FireEye Threat Intelligence
An adaptive defense requires Threat Intelligence
As attackers use more advanced tactics and seek to maintain persistence in an organization, security teams struggle to understand which cyber threats pose the greatest risk. New threats appear daily and create a strain on cyber security teams who must quickly determine whether a threat is real and respond accordingly.
FireEye Threat Intelligence draws on our proprietary global, machine-based threat intelligence and incident response analysis. It enables cyber security teams to effectively identify, block, analyze and respond to advanced cyber attacks by giving them the context required to identify threat actors and the indicators of compromise.
FireEye offers multiple levels of threat intelligence to align with your needs and capabilities from our core Dynamic Threat Intelligence (DTI) to Advanced Threat Intelligence Plus (ATI+).
Dynamic Threat Intelligence
DTI provides basic cyber threat intelligence and enables FireEye technologies to gather and share global threat intelligence. It helps you detect and block advanced cyber attacks by anonymously exchanging data on web, email, and file-based threats across the FireEye global cloud network.
Advanced Threat Intelligence (ATI)
ATI adds additional context to the threat intelligence and analysis and alerts you with this information. It includes any known information about the threat actors and malware used. In addition, likely motives and other indicators of compromise are included so you can search for the attackers in your environment.
Advanced Threat Intelligence Plus (ATI+)
ATI+ adds comprehensive dossiers, trends, news, and analysis on advanced cyber threat groups as well as profiles of targeted industries and information about the types of data threat groups are targeting. It also includes community threat sharing, which allows organizations to share threat intelligence with trusted partners to develop personalized community cyber defenses. Customers at this level can also benefit from our 24/7/365 critical alert and detection efficacy monitoring.
|FireEye Threat Intelligence
|Dynamic Threat Intelligence
|Advanced Threat Intelligence
|Advanced Threat Intelligence
|Threat Intel Updates for FireEye Platforms Threat Intel Updates for FireEye Platforms||● ●||● ●||● ●|
|Supports One- and Two-Way Threat Intelligence Sharing Supports One- and Two-Way Threat intelligence Sharing||● ●||Two-way Only||● ●|
|Community-Based Intel Sharing Community-Based Intel Sharing||● ●||● ●||● ●|
|Attribution of Alerts to Known Threat Actors Attribution of Alerts to Known Threat Actors||●* ●*||●* ●*|
|Description of Malware Family Responsible for Alerts if Applicable Description of Malware Family Responsible for Alerts if Applicable||●* ●*||●* ●*|
|Vulnerability and Kill Chain Analysis of Alerts if Applicable Vulnerability and Kill Chain Analysis of Alerts if Applicable||●* ●*||●* ●*|
|24/7 Monitoring by FireEye Analysts for Critical Alerts 24/7 Monitoring by FireEye Analysts for Critical Alerts||●* ●*|
|Detection Efficacy Monitoring Detection Efficacy Monitoring||●* ●*|
|Detailed Information on Malware Families Detailed Information on Malware Families||● ●|
|Threat Actor Profiles Threat Actor Profiles||● ●|
|In-Depth Analysis and Reports on Attacker Trends In-Depth Analysis and Reports on Attacker Trends||● ●|
|On-Demand Analysis of IPs and Domains On-Demand Analysis of IPs and Domains||● ●|
|Enriched Community Intel Sharing Enriched Community Intel Sharing||● ●|
|●* Requires Two-Way Threat Intelligence Sharing mode. Subscribers of ATI+ also receive ATI benefits on their appliances that support this feature. Currently ATI is supported by the FireEye Network Threat Prevention Platforms.|
Building a Business Case
- Datasheet: FireEye Threat Intelligence
- Datasheet: FireEye Advanced Threat Intelligence Plus
- White Paper: The Business Case for an Advanced Security Solution
- Blog: FireEye Threat Intelligence Gives Context to Prioritize and Stop Threats
- Report: M-Trends 2014 Annual Threat Report - Beyond the Breach
- Report: Cybersecurity's Maginot Line
Threat Research Blog
A technical discussion on threat research, cyber attacks, and threat intelligence topics from the FireEye Labs team.