FireEye Threat Analytics
Defeat the threats that matter with next-generation security information and event management
Overview:
To defend against multi-vector attacks that bypass traditional security tools, organizations need to augment data from multiple sources and vectors with codified detection expertise.
FireEye Threat Analytics is a next-generation SIEM solution that provides enterprise-wide visibility and behavioral analytics to protect against advanced cyber attacks. FireEye Threat Analytics applies threat intelligence, expert rules and advanced security data analytics to optimize detection and response to the alerts that matter.
Cloud-Based Threat Detection and Investigation
Organizations are fighting an asymmetric battle. Adversaries are elusive, polymorphic, well funded and able to bypass legacy security technologies to exfiltrate your most critical data. Organizations are understaffed, overwhelmed with alerts and lack the visibility and information they need to detect and investigate cyber threats.
FireEye is transforming detection and incident investigation with our cloudbased Threat Analytics Platform (TAP). TAP provides enterprise-wide visibility, codified detection expertise and guided investigation workflows to amplify your defense against today’s most sophisticated cyber attacks.
Highlights
- Purpose-Built – the cloud-based platform was built by security practitioners for security practitioners
- Answers, Not Alerts – identify known and unknown threats by applying real-time threat intelligence to enterprise event streams
- Codified Detection Expertise – enhance detection and investigation capabilities with codified expertise from FireEye security researchers and data scientists
- Integrated Threat Insight – streamline incident investigation by enriching alerts with detailed attacker context
- Sub-Second Search – improved search time across billions of events helps security analysts proactively hunt for covert behavior on the network
- Rapid Deployment – operational in hours instead of months or years
- Easily Scalable – elastic, cloudbased infrastructure makes it easy for organizations to scale as business needs or seasonal requirements change
- Predictable Costs – software-as-service provides predictable operating expense for software, support, infrastructure, threat intelligence and security expertise
Features:
Built by Security Practitioners
FireEye built TAP from the ground up — by security practitioners, for security practitioners. TAP combines threat insights gained from responding to the worlds’ most consequential breaches with big data security analytics and codified security expertise so you can quickly identify and investigate cyber threats.
Enterprise-Wide Visibility
Your attackers can enter anywhere. You need visibility everywhere. TAP provides enterprise-wide visibility by aggregating alerts from the diverse range of security technologies throughout your organization. Our thin network sensors provide real-time visibility to distributed environments, aggregating events from remote locations and sending them to a centralized location for log retention, threat analysis and investigation.
Adaptive Detection
Your adversaries are constantly changing. Your detection and investigation capabilities must evolve just as quickly. FireEye has a dedicated TAP team made up of data scientists and security researchers that codify extensive front-line incident response experience into detection rules, behavioral analytics and guided investigations. Within hours of discovering an emerging attack, they create new rules and perform retrospective analysis of your environment to determine the potential impact and feed these rules back into the TAP product. Upon discovering malicious activity, TAP generates alerts enriched with supporting data, such as attacker context, to aid the investigator in validating and scoping the incident.
Accelerate Threat Investigations
Your team’s ability to respond to an ever-increasing number of cyber attack is stretched to the breaking point. You need a dramatic increase in security operations productivity and effectiveness that will accelerate your incident response lifecycle.
TAP expedites investigation by enriching alerts with supporting data. Threat intelligence, point-in-time context regarding users affected, actions taken and hosts involved help you validate and scope the incident.
TAP also offers Guided Investigations to help amplify the investigation efficiency of incident responders. Our Guided Investigation capability leads analysts through industry-leading investigative strategies by providing pre-populated queries based on FireEye knowledge from specific attack scenarios.
Upon receiving an alert, TAP selects and presents the relevant next step queries providing a best practice workflow to guide and inform your threat investigation.
Think Like Your Attacker
To move from reactive response to proactive defense, you must think like your attacker. TAP includes access to the FireEye Intelligence Center (FIC) to help you understand your adversaries’ methods and motivations as well as anticipate their next moves. FIC streamlines incident investigations by providing users with actionable intelligence. FIC’s comprehensive profiles detail the tools, techniques and procedures used by threat actors specifically targeting your industry.
Discover Covert Activity
When an adversary evades detection, there is no evidence of compromise, no starting point for your investigation. To discover emerging attack campaigns, you must pre-emptively search for evidence of covert behavior. TAP enables nimble data exploration via sub-second search across billions of events so security analysts can proactively hunt for hidden indicators of compromise. Once identified, agile investigation tools help analysts pivot from one indicator to the next, evaluate the full context of newly discovered artifacts, reconstruct the attack storyline and ultimately limit the impact of the breach.
Benefits:
Improve detection
Non-malware based detection and user and entity behavioral analytics.
- Apply real-time threat intelligence to event streams
- Detect non-malware based threats with user and entity behavioral analytics
Accelerate investigation
Faster forensics investigation and alert triage from context.
- Augment security analysts with guided investigation tips
- Explore billions of events with sub-second search
Simplify analysis
Simplified dashboards and reporting, alert queues, and custom rules.
- Collect, store and analyze event data in a single log source
- Integrate codified expertise from FireEye security researchers and data scientists
Deployment:
Simplified Deployment Expedites Time to Value
TAP requires minimal onsite configuration, simplifying deployment and eliminating costly professional services engagements. Our elastic, cloud-based infrastructure scales seamlessly, allowing you to adapt faster as business needs or seasonal requirements change. The TAP subscription includes software, support, infrastructure, threat intelligence and codified security expertise, ensuring predictable operating expense.
Documentation:
Download the FireEye Threat Analytics Platform Datasheet (PDF).