FireEye integrates threat intelligence across logs, packets and endpoints in a number of products such as Enterprise Forensics (PX and IA), Threat Analytics Platform (TAP) and Endpoint Security (HX), which have been available for years. Within FireEye products, intelligence is designed for threat context security to better understand a threat activity and determine the best response. For example:
- An intelligence-led network forensics workbench within FireEye NX, EX, and HX Endpoint Security supports protocols that identify attackers’ lateral spread. Additional threat integration with iSIGHT intelligence further enables correlation between network activities so that an analyst can quickly determine the severity and type of threat, as well as understand outbreak velocity of an incident.
- Integrated intelligence across an entire network comes from having access to each endpoint’s activity. This provides visibility so analysts can extend their workbench and workflow across an entire network to apply threat intelligence at every point in the network.
Another vendor may claim to be the “only solution available that integrates threat intelligences across logs, packets and endpoints,” but FireEye knows more about our adversaries than anyone else, and we make this intelligence actionable across your security infrastructure.
FireEye’s threat intelligence comes from deep analysis of adversaries, their development environment and input from FireEye first responders and partners, with threat context FireEye integrates from an array of global partners, customers and government organizations.
FireEye makes threat intelligence actionable, providing customers with correlated threat intelligence via DTI/ATI/ATI+ to facilitate their decision-making supported by the ability to conduct exhaustive proactive threat hunting with FireEye investigation products. Threat intelligence value is in being able to apply it quickly and easily – not just gathering it, but actively investigating every aspect of a network environment in real-time to detect any suspicious activity or issues from a network core to every endpoint to maximize response capabilities.