FireEye is focused on countering the evolving threats facing public and private sector organizations around the globe. Whether through information sharing, force multiplication, advanced warning from cutting edge intelligence, advanced detection, security as a service, or prioritization and rapid response, our mission is to turn the tide on the adversary.
We believe that the security industry is in need of a revolution – moving away from reactionary, event based strategies towards a proactive, intelligence-led approach. It is this long-held belief that has driven our acquisitions of firms such as Mandiant, iSIGHT Partners and Invotas, informed our product development strategies, and given birth to the FireEye Information Sharing Network. A belief in the power of this approach has been at the core of FireEye since its inception. Our advanced detection platform is powered through rapid collection and ingestion of threat intelligence.
Over the next weeks and months, you will hear a lot from FireEye on our views for driving this intelligence-led approach…
- We will outline on our support for the creation of Information Sharing and Analysis Organizations (ISAOs) inside the United States (as mandated in Executive Order 13691.) FireEye will provide expertise and advice to the ISAO Standards Organization and the broader security community.
- We will engage in an open dialogue on the difference between information and cyber threat intelligence, a critically important discussion in the face of widespread market confusion.
- We will explore our views on the roles of the public and private sectors in driving the intelligence-led approach to security.
- We will outline best practices for consuming information shared by ISAOs and for operationalizing commercial threat intelligence across people, processes and technology.
Today, we are thrilled to announce the expansion of FireEye’s Information Sharing Network (FISN) – broadening from its existing base of 150 participant organizations to include many more potential partners around the globe. Cybersecurity firms, public and private sector organizations and independent researchers who are interested in becoming members are invited to apply by emailing us at [email protected].
The FireEye Information Sharing Network has been in place since 2013, providing a platform for the daily sharing of malware samples and indicators of compromise to a wide variety of organizations including national CERTs, NGOs, law enforcement agencies, leading cybersecurity companies, major anti-virus vendors, independent security researchers and private sector firms. It was strengthened with the announcement of our Global Threat Intelligence™ sharing initiative in 2015, which allows FireEye customers to share anonymized FireEye intelligence with their partners, customers and trusted community members. Its creation follows a long line of contributions to the cybersecurity community by FireEye and the companies it has acquired. A great example is the OpenIOC standard and suite of free tools released to the community in 2011 by Mandiant. OpenIOC was designed to fill a void for organizations that want to share threat indicators both internally and externally in a machine-digestible format.
Currently, the FireEye Information Sharing Network facilitates the open sharing of hundreds of thousands of malware samples on a daily basis, provides an avenue for one-on-one sharing of information deemed more sensitive, and serves as a pathway for advanced notice of FireEye’s proprietary security research. The information shared is anonymized to exclude personally identifiable information or anything that could identify a victim company, and the information shared by FireEye adheres to the strict confidentiality obligations contained in our customer agreements.
The FireEye Information Sharing Network features four key elements:
- Malware: Open sharing of hundreds of thousands of malware samples on a daily basis.
- Sensitive Information: One-to-one sharing of information deemed more sensitive by contributing members.
- Advanced Notice of Proprietary Research: Advanced copies of FireEye security research reports shared among member participants.
- Sharing beyond FISN: FireEye and other member organizations occasionally share information and brief non-member organizations on emerging threats.
We are proud of FireEye’s pioneering position in information sharing and cyber threat intelligence. We are committed to the real-time exchange of information across the security community and among private and public sector organizations as demonstrated by our management of FISN, the OpenIOC standard and its tools, and participation in programs such as US-CERT’s Cyber Information Sharing and Collaboration Program (CISCP).
We have also recognized the distinction between sharing indicators of compromise and malware – which is largely historical, event driven data – and the delivery of forward leaning, contextually based cyber threat intelligence. The sharing of threat indicators and malware has value, but its value is ephemeral based on the ease with which adversaries can modify their use of malware and command and control infrastructure. To maximize its value, the speed with which this information is discovered, shared and ingested is vitally important, thus our focus on standards such as OpenIOC.
Meaningful cyber threat intelligence delivers a deeper view into the actions, intent, tools and tactics, techniques and procedures (TTPs) utilized by the adversary – all areas that are much more difficult for adversaries to change with speed. It also incorporates human analysis to apply context that cannot be found in raw information feeds.
We’ve invested heavily into developing capabilities in both arenas, and with the recent acquisition of iSIGHT Partners, we now offer the most robust and comprehensive cyber threat intelligence capabilities in market.
Through the open FireEye Information Sharing Network and our commercial cyber threat intelligence offerings, we are committed to driving an intelligence-led revolution in security that strengthens defensive postures for organizations across the globe.
We invite you to learn more about the FireEye Information Sharing Network by contacting us via email at [email protected]