FireEye Threat Analytics Platform Integrated with NXLog to Increase Security Visibility Across the Enterprise
Integration Correlates Event Log Data from NXLog with FireEye Threat Intelligence to Enable Security Teams to Improve Detection and Incident Response
MILPITAS, Calif. – Jan. 7, 2015 – FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced an integration of the FireEye® Threat Analytics Platform™ (TAP™) with NXLog. The integration enables security teams to feed NXLog network event log data into FireEye TAP and arm organizations with information needed to identify cyber attacks and investigate breaches.
NXLog is a universal log collector and forwarder that supports multiple platforms, log sources and protocols. The integration is designed to allow security teams to feed these network logs, regardless of format, into FireEye TAP for analysis. The FireEye Threat Analytics Platform is a cloud-based solution that layers enterprise generated event data with FireEye Threat Intelligence to identify threats that evade traditional security solutions. FireEye TAP can quickly search through billions of events, typically within seconds, and correlate event logs with FireEye Threat Intelligence to discover the presence and impact of the threat.
By integrating NXLog data into FireEye TAP, organizations have the flexibility to send almost any log data to help identify malicious behavior in their environment. Security teams can use this information to identify attacks in process and assist with incident response in the event of a breach.
“One of the biggest challenges for organizations today is breaking down the silos of event and security information to identify malicious behavior before it leads to a data breach,” said Grady Summers, vice president of strategic solutions at FireEye. “By integrating TAP with NXLog, we’re able to increase the data sources available to TAP and provide more visibility in near-real time to security teams to help them identify attacks before a breach occurs.”
About FireEye Threat Analytics Platform
Traditional security solutions often create silos of information that prevent organizations from identifying related indicators trapped in individual systems. FireEye TAP is able to correlate these indicators against FireEye Threat Intelligence in a cloud environment that reduces the dependence on IT infrastructure and scales to match the needs of organizations.
NXLog is a high-performance, customizable multi-platform log management solution used to track event logs from devices, applications, appliances and other sources across today’s IT infrastructure. NXLog is modular C-based programming compatible with Windows, Mac OSX, Linux and other major operating systems, and supports multiple log formats, including Syslog, CSV, JSON, XML, GELF.
NXLog features numerous message and ingest capabilities, including
on-disk and memory buffering with flow control; file handling, log
rotation, CRON-style scheduling and scripting; SSL message transport
with certificate authentication; and message transport compression.
NXLog’s advanced message processing and parsing capabilities include
message format conversion w/ “binary” compression and handling and
auto character set conversion.
Other features include:
- Easy-to-create parser rule for custom application logs;
- HTTP protocol support;
- Event correlation capabilities;
- Message classification using a pattern database;
- UDP IP address spoofing;
- On-the-wire compression for bandwidth constrained environments;
- Remote management capabilities.
The source code of NXLog Community Edition is available under an open source license.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,700 customers across 67 countries, including over 157 of the Fortune 500.
Vitor De Souza
© 2015 FireEye, Inc. All rights reserved. FireEye, Threat Analytics Platform and TAP are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.