Applying the public health concept of herd immunity to cybersecurity is not a new idea. Just as public health initiatives strive to immunize a group of people against a contagious disease to decrease the chances of an outbreak, the cybersecurity community is searching for ways to share threat information to help reduce the impact of breach.
At FireEye, we understand that community immunity offers a potent form of protection for our customers. However, in our own discussions about how adapt this concept to our already successful strategy for defending our customers, we were determined to take a more proactive approach, focused on protecting customers from emerging campaigns. This ultimately led us to what we refer to as “community protection.”
In public health, the most critical aspect of developing herd immunity is identifying the latest viruses so you know what to immunize against. To that end, the CDC constantly monitors hundreds of other countries to determine what known viruses may have mutated and what new viruses have appeared before deciding what to put in each year’s flu vaccine.
Like the CDC, FireEye monitors 1000’s of customer environments, combining industry-leading analytics with battle-hardened intuition to find anomalies that reveal covert indicators of attacker activity. But unlike our industry peers, we go beyond detection, harnessing the full power of FireEye to investigate these newly discovered threats to determine how to best protect your organization.
When FireEye detects an emerging threat, a cross-disciplinary investigation is initiated leveraging adversary intel from our FireEye iSIGHT team, perspective across vertical and geo-political markets from our FireEye as a Service team, front-line visibility from our Mandiant consultants, and telemetry from our products deployed around the world.
This cross-functional team codifies their findings into new high-fidelity Indicators of Compromise (IOCs) enriched with contextual details. This new intel is then deployed to FireEye’s Dynamic Threat Intelligence (DTI) cloud where it is leveraged by Mandiant, FireEye as a Service and our protection technologies to defend the entire FireEye user community.
Community protection is one of the key benefits of Security as a Service, which is designed to remove the obstacles to running a world-class security operation tailored to each organization. We believe strongly that every organization should be moving forward with an intel-led approach to detecting and managing threats to their IT infrastructure.
The benefits of community protection are clear: Up-to-date threat intelligence being shared throughout the community will drive down incidents and infections within an organization and across many different organizations, and also prevent threats from being able to spread on a massive scale. Additionally, the more systems in a group that are protected then the less chance of an attacker targeting that group, since the potential rewards might not be as big.
With community protection, FireEye helps ensure that everyone is up-to-date at all times and that each organization is ready to defend against today’s advanced threats. It is just one of the many benefits to choosing FireEye’s Security as a Service.
Learn more about community protection.