Tags:

Date: 19 February 2015

Author: cwilkinson

FireEye: A Full Solution

by Todd Plambeck, VP of Technology at Bedroc

I recently attended a Lunch & Learn with our regional FireEye Team. My goal of attending the meeting was to understand the integration capabilities of the FireEye Solution and how the Mandiant Endpoint Software (now HX) features are progressing. Bedroc has been a FireEye Partner for approximately eighteen months and was recognized at FireEye’s Momentum 2015 Conference for putting together one of their largest deals of 2014.

The training started with the standard introductions which gave each attendee the opportunity to meet the FireEye regional team and gave an insight into local competitors. Our Regional Solutions Engineer, Ric Rojas, lead the training and was immediately on the whiteboards (much preferred to PowerPoint). Ric started the whiteboard session by outlining a common attack method, Multi-Flow Exploits, and how each of the FireEye products addressed the threat. The conversation quickly shifted to the two features that make FireEye unique: MVX & DTI.

The MVX (Multi-Vector Virtual Execution) engine captures and confirms zero-day and targeted APT attacks by detonating suspicious files, web objects, and email attachments within instrumented virtual machine environments. The MVX engine performs multi-flow analysis to understand the full context of an advanced targeted attack. Once the signatures are created by the analysis, they are shared between the local FireEye Appliances before being sent to the DTI.

The Dynamic Threat Intelligence (DTI) cloud is for use by all subscribers to stop inbound attacks as well as outbound data and resource thefts. The DTI Cloud acts as a repository for the MVX created signatures, which are shared between the FireEye appliances worldwide.

The FireEye HX is an endpoint software component used to protect and contain threats before they can move laterally within an organization. The HX platform leverages indicators of compromise (IOC) from other FireEye platforms (NX, EX, FX, AX) to rapidly determine if a compromise has affected the endpoint.

In conclusion, FireEye has done a great job integrating all components of a thorough solution. The HX feature set is on par with the competing endpoint solutions in the market and is poised to supersede these competitors in the very near future. The time spent with the FireEye Team further solidified Bedroc's commitment to our FireEye partnership and our belief in their technology.

To learn more about the FireEye Solution and how it could be right for you, give Bedroc a call at 615.816.1786.

Tweets