Presentation on theme: "Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel."— Presentation transcript:
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 FireEye Overview Joshua Senzer, CISSP Sr. Systems Engineer – North East Channel
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 2 Sophisticated attacks are more common
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 3 What the Analysts are Saying “The widening gap between hacker capabilities and security defenses has security organizations struggling to keep up with the changing nature, complexity, and scale of attacks.” Forrester, 2011 “Incumbent defenses fall short…existing antimalware initiatives are no longer enough.” Forrester, 2011 ““There is widespread agreement that advanced attacks are bypassing our traditional signature-based security controls and persisting undetected on our systems for extended periods of time. The threat is real. You are compromised; you just don't know it yet.” – Gartner, January 2012 “Organizations that rely on desktop AV and secure web gateways as their primary antimalware technologies may very well find themselves falling victim to malware-based attacks.” Forrester, 2011 “Some IPS/IDS/NGFW vendors are no better at handling evasions today than they were when they released their original products.” Gartner, 2011
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 4 ADVANCED TRADITIONAL Advanced Targeted Attack Hackers Evade Existing Defenses Utilizes advanced techniques and/or malware –Unknown –Polymorphic –Dynamic –Multi-stage –Personalized Uses zero-day exploits, commercial quality toolkits, and social engineering Often targets IP, credentials and often spreads laterally throughout network Same techniques – whether mass crimeware or targeted APT Stealthy Unknown and Zero Day TargetedPersistent Open Known and Patchable BroadOne Time The New Threat Landscape There is a new breed of attacks that are advanced, zero-day, and targeted
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 5 Multi-Protocol, Real-Time VX Engine Phase 1: Aggressive capture heuristics Deploys out-of-band/passive or inline Multi-protocol capture of HTML, files (e.g. PDF), & EXEs Maximizes capture of potential zero-day attacks Phase 2: Virtual machine analysis Confirmation of malicious attacks Removal of false positives Phase 3: Block Call Back Stop data/asset theft Local, Enterprise Wide, Global (DTI Cloud) alerts on infections as well as C&C destinations Global loop sharing into DTI Cloud Intelligence Fast Path Real-time Blocking in Appliance Phase 3
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 6 FireEye Hardware Platform 7000 Series: 1Gbps 4000 Series: 250 Mbps 2000 Series: 50 Mbps 1000 Series: 20 Mbps Next-Gen Malware Protection System (MPS) KEY FEATURES: Detects inbound 0-day & custom malware via virtual machine analysis Tracks outbound call- backs and subsequent malicious payloads Extremely accurate detection with near-zero false positive Copper and Fiber models 10-Gig native solution coming soon!
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 7 Advanced Malware Protection Architecture Anti-Spam Mail Servers Internet Facing SharePoint LAN Proxy Web MPS MPS File MPS CMS Real-time Web, , & File Security to stop Advanced Targeted Attacks Centralized Management, Reporting Augments Zero-Day gaps traditional security misses Platform for sharing FireEye Intel with 3rd party products Automation ensures higher detection accuracy & low TCO Malware Protection Cloud provides unique, zero-day intelligence MALWARE PROTECTION CLOUD MAS Firewall
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 8 Technology Alliances - Moving Closer to the Breach Gateway Network Monitoring SIA Partner Member Threat Attribution GRC Host MSSP SSL Alliances subject to change. Integration levels vary based on purpose and investment.
Copyright (c) 2012, FireEye, Inc. All rights reserved. | CONFIDENTIAL 9 Summary Pace of advanced threats accelerating, targeting all verticals and all segments Traditional defenses (NGFW, IPS, AV, and Web gateways) no longer combat these attacks Real-time, proactive signature- less solution is required across Web and to solve issue FireEye has engineered the best threat protection solution to supplement traditional defenses and combat advanced attacks