FireEye Stories

Staying Secure When Threats Go Sideways

Perimeter protection is dead, long live perimeter protection! For FireEye customers, extending protection and detection capabilities beyond the perimeter to encompass the whole network is now a new reality.

This brings us to the point that protecting the perimeter is not dead. It is the first layer of defense; the most heavily defended point of ingress and egress of any network, and because of this, visibility regarding what traffic passes through is extremely scrutinized. 

Despite the focus and attention given to securing the perimeter, the reality is that today’s sophisticated cyber criminals can bypass many perimeter defense solutions at will. They target other vectors such as email, or they utilize multi-flow attacks, harvested or stolen credentials, or social engineering attacks that grant access, or they exploit a misconfigured firewall (in fact, a recent Gartner report claimed that more than 95 percent of firewall breaches are caused by a misconfiguration).

Eluding the perimeter is just the first step. Once inside, by leveraging ill-gained or unnoticed access, cyber criminals then conduct stealthy internal reconnaissance to seek out corporate intellectual property and sensitive data that resides elsewhere throughout the network. This inside reconnaissance forms the foundation to future lateral attacks against other endpoints and servers. These lateral attacks, also known as East-West movements, are low-profile, often undetectable, and can last for months.

During this time of lateral movement, cyber criminals employ an oft-used attack technique of loading backdoors so that future entry and network access is maintained despite policy or network changes. Furthermore, by loading password harvesters, attackers look to escalate their network privileges to ultimately gain administrative privileges, or they leverage their ill-gained knowledge and pivot their attacks to hit other systems or to bypass other security controls. Bottom line, as hackers get deeper and deeper into their targets, they won’t stop until they reach data that can be exfiltrated and used for nefarious purposes.

The following image illustrates the process. After various attempts to penetrate a network, a hacker finds a vulnerability to establish a foothold. Once inside, lateral movements are conducted to find ways to maintain presence while gaining access privileges. This cycle continues until stopped, or until the ultimate goal is achieved – data exfiltration.

To address this hidden challenge, FireEye developed SmartVision – an innovative technology feature that targets lateral (East-West) attack movements. FireEye, the market leader for detecting and stopping advanced threats, is now leveraging its award-winning MVX technology in an unparalleled way – to detect suspicious lateral movements within any enterprise network.

FireEye MVX technology is the cornerstone to the FireEye Network Security (NX) platform. The MVX engine analyzes over 80,000 events every second across a multitude of virtualized environments to detect a multitude of known and unknown zero-day threats.

By using MVX technology and a new, advanced lateral network event correlation engine that integrates machine learning technology coupled with more than 120 rules, FireEye SmartVision detects malicious activity post network infiltration.

Deployment of FireEye SmartVision is easy. Customers can utilize any number of FireEye NX appliances that support the latest OS release (8.0), and deploy them in front of critical servers, data centers, or at the WAN core. In this type of deployment, East-West traffic is constantly analyzed for anomalous activity, and, when suspicious traffic is identified, an alert is triggered that allows administrators to quickly act to isolate and remediate breached systems.

With FireEye SmartVision, customers gain a new and robust security posture that holistically detects and prevents both North-South, as well as detects the near impossible to find East-West threat activity. And because it leverages existing NX network security appliances or FireEye Network Smart Nodes, the ease of management and cost-benefit simply can’t be beat!

Perimeter protection is not dead – rather, long live perimeter protection! But, for enterprises that insist on having more than just perimeter security, today’s breakthrough is the unveiling of FireEye SmartVision. When used in conjunction with FireEye NX, customers gain a holistic North-South and East-West advanced threat protection platform that scales and grows with their business and network needs.