In March, FireEye released the latest version of its Enterprise Forensics product line. This latest release expands an organization’s visibility and further removes blind spots through deeper intelligence-integrated investigations and the introduction of additional pathways to operationalize forensics.
The highlight of this release is FireEye iSIGHT intelligence integration, which delivers back-in-time and real-time threat scanning of relevant IOCs across packet captures.
In this latest release, FireEye iSIGHT threat intelligence can be integrated into investigations. There are two primary use cases:
- “Back-in-time” scanning of IOCs
- “Real-time” signature analysis
Threat intelligence integration enables “back-in-time” scanning of IOCs, allowing organizations to better understand the scope and scale of an identified breach. The retroactive scanning ultimately enables organizations to look for threats that have already made it into the organization. Breaches happen for different reasons – a lack of initial threat intelligence on a new threat, or perhaps social manipulation that led to a “found” USB device being plugged into an endpoint. Regardless of the reason, the back-in-time functionality enables organizations to continually build context for the threats they face, and to mitigate risk.
With real-time signature analysis of network traffic as PCAPs are captured, an analyst will have immediate telemetry on where the breach occurred. This not only gives security analysts the ability to immediately respond to a threat, but also gives clear directions on where to focus an investigation.