Advanced Detection and Prevention
Today’s attacks are designed to bypass your organization’s defenses, regardless of your industry or size. In fact, while 68% of observed malware appears only at one organization, 80% of observed malware appears once, period. Signature-based defenses cannot protect against single-use malware. Even more importantly, in many cases, attackers eschew malware for social engineering and other tactics.
Failure of standard detection methods
Conventional detection methods fail because they are incomplete:
- Indicators are ephemeral. They can only be used to provide information about a specific, retrospective point in time data point. They are a piece of the puzzle, but cannot tell the entire story. You need more evidence to build the context necessary to anticipate future attacks.
- Integrated perimeter controls, which include firewalls and sandboxes, often execute traffic objects sequentially, one at a time, in siloed environments and completely miss attacks that use multiple steps or non-digital steps.
- Security analytics can identify anomalies and activities that have previously been unseen. However, what informs these algorithms? Absent of knowledge of the attacker’s behavior, attacks can easily evade these defensive measures.
- Threat intelligence provides insights into the attacker’s tactics and techniques and may even correlate ongoing activity to an attacker. However, security programs can’t operationalize that knowledge into your detection architecture.
Non-Malware Attacks and How to Detect Them
Understand the techniques attackers use to conduct non-malware based attacks, why perimeter detection technologies fail to identify these attacks, and how to design an architecture to detect and stop these attacks. (video: 8:09)
“The best product to effectively defend against zero-day malware and targeted attacks is FireEye.”
- Kunio Shimizu, Spokesperson and Certified Information Systems Auditor (CISA), Amuse, Inc.
FireEye detection takes a different approach
A well-designed security architecture must detect even the most sophisticated attacks while ignoring the distractions of false alerts. Proven FireEye detection blends detection analytics and machine learning, with threat intelligence into the patented MVX engine to:
- Intuitively understand and codify the tools, techniques and procedures (TTPs) of attackers; evidence is broken down to an atomic level, and translated into products. Fusing detection research and analytics with visibility into the threat landscape delivers the insights to identify never before seen techniques and tools. Organizations are no longer trying to manually perform weak signal analysis to find the attack buried in the noise.
- Use continually tuned and codified intelligence to reverse engineer attacker TTPs, track malware to its source, and perform other advanced detection functions
The automated detection engine is updated at least every 60 minutes with knowledge engineering of insights captured from incident responders from the world’s most sophisticated attacks, deep research gleaned from inside attacker systems, and millions of sensors monitoring for evidence of even the most sophisticated attacks worldwide. Fusing these detection techniques and sources of insights gives you the ability to identify never-before-seen attack tactics and tools.
FireEye detection methods are unique in the cyber security industry. See how we fuse threat intelligence, research, and analytics capabilities back into our products to provide you better and faster detection. (video: 3:58)
“We rely on the FireEye platforms to catch whatever has managed to evade all of our other measures and they have always delivered exactly what we need.”
- Tom Townsend, deputy director of technology, University of Canberra
07 Oct 2016Increased Use of WMI for Environment Detection and Evasion
24 Aug 2016M-Trends Asia Pacific: Organizations Must Improve at Detecting and Responding to Breaches
22 Aug 2016Embedded Hardware Hacking 101 – The Belkin WeMo Link
17 Aug 2016Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
12 Aug 2016Analyzing the Malware Analysts – Inside FireEye’s FLARE Team
Related Products and Services
- Network Security Protect your organization from known and unknown web-based cyber attacks.
- Email Security Detects threats like ransomware, phishing, and other malicious links and attachments.
- Endpoint Security Provides threat and exploit detection capabilities to your network-connected devices.
- FireEye as a Service Extend your security team with experts that continuously monitor your environment for threats.