Jump to content

FireEye Announces Availability of Splunk for FireEye, A New Application to Enable Customers to Further Consolidate and Correlate Analytics on Cyber Attacks

Application gives businesses long-term trending and analytics with FireEye data

MILPITAS, Calif. - Sep 13, 2012 – FireEye®, Inc., the leader in stopping advanced cyber attacks, and Splunk Inc. (NASDAQ: SPLK), the leading provider of software for real-time operational intelligence, today announced the availability of the Splunk® for FireEye application. Information on inbound and outbound events from FireEye appliances is now available within the Splunk Enterprise console.

With this application, Splunk Enterprise provides real-time continuous monitoring and trending of FireEye customer data, along with support for real-time alerting. This allows users to visualize and express long-term trends that aid with the prioritization of incident response activities, as well as set and monitor key performance metrics.

"With our next-generation threat protection, critical information gleaned from our appliance is crucial for security professionals to make informed decisions," said Ashar Aziz, FireEye founder and CEO. "This application is a win for our joint customers by saving them time and increasing their visibility into their security operations."

"Enterprises demand tools that give them insight into events as they occur. FireEye is a leader in providing dynamic analysis and blocking of zero-day attacks," said Bill Gaylord, senior vice president of business development at Splunk. "There is an incredible amount of security data generated by FireEye’s products that companies can use to improve their security posture. Splunk software can ingest a comprehensive analysis of malware to ultimately provide security professionals the ability to correlate this data with other activity in their environment to proactively monitor for and detect these elusive threats."

The Splunk for FireEye application provides comprehensive reports for monitoring malware distribution and callbacks, infection types over time, and the number of infected systems. Included in the reports are dashboards that show the number of inbound infections by host IP over time and the number of callbacks over time by malware name. Users are able to examine a discovered piece of malware in a number of ways, including:

  • Malware: provides an overview of a specific piece of malware including its name, number of callbacks, source and destination, and port and protocol used.
  • Transactions: provides a view of each of the callbacks as a transaction, identifying the source and destination, the severity, and the infection source port.
  • C2 (callback information): includes HTTP (layer-7) information along with the URI, HTTP version, user agent (browser version), and the action (GET or POST).
  • Trends: provides an "over-time" graphical view of communication (ports and IPs) between the malware and its C2 destination.
  • Correlation: passes the time of a particular malware activity to Splunk, which launches a search for other activities happening at that same time.

Visit www.fireeye.com for more information on FireEye next-generation threat protection.

About FireEye, Inc.

FireEye is the leader in stopping advanced cyber attacks that use advanced malware, zero-day exploits, and APT tactics. The FireEye solutions supplement traditional and next-generation firewalls, IPS, anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks. FireEye offers the industry's only solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats. Based in Milpitas, California, FireEye is backed by premier financial partners including Sequoia Capital, Norwest Venture Partners, and Juniper Networks.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data™. Splunk® software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks and mobile devices that power business. Splunk software enables organizations to monitor, search, analyze, visualize and act on massive streams of real-time and historical machine data. More than 4,400 enterprises, universities, government agencies and service providers in over 80 countries use Splunk Enterprise to gain operational intelligence that deepens business and customer understanding, improves service and uptime, reduces cost and mitigates cyber-security risk.

Media Contact

FireEye
Lisa Matichak
+1.408.321.6300 pr@fireeye.com

LEWIS Pulse
Katherine Nellums
+1.415.432.2415 katherine.nellums@lewispulse.com

# # #

FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.