FireEye Stories Blog

Introducing FireEye Extended Detection and Response (XDR): A Flexible XDR Solution Born From the Front Lines of Threat Detection and Response

There is something inspiring about a large team coming together to create something exciting for customers. Our teams at FireEye have been heads down focused on evolving our products to drive better customer outcomes. I’m excited to talk about how all their hard work is providing a better platform designed to help strengthen security operations teams around the globe. 

Let’s talk about FireEye Extended Detection and Response (XDR).

Built for responding to the largest and most sophisticated breaches in the world, FireEye XDR brings FireEye technologies and expertise together for a seamless analyst experience. In addition to the prevention and protection for attacks such as phishing and ransomware, FireEye XDR provides customers with detection (the D) and response (the R) across endpoint, network, cloud, and email (the X) in a single solution. Our flexible XDR platform is extensible with a broad range of third-party tools organizations are already using, allowing teams to tailor the solution by choosing some—or all—of the FireEye product suite to fully take advantage of FireEye XDR.

The Need for FireEye XDR

Through years of customer interactions and countless hours responding to the latest breaches, we know a siloed security posture is ineffective against persistent threat actors—and attacks are only increasing in sophistication. So, we set out to develop a solution that would keep up with the pace of attackers and offer organizations the peace of mind they need to do business.

FireEye XDR helps organizations break down silos and evolve security postures by extending FireEye’s world-class endpoint detection and response (EDR) capabilities beyond the endpoint to network, email, cloud, as well as support for log and event feeds from 600+ applications and services.

FleXible

As mentioned, our flexible XDR platform easily integrates a broad range of third-party security tools, allowing teams to tailor the solution to their strategy, and offering the freedom to use some—or all—of the FireEye product suite to take advantage of FireEye XDR. We did this because customers should have the freedom of choice.

To optimize performance and improve security posture against the most sophisticated threats, we recommend leveraging the natively integrated FireEye Endpoint Security, Email Security, Network Security and Cloudvisory with Helix. This enhances the platform with additional analytics capabilities for detecting advanced attacks and lateral movement; however, this is not the only way to gain value from FireEye XDR.

FireEye XDR connects all FireEye’s technologies and expertise together for a seamless analyst experience, providing customers with detection across endpoint, network, cloud, and email in a single place. 


Figure 1: FireEye XDR Dashboard

Detection

Detect advanced attacks across all vectors. FireEye enables teams to detect security incidents with confidence by correlating data from multiple tools across the organization. Then apply the knowledge of the threat landscape across FireEye technology and third-party security tech stack. Teams can be confident knowing they have detections recognized by Naval Information Warfare Systems Command (NAVWAR).


Figure 2: Showing the correlated detection of Mimikatz being used post-exploitation on an endpoint in the Threat Graph

Response

Respond with authority. It’s not an accident that FireEye has 200,000 hours a year of responding to the toughest, most high-profile security incidents. FireEye XDR enables our incident responders to efficiently investigate breaches, identify the root cause, and remediate attacks for our customers with products in every major market category, including Network Security, Endpoint Security, Email Security, Cloud Security, Security Orchestration, Automation and Response (SOAR), and Security Information and Event Management (SIEM).


Figure 3: Easily claw back malicious emails without leaving the user interface

FireEye XDR provides guided investigation workflows, allowing organizations to reduce the impact of security incident workflows. Ultimately teams gain the ability to prioritize analyst time and mitigate risk by addressing what is critical to their security operations.

Benefits of FireEye XDR

With FireEye XDR:

  • Improve analyst and SOC efficiency by correlating disparate events from multiple tools into actionable investigations.
  • Reduce organizational risk by automating threat detection and investigation, accelerating response and prioritizing the prevention of incidents.
  • Deliver high levels of detection efficacy and analytics, with incident response best practice playbooks updated daily to reflect the changing global threat landscape.

At FireEye, we exist to protect customers. Period. We remain dedicated to relentlessly protecting our customers across all fronts by providing them with the right solution sets that fit their unique strategic goals.

Connect with us today to learn more about how we can help you execute your cyber security vision.