The ways businesses share content internally and externally with suppliers, customers and others continue to expand. While technologies such as Box, OneDrive, SharePoint and Google Drive make it easier for businesses to operate, they can also create challenges for SOC analysts looking to gain visibility into what is entering and exiting their networks—an issue that is compounded when that something is malware.
Through our collaboration with Accellion, we have combined the power of FireEye Detection On Demand and Accellion’s enterprise content firewall. This joint solution provides our mutual customers end-to-end oversight and control of the content moving in, through and out of their organizations.
Who is Accellion?
Accellion provides an enterprise content firewall that prevents data breaches and compliance violations from third-party cyber risk. With Accellion, CIOs and CISOs gain complete visibility, compliance and control over IP, PII, PHI and other sensitive content across all third-party communication channels, including secure email, secure file sharing, mobile, enterprise apps, web portals, SFTP, and automated inter-business workflows.
How Does the Integration Work?
The Accellion content firewall integrates with FireEye Detection On Demand in the cloud or with Malware Analysis on-premises. In order to detect and prevent unknown threats before they cause harm, uploaded files are sandboxed in a safe, enterprise-controlled location and checked for malware. Safe files are allowed to continue to the system of record, while malicious files are quarantined and security teams are alerted based on the company policy. Event logs can then be sent to the FireEye Helix platform (or the customer’s SIEM of choice) for more detailed analysis by security analysts.
Here’s a more detailed rundown of how the process works:
- The Sender uploads a file through Accellion using the Web, mobile, or automated methods such as an API.
- Before sending the file to the system of record, the Accellion content firewall performs a check using an advanced threat protection (ATP) system provided by the customer. The Accellion content firewall sends the file to the ATP system to scan it for malware, even if the malware is a zero-day threat.
- The ATP system sends a response about the scan results to the Accellion platform, indicating whether the file is safe or a threat.
- The Accellion content firewall parses the information in the ATP response to determine whether it should pass or fail. If it passes, Accellion sends the file to the email recipient. If it fails, it normally quarantines the file so the recipient cannot access it. A security admin is also alerted, who may need to take action on this ATP fail condition and an audit log of the failures.
- The security admin receives the information and may investigate.
FireEye + Accellion Top Benefits
Customers are already seeing the benefits from this integration, which enables them to:
- See every login, login failure, error, administrative setting or permission change, and every system event.
- Spot anomalies in volume, location, domain, user, source and scan results.
- Drill down to the actionable details, including users, timestamps, and IP addresses, in real-time.
- Demonstrate compliance with regulations and standards like NIST 800-171, HIPAA, GDPR, CCPA, ITAR, FISMA, FedRAMP and more.
- Apply granular policy controls to ensure only authorized users have access to customer data.
- Record and send a detailed audit trail from connected on-prem and cloud content sources to FireEye Helix, or the customer’s SIEM platform of their choice.
To learn more about this FireEye and Accellion integration, please email [email protected] or check out: