FireEye Stories

Detection On Demand, One Year Later

Detection On Demand launched at Cyber Defense Summit 2019. At the time it was an API SaaS service offered by FireEye that targeted customers who needed to rapidly obtain verdicts (whether something is malicious or not) on files and objects. Throughout the year, customers asked for new features and functionalities, and we delivered by releasing numerous improvements. 

The Service Basics

FireEye Detection On Demand is a threat detection service—delivered as an API—for integration into the SOC workflow, SIEM analytics, data repositories, customer applications and more. Detection On Demand delivers flexible file and content analysis capabilities to identify malicious behavior wherever the enterprise needs it.

By leveraging FireEye Dynamic Threat Intelligence (DTI), customers are protected by the same intelligence that powers other FireEye solutions. In addition to rendering a malicious or not verdict for each submission, customers will benefit from supporting details such as file, registry, process and network changes.

Verdicts are delivered almost instantly and quickly allow applications to process without the latency of other solutions. If more in-depth analysis is needed, users can log in to the Detection On Demand web portal, which provides reports, detailed forensic analysis and access to MITRE ATT&CK mappings.

Integrations

Detection On Demand has been testing with numerous third-party SaaS and security products, and can be quickly integrated into existing security infrastructure. AWS S3, BOX, Microsoft Teams, Splunk and many other application integrations are already available, with many more coming every month. This allows users to scan data from wherever it is stored or coming.

Messaging Security

With many organizations shifting to remote work earlier this year, messaging platforms such as Slack and Teams have become essential. However, this shift has also created a new threat vector for attackers to deliver infected malware via trusted sources.

Detection On Demand has developed seamless integrations with Microsoft and Slack, and introduced per user pricing to allow customers to easily protect their messaging security stacks.

The Portal

Detection On Demand is API based and the core strength of the offering is the ability for customers to embed the API in their own applications, allowing for rapid response and instant decision-making capabilities. While Detection On Demand delivers rich API capabilities, many customers requested a repository of the files and the ability to leverage the strength of FireEye analysis and forensic capabilities. As a result, customers now have access to a web portal that allows deeper investigations into submitted files, including triggered rules and MITRE ATT&CK mappings.

The Future

Our development efforts on Detection On Demand continue. FireEye has plans for many more innovations in the API and the portal, expanded use cases, and more integrations with partner companies. Detection On Demand is a SaaS product that continues to provide customers with the industry-leading detection and forensics capabilities they expect from FireEye, delivered from the cloud to any application that needs it. It was a great first year and we look forward to more great things in 2021.

To give Detection On Demand a test drive, visit Detection On Demand on AWS.