowledge from the frontlines of cyber attacks. To deal with advanced threats, endpoint detection and response (EDR) capabilities are enabled through a behavior-based analytics engine. Finally, a real-time indicators of compromise (IOC) engine that relies on current, frontline intelligence helps find hidden threats. This defense in depth strategy helps protect vital information stored on customer endpoints. Even with the best protection, breaches are inevitable. To ensure a substantive response that minimizes business disruption, Endpoint Security provides tools to:

• Search for and investigate known and unknown threats on tens of thousands of endpoints in minutes
• Identify and detail vectors an attack used to infiltrate an endpoint
• Determine whether an attack occurred (and persists) on a specific endpoint and where it spread
• Establish timeline and duration of endpoint compromises and follow the incident
• Clearly identify which endpoints and systems need containment to prevent further compromise

Primary Features

• Single agent with three detection engines to minimize configuration and maximize detection and blocking

• Single integrated workflow to analyze and respond to threats within Endpoint Security

• Fully integrated malware protection with antivirus (AV) defenses, machine learning, behavior analysis, indicators of compromise (IOCs) and endpoint visibility

• Triage Summary and Audit Viewer for exhaustive inspection and analysis of threats

Additional Features

• Enterprise Security Search to rapidly find and illuminate suspicious activity and threats

• Data Acquisition to conduct detailed in-depth endpoint inspection and analysis over a specific time frame

• End-to-end visibility that allows security teams to rapidly search for, identify and discern the level of threats

• Detection and response capabilities to quickly detect, investigate and contain endpoints to expedite response

• Easy-to-understand interface for fast interpretation and response to any suspicious endpoint activity

File content security, which would cover online file shares, portable file storage and services such as SharePoint, is a significant concern for your networks. Advanced cyber attackers can breach file content security and then launch advanced attacks capable of compromising key systems in an organization. FireEye File Content Security (FX Series) products help prevent, detect and respond to cyber attacks by scanning file content for signs of malicious threats. These threats might be brought into an organization from outside sources, such as online file sharing services and portable file storage devices. Benefits of File Content Security Prevent file share-based cyber attacks Block malware discovered in network file storage and content sharing systems Detect advanced malware Scan CIFS and NFS-compatible file shares, on-demand or on a schedule, without affecting server performance Leverage WebDAV protocol to proactively scan SharePoint document management systems Identify known and unknown latent malware that bypasses conventional antivirus products Respond to incidents faster Scan selected or all files, hard drives and trusted and untrusted file domains Analyze a broad set of file types, such as PDF, MS-Office, vCards, ZIP/RAR/TNEF, Quicktime, MP3, Real Player, JPG, PNG Integrate with other FireEye cyber security products, sharing and applying intelligence

FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Available with any FireEye solution, FireEye Helix integrates your security tools and augments them with next-generation SIEM, orchestration and threat intelligence capabilities to capture the untapped potential of security investments. Designed by security experts, for security experts, it empowers security teams to efficiently conduct primary functions, such as alert management, search, analysis, investigations and reporting.

Advanced features that simplify and improve security:

• Threat  Intelligence: Detect, enrich, explore and learn about the latest intelligence threats.

• Security Orchestration: Automate response with pre-built playbooks created by frontline practitioners.

• Next-Generation SIEM: Improve threat and vulnerability detection with advanced user behavioral analytics.

• Workflow Management: Organize, assign, collaborate and action steps through the investigative process through automated and manual workflows.

• Investigative Workbench: Index, archive and search across alert and event data from all sources across the infrastructure to support flexible pivoting and fast hunting.

• Compliance Reporting: Use and customize dashboards and widgets to visually aggregate, present and explore the most important information.

• Simplify Analysis: Collect, store and analyze event data in a single log source with custom rules and alert queues.
• Lightweight Deployment: Enable rapid, scalable, and cost-efficient deployment across cloud, on-premise, and hybrid environments.

 

FireEye Threat Analytics Platform is now a part of Helix

FireEye Malware Analysis is a forensic analysis solution that gives security analysts hands-on control over powerful auto-configured test environments to safely execute and inspect advanced malware, zero-day and advanced persistent threat (APT) attacks embedded in web pages, email attachments and files.

As cyber criminals tailor attacks to penetrate a specific business, user account or system, analysts need easy-to-use forensic tools that help them rapidly address targeted malicious activities.

