FireEye Stories Blog

Staying Ahead of Constantly Evolving Attacker Activity with FireEye as a Service

One of the biggest issues security teams struggle with is keeping up-to-date on attacker techniques and threats targeting their respective industries. Threat actor activity is constantly evolving, and these malicious individuals and groups are frequently finding innovative new ways to infiltrate and compromise organizations.

The unfortunate truth is that many organizations simply do not have the resources to effectively track threat groups. Due to the continued skill shortage, security teams are likely spending more time responding to alerts rather than attempting to pro-actively research attacker activity.

This is where FireEye as a Service (FaaS) can help. FireEye as a Service is a managed detection, investigation and response service that minimizes the potential business impact of increasingly sophisticated and targeted cyber attacks. With FaaS, organizations can stay on top of attacker activity to detect and investigate threats early in the attack life cycle and reduce business risk.

One of the key components of FaaS is Community Protection, where we can quickly turn detections at one or more clients into protection for all clients. This goes beyond merely taking basic indicators from one client and applying them to others – it includes tracking attacker behavior, developing new analytics and tools to find evil during a hunting engagement, and being able to deploy those analytics into the entire community and client base, no matter the similarity.

Unlike other services that take indicators from one client and apply them to another, FaaS utilizes the entire FireEye ecosystem to provide customers with situational awareness of emerging threats that matter by leveraging adversary intel from our FireEye iSIGHT team, front-line visibility from our Mandiant consultants, and telemetry from our products deployed around the world 

FireEye’s recent blog, “APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat,” demonstrates exactly what security teams are up against these days and how Community Protection benefits them.

In June 2016, FireEye iSIGHT intelligence first reported that APT10 – a Chinese cyber espionage group that FireEye has tracked since 2009 – had expanded their operations. Further collaboration between FireEye as a Service, Mandiant and FireEye iSIGHT intelligence uncovered additional victims worldwide, as well as a new suite of tools and novel techniques currently in use by APT10.

This is where a company that offers true Community Protection excels. Using up-to-date knowledge and insights on threat actors from across the FireEye ecosystem allowed us to update our customers and implement detections quickly to minimize any damage that might have occurred.

In the case of APT10, FireEye iSIGHT Intelligence was the first to spot new activity. FireEye iSIGHT Intelligence then collaborated with internal FireEye teams to get ensure customers were protected. The FireEye as a Service team then initiated a Community Protection event, adding new detection details for both product and FaaS customers. FireEye also deployed specialized hunting techniques to further detect APT10 activity and ensure our customers were protected.

Organizations do not want to be playing catch up in today’s constantly evolving threat landscape. Keeping on top of trends and emerging threats is the best way to remain protected, and FireEye as a Service can help.

Learn more about how FireEye as a Service can protect your organization.