Threat Analytics Platform
FOCUS ON DETECTION AND INVESTIGATION – NOT MANAGING YOUR INFRASTRUCTURE
You’re fighting an asymmetric battle. You’ve invested millions in protection technology but unknown attackers still find a way in.
Your team is understaffed. Protection technologies create more noise than actionable information, so you can’t prioritize the most critical threats. You lack visibility into remote locations, receiving logs sporadically—if at all.
FireEye is transforming detection and incident investigation with our cloud-based Threat Analytics Platform (TAP). Built ‘by security practitioners for security practitioners’, TAP goes beyond traditional SIEM technologies to provide enterprise-wide visibility, codified detection expertise and guided investigation workflows to amplify your defense against today’s most sophisticated cyber-attacks.
The Threat Analytics Platform applies threat intelligence, expert rules and advanced security data analytics to noisy event data streams. By revealing suspicious behavior patterns and generating alerts that matter, security teams can prioritize and optimize their response efforts.
Threat Analytics Platform Overview
Learn how to identify and effectively respond to cyber threats by layering enterprise generated event data with real-time threat intelligence from FireEye. (video - 2:28 min)
Gain Visibility Into Your Most Remote Locations
Your attackers can enter anywhere. You need visibility everywhere.
TAP uses highly scalable, thin network sensors to provide real-time visibility across the enterprise, including your most remote locations.
Deployed as either hardware or software, the TAP collectors passively watch network traffic and construct events to describe the activity it sees.
Event data is compressed, encrypted and sent to the cloud for centralized log retention, real-time threat analysis and incident investigation – ensuring your team remains vigilant – enterprise wide.
And because the network sensors are centrally managed from the cloud, there’s no need for additional management consoles.
TAP Healthcare Breach Use Case
See how TAP is used to disrupt the attack lifecycle in a distributed healthcare environment. (video - 2:33 min)
Accelerate Threat Investigations
TAP expedites investigation by enriching alerts with supporting data. Threat intelligence, point-in-time context regarding users impacted, actions taken and hosts involved help you validate and scope the incident.
TAP Guided Investigation capability guides you through industry-leading investigative strategies by providing pre-populated queries based on different attack scenarios.
Upon receiving an alert, TAP selects and presents the relevant queries, providing a best practice workflow to guide and inform your threat investigation.
“TAP has become a tremendous source of analysis for us. Not only does it provide us with the ability to proactively raise alerts, based on FireEye’s intelligence, it also serves as a great analytics tool to be able to query our data when we need to look for a specific item or chain of events. It’s the platform that we most frequently use to triage potential threat-related situations.”
- VP of Information Security, Top Global Retailer
View Demo: Threat Analytics Platform
See how FireEye is transforming threat detection and incident investigation with our cloud-based Threat Analytics Platform (TAP). (video - 17:14 min)
Proactively Hunt For Covert Activity
When an adversary evades detection, there is no evidence of compromise, no starting point for your investigation. To detect the undetectable, you must preemptively search for evidence of covert behavior.
TAP enables quick and nimble data exploration and threat analysis across billions of events so you can proactively hunt for hidden indicators of compromise. Once identified, agile investigation tools help you pivot from one indicator to the next, reconstruct the attack storyline and execute a forceful response to disrupt the attack.
Think Like Your Attacker
To detect the undetectable you must learn to think like your attacker.
FireEye’s strategic intelligence helps security analysts understand and anticipate their adversary’s next moves, streamlining incident investigations. A simple pivot within TAP provides comprehensive threat actor profiles detailing the tools, techniques and procedures employed by adversaries specifically targeting your industry.
Security at Scale. From the Cloud, Extending to the Cloud.
With TAP, security information and event management for businesses can move quickly and securely to the cloud. TAP extends threat detection and investigation to on-premises, hybrid and AWS cloud environments ensuring complete visibility and actionable insight into the threats targeting your company.
Minimal onsite configuration simplifies deployment so you’re up and running in hours, eliminating the need for costly professional services engagements.
TAP’s elastic, cloud-based security solution automatically adds capacity during activity bursts and seamlessly scales as business needs or seasonal requirements change.
Consuming Security-as-a-Service provides greater financial flexibility, including software, support, infrastructure, threat intelligence, and security expertise as a single, predicable operating expense.
Securing your Data on AWS
See how TAP secures hybrid IT environments (AWS).
(video - 53:17 min)
Build a Business Case
- Report: The Numbers Game: how many alerts are too many to handle?
- Report: The Numbers Game: an in-depth look at alert management in Europe
- Report: The Numbers Game: an in-depth look at alert management in Asia
- Whitepaper: Moving Beyond Siem to ESM
- White Paper: The Business Case for an Advanced Security Solution
- International Literature