Cyber Security with High Availability

Resilient Defense for Inline Protection with Less Downtime

Traditional signature- and policy-based security devices trigger on a large variety of benign threat indicators.

As a consequence, security practitioners often struggle to design rules for blocking truly malicious websites without restricting access to harmless ones. They tend toward caution to preserve the end-user experience, choosing to generate more alerts rather than block Internet traffic inline. Security analysts and arsenal of tools then process the alerts out-of-band to identify genuine attempts at intrusion.

With their limited resources, analysts can only review less than 4% of the alerts, allowing attackers to frequently slip in unnoticed.

Yet FireEye research shows that inline deployments with early blocking of genuine attacks can reduce alert volumes by up to 76%. This not only improves security, it also reduces the operational cost of processing excessive and mostly benign alerts. However, inline deployment alone doesn’t address the problem of unreliable alerts.

FireEye Network Security with signature-less Multi-Vector Virtual Execution (MVX) detection technology has been designed to address the problem of unreliable alerts. By dynamically analyzing network traffic and replaying suspicious activity in a safe, virtual machine environment, MVX can accurately detect genuine attacks. And when deployed inline, FireEye Network Security immediately stops these attacks.

Challenges of inline deployment

In any deployment, network connections and security devices do fail from time to time.

Even though the mean time between failures is improving with each generation of products, our reliance on the network is increasing, requiring a near-zero downtime.

What happens next in failure situations depends on the organization’s business requirements. Most organizations deploy redundancy or network traffic bypass technology to ensure business continuity. With this approach, users maintain access to the Internet, but the organization is no longer protected. And because cyber-attacks occur in random and unpredictable ways, any disruption in cyber-defenses creates a temporary window through which an attacker can slip in undetected.

A resilient defense based on always-available advanced threat protection can help organizations achieve both business and security continuity.

There are several criteria security practitioners should strive for when considering such an infrastructure:

  1. High detection efficacy with low rates of false positives
  2. Detection and blocking of attacks inline, not out-of-band for consistence with earlier usage
  3. Inline protection that scales to the line rate of the network
  4. Redundant design that eliminates single points of failure
  5. Security devices with built-in high availability for lower cost
  6. Stateful switchover for a complete view of all network interactions
  7. Immediate failover to ensure an uninterrupted user experience
Requirement:
Real-Time Protection

Deploy Advanced Threat Protection
Inline to Block Attacks

But in case of device or link failure, solution must ensure:

  • Business continuity - network traffic continues to flow
  • Security continuity - detection and blocking continue to work
Solution:
Resilient Defense

Inline Blocking with High
Availability (HA)

Redundant Secondary Device Provides Backup for Primary:

  • Active health monitoring - enables automatic and instant failover
  • Stateful switchover - state mirroring ensures no loss of detection efficacy
Benefit:
Stronger Security

Immediate and Continuance Defense
Against Advanced Threats

Business Continuity without Compromising on Security:

  • Inline blocking of threats - minimizes exposure to fast spreading attacks
  • High availability - reduces risk of cyber breaches

Better alerts, faster response

With an advanced threat protection infrastructure based on resilient defenses, organizations gain several benefits including:

  • Minimized exposure to disruptive attacks such as ransomware
  • Reduced operational cost of triaging false alerts
  • Lowered risk of cyber breaches during unplanned network or security downtime
  • Continued business operation without compromising security posture

In addition to the MVX engine, FireEye Network Security also includes inline deployment option and a High Availability (HA) feature.

FireEye Network Security enables organizations to deploy a resilient defense against sophisticated attacks:

  • It detects genuine attacks, across Windows and Mac OSX, with high accuracy (< 1% false positives), which allows security teams to block malicious traffic with minimal impact to end-user experience
  • It detects known and unknown (targeted and zero-day) attacks based on the latest, front-line intelligence, and blocks exploits as well as command-and-control traffic in real time to prevent exfiltration of valuable data
  • Its inline detection scales to four Gbps line rate to protect up to 40,000 users
  • It ensures that a secondary device immediately detects and blocks threats in case of primary device failure
  • It provides stateful failover for the entire network session in under a second to maintain positive user experiences in case of link or network security failure