The FireEye Dynamic Threat Intelligence (DTI) cloud interconnects FireEye threat prevention platforms deployed within customer networks, technology partner networks, and service providers around the world. This worldwide cloud efficiently shares auto-generated threat intelligence, such as covert callback channels, as well as new threat findings from FireEye Labs.
How FireEye Combats Today's New Breed of Cyber Attacks
When a platform confirms an attack locally, it generates dynamic and anonymized threat intelligence of the attack and distributes it through the DTI cloud to warn other users. Threat intelligence includes:
- Malware attack profiles, including identifiers of malware code, exploit URLs, and other sources of inbound infections and attacks
- Analysis of email attachments and URLs
- Fully qualified malware callback destinations (destination IP address, protocols used, ports used) that identify malicious websites and email sources
- Malware communication protocol characteristics, such as custom commands used to instantiate transmission sessions
- Third-party threat intelligence feeds from many different sources, which are then automatically validated using FireEye technology and added into the DTI cloud subscription feed
Unlike reputation and risk-based threat intelligence networks, which make assumptions about potentially risky code and broadcast signatures that may either falsely block or falsely allow traffic, FireEye systems confirm malicious activity. The assessments captured by the FireEye systems are conclusive because suspicious code is fully tested in a virtual execution environment.
Download the DTI backgrounder for additional information on how FireEye transforms data into intelligence.