Network SecurityCybersecurity Risk & StrategySecurity Transformation
Article5 minute read

FireEye Provides a New Platform for Active Cyber Defense

The FireEye Defensive Cyber Mission System is a rapidly deployable cyber defense and response operation solution that enables local defenders and incident responders with industry-leading tools and support to protect against the world's most advanced persistent threat (APT) groups.

In this article

 Challenges with current platforms

Cyber Protection and Mission Defense Teams across the United States Department of Defense are faced with an incredibly difficult challenge: equip, train and operate a complex stack of defensive cyber technologies against highly skilled adversaries. Compounding the difficulty is the need for a highly mobile platform that is easily transported across the globe.

Although deployable kits are available today, there are challenges with support, integration and performance. The kits in use are often comprised of open-source software, "packaged" as an end-to-end capability, but without the level of support, training and performance required. Size and weight restrictions set limits on the physical footprint, and that footprint drives the available performance.  

The solution must be capable of operating online, as well as end Denied, Degraded, Intermittent and Low-Bandwidth (D-DIL) environments. Furthermore, each mission set imposes unique bandwidth requirements.

Open-source software does not typically have a response Service Level Agreement (SLA), nor a defined escalation path for resolution of issues. Furthermore, open-source software is often created and maintained by developers with other full-time jobs; best effort work by resources who may or may not be U.S. citizens.

Operators must be highly proficient on the platform, yet the training provided is often different than the actual systems used in operations. Furthermore, the community experiences a high level of turnover as the operators are in high demand by the market.  

 Solutions overview

The FireEye Defensive Cyber Mission System is a rapidly deployable cyber defense and response operation solution that enables local defenders and incident responders with industry-leading tools and support to protect against the world's most advanced persistent threat (APT) groups.  

When FireEye technology exists in the environment, the solution can quickly connect to leverage existing infrastructure. By incorporating the FireEye platform and integrating with third-party tools, this solution can provide full-scale cyber operations in all types of environments and mission requirements.

Use cases include:

  • Defensive cyber operations.
  • Incident response.
  • Network enumeration.
  • Network and host-based forensics.
  • Vulnerability assessments.
  • Penetration testing.

This solution, which integrates three critical FireEye technologies, provides full visibility into all network traffic and includes SSL inspection of encrypted traffic and post-exploitation lateral movement detection. To respond and investigate to network-based events, the solution provides seven days of searchable, full PCAP and 30 days of Layer 7 metadata.  

The FireEye platform also applies machine learning and big data analytics to help detect malicious activity that might have previously been missed.

 Three key technologies of FireEye solution

FireEye Helix

FireEye Helix is a security operations platform that makes it simple to deliver advanced security to any organization. It surfaces unseen threats and empowers expert decisions with frontline intelligence to take back control of your defenses and capture the untapped potential of your security investments.

Available with any FireEye solution, FireEye Helix works as a seamless and scalable foundation to connect and enhance all your security solutions, including non-FireEye products. Designed by security experts, for security experts, it empowers security teams to efficiently conduct primary functions, such as alert management, search, analysis, investigations, and reporting.

FireEye Network Security and Forensics

FireEye Network Security and Forensics is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted, and other evasive attacks hiding in Internet traffic.  

The FireEye Network Forensics solution pairs the industry's fastest lossless network data capture and retrieval solution with centralized analysis and visualization.  

FireEye Network Security uses multiple analysis techniques to detect attacks with high accuracy and a low rate of false alerts:

  • The Multi-Vector Virtual ExecutionTM (MVX) engine detects zero-day, multi-flow and other evasive attacks with dynamic, signature-less analysis in a safe, virtual environment. It stops the infection and compromise phases of the cyber-attack kill chain by identifying never-before-seen exploits and malware.
  • Intelligence-Driven Analysis engines detect and block obfuscated, targeted and other customized attacks with contextual, rule-based analyses based on real-time insights gathered from the frontlines, including millions of verdicts from the MVX engine, thousands of hours of incident response experience gathered by FireEye Mandiant and the work of hundreds of threat researchers.

FireEye Endpoint Security

Even with the best protection, breaches are inevitable. To ensure a substantive response that minimizes business disruption, FireEye Endpoint Security provides tools to:  

  • Search for and investigate known and unknown threats on tens of thousands of endpoints in minutes.
  • Identify and detail vectors an attack used to infiltrate an endpoint.
  • Determine whether an attack occurred (and persists) on a specific endpoint and where it spread.
  • Establish timeline and duration of endpoint compromises and follow the incident.
  • Clearly identify which endpoints and systems need containment to prevent further compromise.

 Solution benefits

The FireEye Network platform provides ample benefits in support of the mission, including:

  • Turnkey approach to defensive cyber operations, common platform for wide range of missions.
  • Flexible approach to size, weight and power.
  • Commercial off the shelf (COTS) solution with all necessary training and support, 24/7 with U.S. Citizens.

World Wide Technology's North American Integration Center (NAIC) campus includes more than 2.5 million square feet of warehouse and integration space.  

As part of the partnership with FireEye, WWT's NAIC is used to provide the follow services:

  • Engineer all non-FireEye software and hardware:
    • Servers, switches, virtualization, power solutions, physical cases, chain of custody components.
  • Design cases with the various components and necessary interconnections.
  • Logistical coordination to build, ship and deploy kits to customer locations.
Reach out to get started.
Contact Us