Combining threat intelligence forces and perspectives into one powerful, intelligence-led platform is the first step in our goal to give customers unsurpassed ability to proactively anticipate, detect and quickly respond to threats facing us today.
With the initial stages of the iSIGHT Partners integration into our Global Threat Management Platform underway, not only will existing FireEye customers benefit from the integrated intelligence, so are users and customers of other security tools and platforms that consume what we now call FireEye iSIGHT Intelligence.
For example, the initial integration has already yielded enhanced protection of FireEye as a Service (FaaS) and Mandiant customers:
- FireEye was able to identify and characterize the leaked data in an underground community as that of customer’s, enabling them to better manage their response and risk while continually tracking cybercrime community activity linked to the situation.
- iSIGHT intelligence enabled a customer who was impacted by a cybercrime actor compromising a shared hosting infrastructure with the intention of distributing malware to see what exactly had been compromised and what malicious activity could be carried out. The services affected included highly popular content management systems used by numerous high-traffic sites, meaning that malware distribution associated with this incident could have affected thousands or millions of victims.
For one customer attempting to determine how numerous customer accounts were compromised, integrated intelligence assisted the client in understanding risks associated with the leakage of such information based on typical compromise and monetization vectors.
We’ve also introduced several new partner integrations supporting this new, open platform that includes:
· IBM Qradar: The new FireEye iSIGHT application allows customers to pull our context-rich threat intelligence into QRadar, enabling users to focus investigations on suspected incidents with a higher degree of confidence. Users can perform event level workflow actions including viewing MySIGHT reports corresponding to matched indicators and searching against iSIGHT indicators via a simple right click functionality. In addition, this integration provides flexibility for users to configure their own settings, such as specifying the rate at which indicators are continuously pulled into the app and even identifying subsets of indicators for matching.
· Soltra: enables customers to populate FireEye iSIGHT content into their Threat Intelligence Platform (TIP) for automated intelligence dissemination.
· Splunk: The FireEye iSIGHT application for Splunk has been updated and allows customers to search and match their data against our intelligence indicators within their Splunk instance. We have taken some major strides forward with this update. Vulnerability intelligence is now available for Splunk users that subscribe to the FireEye iSIGHT Vulnerability & Exploit subscription. Users can perform event level workflow actions including searching against iSIGHT indicators, performing a pivot search on iSIGHT indicators, and viewing reports corresponding to matched indicators on MySIGHT. Since customers require a quick view into hits on iSIGHT intelligence, this application utilizes a simple layout to highlight statistics on top matched indicators and offers customers an overview of indicator activity. In addition, the Splunk app provides an IOC dashboard through which users can search our reporting for specified indicators.
- · Maltego: this integration empowers customers using this data visualization tool to perform powerful visual link analysis based on FireEye intelligence accessed via the FireEye iSIGHT API.
- FireEye iSIGHT Browser Extension for Firefox: is an additional plug-in to our existing Google Chrome plug-in enabling iSIGHT users to get contextual intelligence on the contents of any appropriate web page. E.g. An alert detail page within FireEye Network Security or your SIEM.
The next phase of FireEye iSIGHT Intelligence is a solution that delivers intelligence tailored to the role of the individual using it – whether that be a more tactical role up to strategic. Following that, FireEye will provide customers with a unified threat intelligence portal that combines multiple existing assets and delivers strategic threat intelligence and analysis.
To learn more about the combined FireEye iSIGHT Intelligence portfolio, please check out the new datasheet.