Jump to content

FireEye Callback Filter


The Callback filter blocks outbound malware transmissions to cyber attackers' servers stopping data exfiltration attempts. The malware content can be auto-generated by local FireEye appliances' VX engines. Also, Malware Protection Cloud (MPC) subscribers get the latest security content from FireEye appliances deployed within customer networks, technology partner networks, and service providers around the world.

The FireEye Callback filter protects the network using both local and global threat intelligence. For instant local protection against attacks targeting your network, the Callback filter detects and blocks callback channels the VX engine has discovered in your traffic. No cloud update is required for this blocking to begin. For fast protection against emerging global attacks, the Callback filter will also block channels it learns about through automated notifications from the global Malware Protection Cloud. These cloud notifications reflect the ongoing discoveries of FireEye researchers, multiple third-party threat intelligence feeds, and other FireEye customers. FireEye's unique application of local and global callback discoveries provides the most immediate, definitive protection against the callback communications used in advanced persistent threats, botnets, and targeted attacks.

Threat intelligence includes:

  • Malware attack profiles, including identifiers of malware code, exploit URLs and other sources of inbound infections and attacks
  • Fully qualified malware callback destinations (Destination IP address, protocols used, ports used) that identify malicious websites and email sources
  • Malware communication protocol characteristics, such as custom commands used to instantiate transmission sessions
  • Third-party threat intelligence feeds from many different sources, which are then automatically validated using FireEye technology and added into the MPC subscription feed

By terminating outbound malware transmissions across multiple protocols, FireEye customers are able to thwart data exfiltration, botnet activities, and advanced persistent threats communicating across HTTP, FTP, IRC, and many other protocols. This effectively shuts down blended and spear phishing attacks by preventing communications used in targeted attacks over the Web and Email.