HIGHLIGHTS:

• Performs deep forensic analysis through the full attack life cycle, using the FireEye MVX engine
• Streamlines and batches analysis of suspicious web code, executables and files
• Reports in-depth on system-level OS and application changes to file systems, memory and registries
• Offers live-mode or sandbox analysis to confirm zero-day exploits
• Dynamically generates threat intelligence for immediate local protection via integration with FireEye Central Management
• Captures packets to allow analysis of malicious URL session and code execution
• Includes the FireEye AV-Suite to streamline incident response prioritization
• Includes support for Windows and MacOS X environments

By leveraging FireEye’s unique technologies and threat intelligence, FireEye Network Security detects what other security solutions miss, providing holistic security from the perimeter to the network core. Ideal for next-generation networks that need flexible and scalable deployment options, FireEye Network Security offerings provide strong security for a myriad of environments and customer needs. FireEye Network Security is designed for high-performance, pervasive and consistent protection against threats across your organization with integrated security workflow and actionable contextual intelligence. It enables you to:

• Accurately detect and immediately stop attacks that evade other security devices, including file-based sandboxes
• Understand and prioritize critical alerts with reliable execution evidence and contextual insights
• Proactively defend and investigate threats with tactical intelligence from FireEye or a third party using the Structured Threat Information eXpression (STIX) format as well as contextual and strategic threat intelligence
• Deploy Network Security with integrated all-in-one hardware appliances or with a scalable and flexible on-premise or cloud-based distributed model
• Future-proof your investment with an extensible, modular architecture
• Provide your Microsoft Windows and Apple OS X users with the same level of threat protection
• Achieve quick protection with machine-, attacker- and victim-based intelligence applied as updates to your defenses every 60 minutes
• Shorten the solution payback period by eliminating the operational cost of triaging alerts manually
• Integrate and automate your security workflow to easily prioritize, investigate and respond to alerts across different threat vectors

FireEye Security Suite provides enterprise-grade protection to secure networks, emails and endpoints for organizations of all sizes. It defends against advanced attacks, accelerates incident response and safeguards the core business.
FireEye Security Suite is designed for organizations with 100-2000 users. It protects multiple attack vectors to break the chain of events that often leads to data loss and business disruption.

Security Suite features FireEye Network Security, NX Edition
Secure networks with the integrated Intrusion Prevention System (IPS) and detect advanced malicious network attacks such as zero-day attacks and signature-less malware. Multi-Vector Virtual Execution (MVX) Engine
Cloud MVX engine detonates suspicious artifacts that don't match signature-based indicators and disrupts advanced malicious network attacks. FireEye Email Security, Cloud Edition
Arrests the first line of attack by stopping viruses, spam, zero-day malware, advanced URL threats and low-volume, highly-targeted phishing attacks. Email Sender Impersonation Detection
Blocks malware-less impersonation attacks and protects organizations from hard to detect CEO fraud scams and financial loss. FireEye Endpoint Security, Essentials Edition
Last line of defense with an antivirus engine, behavioral analysis and machine-learning managed by a single unified agent. Endpoint Protection Against Signature-Free Vulnerability Exploits
Ability to assess and analyze endpoint behavior to reveal and block application exploits.
FireEye solutions included in the Security Suite

• Network Security: defend networks, data and users with today’s fastest, most reliable cyber-attack protection.
• Endpoint Security: proactively detect, prevent and analyze known and unknown threats on any endpoint.
• Email Security: proactively detect and stop all types ofemail-borne threats.
• FireEye Helix: simplify, integrate and automate security operations to stop threats faster.

FireEye SmartVision Edition is a network traffic analysis (NTA) solution that detects suspicious lateral traffic within an enterprise network. Unlike other network security solutions that sit at the perimeter to thwart malicious incoming attacks, FireEye SmartVision Edition can be deployed throughout the network — at the core, across network segments and in front of key server assets — to detect malicious internal traffic. With FireEye SmartVision Edition, security analysts and administrators gain new insight and visibility of suspicious lateral traffic that firewalls and other security gateways miss. By using easy to deploy, lightweight sensors working in conjunction with FireEye’s industry - leading Cloud MVX™ technology, customers can scale SmartVision Edition visibility across the entire network — from the data center to remote branch office locations. At the heart of SmartVision Edition is advanced threat detection software, which includes an advanced correlation and analytics engine and a machine learning module to detect attempted data exfiltration, bolstered by 120+ intrusion detection rules that identify weak indicators of compromise Benefits

• Detects formerly undetectable suspicious lateral traffic

• Decreases time to detect postbreach activities

• Provides flexibility to scale throughout the entire network

• Enables visibility into network segmentation initiatives

• Improves network forensics and incident response

• Reduces attacker dwell time

Components of SmartVision edition Three components are required to enable SmartVision Edition:

1. A minimum of one or more SmartVision Sensors (hardware or virtual)

2. Connection to a FireEye MVX engine (either on-premise, Smart Grid or via Cloud MVX*)

3. FireEye OS release 8.1.2 or greater with SmartVision activated