Over the past two decades, we have had the privilege of responding to hundreds of computer security breaches. We have spent over a million hours on the front lines combatting the most advanced computer intruders, assisting organizations in responding to the attacks.
These experiences have provided us the opportunity to become intimate with the challenges organizations face when confronting cybersecurity threats. They also provided the best vantage point for us to observe the current state of the threats attacking organizations.
Our most telling conclusion is that today’s cyber attacks circumvent even the most secure organizations. These highly security-conscious organizations implement programs with numerous products, plenty of personnel, and thorough policies that address known weaknesses. Yet, they still tend to suffer security incidents as frequently as organizations whose security programs are not as robust.
Why is this the case? Simply put: attackers have been adapting to enterprise defenses and exploiting weaknesses we’ve never heard of far faster than we can adapt or react to their activities … until now.
There is no such thing as perfect security – but we can take tremendous strides to advance the speed and effectiveness of our security programs. The most effective security programs will incorporate strategies to reduce their target surface and shorten the “alert to fix” cycle to diminish the impact of any security breaches that do occur. Effective, security conscious organizations will implement:
- Strong preventive measures to minimize your attack surface area.
- Advanced detection capabilities (signature-less detection, real-time detection).
- Network, endpoint, and event visibility.
- The threat intelligence required to leverage the visibility.
- A fluid process to adapt to emerging threats.
As attacks change, defensive measures must evolve. We have learned the next-generation security architecture needs to be adaptive, nimble and have real long-term relevance. And we need to approach this with state-of-the-art products, highly skilled security experts and real-time threat intelligence.
We call this Adaptive Defense.
FireEye Adaptive Defense fully embraces the combination of FireEye and Mandiant, two companies that approached security from both sides of the security spectrum—detect and respond, respectively. By focusing on detection, FireEye created real-time, signature-less based methods to have situational awareness when attacks occur. By focusing on response, Mandiant developed the capability to rapidly and effectively contain these threats. Together, both organizations combine years of rigor and discipline obtaining the threat intelligence required to detect and respond to incidents.
These areas of focus represent the totality of the security problem the world faces today. We need to be able to prevent and detect the attacks we understand well enough to counter with technology. We need to analyze the environment to address the attacks that penetrate an organization’s perimeter and bypass preventive measures. And then ultimately, when we understand an attack well enough, contain it to get back to normal business operations. To succeed in today’s cyber-threat environment this cycle must shrink – from alert to fix in months, to alert to fix in minutes – in order to eliminate the consequences of a security breach.
That’s the compelling need FireEye Adaptive Defense addresses with today’s announcements. To learn more about what makes Adaptive Defense work, visit FireEye Threat Intelligence and FireEye as a Service.