Texture Top Left Grey 02
FireEye Helix pictogram

Endpoint Security Modules

Increase protections, augment detections, and add new features in a modular architecture

To respond to a new attack, a new threat vector or creating a new feature, development teams need to create a new version and roll it out to customers. In most endpoint defense solutions, this can only be accomplished with a completely new release that may take months. Attackers do not wait. A new exploit is discovered or a new attack technique is created in days and exploited for years. During this time between threat creation and protection solution, organizations are at risk. They cannot afford to wait.

With FireEye Endpoint Security new protections, new detections and new features for agents or server is added through our modular architecture. All modules can be added at any time to upgrade the ability of an organization to protect their data, client information or intellectual property.

Host Remediation

Enables FireEye Endpoint administrators to remotely connect to endpoints and execute commands over a secure channel between the server and the endpoint.

Process Guard

Protects endpoints against common credential theft attacks by Preventing attackers from obtaining access to credential data or key material stored within the Windows Local Security Subsystem Service (LSASS) process.

Enricher

To verify or provide more detail on an Endpoint Security alert, hash data may be automatically submitted to FireEye’s intelligence. Once Verified through FireEye intelligence it is then added to an existing alert. If FireEye intelligence does not have any data about the file, then an additional option to automatically submit the binary to your local AX, VX or Detection on Demand subscription for a detailed analysis.

Event Streamer

To centralize events across your organization, the Event Streamer module will stream Windows Event Log data to FireEye Helix Server AND/OR third-party servers supporting the Syslog protocol. This module supports configurable streaming of the System, Application Experience, Security, AppLocker, PowerShell, Application, Windows Defender, Task Scheduler, Print Service, and Terminal Services Windows event logs. For Syslog server, it uses Syslog protocol as defined by RFC 5424.

Process Tracker

New process or applications downloaded to an endpoint can be invisible until a problem, such as malware arises. Then an investigation begins, but by that time it may be too late as damage may have occurred. The Process Tracker module collects metadata on Windows, Mac and Linux endpoints and streams the data to the Endpoint Security console. Streaming process launch events to the console allows for immediate investigation of new processes executed on an endpoint. If there is a process that is unknown or known malicious this can be remediated quickly. 

Agent Console

The Agent Console module provides insights into detected malware, server scheduled scan(s) summary events, quarantined items and agent version information. End users can also optionally manage the quarantined items.

API Documentation

The Endpoint Security API Documentation Module enables users to find and try the various API routes that exist within the Endpoint Security Server. Using the module, you can quickly search for specific API routes, see examples of the request and possible responses as well as try the request and see the response all from the UI.

Ask an Expert

With the Ask an Expert module, a chat icon is enabled on the Endpoint Security console. This chat feature may be used by customers with a subscription to Mandiant Expertise on Demand to chat with an analysts while they are actively looking at an alert. Mandiant Analysts can provide insight on priority threats and follow up with quick investigation.

Host Management

The Host Management module allows viewing the state of host endpoints running the Endpoint Security Agent software. The user interface within the Endpoint Security console that will display system information and agent status from your endpoint environment.

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914