Making Threat Intelligence More Intelligent
Threat intelligence is the equalizer that enables companies to level the playing field with sophisticated, well-funded, and well-organized attackers. It is the edge that equips our customers to power their detection, inform their response and anticipate today’s increasingly sophisticated cyber threats.
At this year’s FireEye Cyber Defense Summit, we unveiled the FireEye Threat Intelligence Engine, which addresses today’s most significant threat intelligence challenges. These challenges include complex and vast threat data processing requirements, increasingly large storage needs, difficulty automating analyst decision making, inadequate visibility and blind spots, and poor analytical modeling—all of which lead to inaccurate conclusions, high false-positive rates, and missed threats.
As organizations continue to struggle with acquiring and operationalizing threat intelligence, we feel it is important to share a model that has exposed the activities of diverse threat actors and sponsors, including China’s APT1, the financial crime group FIN4, a group targeting the Syrian opposition, and the Russian group APT28. This engine not only produces more intelligence research, but it provides each FireEye product and solution it powers with threat intelligence collected for and by its customers. This engine is composed of three foundational and deeply interconnected elements:
- Deep and broad visibility into the latest attacks and attack methodologies. Any gaps in your visibility into the latest attacks and the attackers who conduct them is a gap in your security posture. Equally problematic is not knowing that you have gaps in the first place, or that you have already been breached. FireEye combines access to the latest and most sophisticated threats through Mandiant’s decade-long visibility at the front lines of major cyber attack investigations with a global network of 11 million advanced threat sensors to give our customers an unprecedented look at the attackers targeting them.
- Flexible and scalable analysis engine to track an ever-evolving attacker. Attackers are constantly evolving their techniques and tools, so the useful intelligence requires an analytics technology that can consume vast amounts of data sources and be flexible and scalable enough for immediate correlation between disparate data sources. FireEye delivers this in a 115+ million node mathematical graph database that dynamically models a cyber threat group’s tools and tactics, operations, and sponsors.
- Subject matter experts from diverse domains who rigorously track and analyze the financial and political dimensions of cyber threats worldwide. Most attacks today are conducted with political, financial or socio-economic motivations across a broad set of geographies. By understanding these dimensions, FireEye quickly correlates data points and connects dots that would otherwise be seen as unrelated data. At FireEye, our team of experienced PhDs, linguists, analysts, and foreign policy experts provides intelligence with relevant geopolitical and economic context.
Just as importantly, this intelligence needs to be operationalized to detect the world’s most sophisticated attacks while providing the strategic insights to respond quickly and stay a step ahead of the attacker. With the FireEye Threat Intelligence Engine, FireEye offers security teams the context and insights about the threat operations, tools, tactics and groups that we’ve tracked for a decade. It delivers the decision-making edge that equips your responders, powers your detection, and lets you anticipate today’s increasingly sophisticated cyber threats.