Threat Analytics Platform

Focus on detection and investigation – not managing your infrastructure

You’re fighting an asymmetric battle. You’ve invested millions in protection technology but unknown attackers still find a way in.

Your team is understaffed. Protection technologies create more noise than actionable information, so you can’t prioritize the most critical threats. You lack visibility into remote locations, receiving logs sporadically—if at all.

FireEye is transforming detection and incident investigation with our cloud-based Threat Analytics Platform (TAP). Built ‘by security practitioners for security practitioners’, TAP goes beyond traditional SIEM technologies to provide enterprise-wide visibility, codified detection expertise and guided investigation workflows to amplify your defense against today’s most sophisticated cyber-attacks.

The Threat Analytics Platform applies threat intelligence, expert rules and advanced security data analytics to noisy event data streams. By revealing suspicious behavior patterns and generating alerts that matter, security teams can prioritize and optimize their response efforts.


Threat Analytics Platform Overview

“The core problem is that most cybersecurity tools do not make a distinction between everyday malware and advanced targeted attacks. If security tools cannot tell the difference, security teams have no way of prioritizing the alerts that matter the most.”

- FireEye

Gain Visibility Into Your Most Remote Locations

Your attackers can enter anywhere. You need visibility everywhere.

TAP uses highly scalable, thin network sensors to provide real-time visibility across the enterprise, including your most remote locations.

Deployed as either hardware or software, the TAP collectors passively watch network traffic and construct events to describe the activity it sees.

Event data is compressed, encrypted and sent to the cloud for centralized log retention, real-time threat analysis and incident investigation – ensuring your team remains vigilant – enterprise wide.

And because the network sensors are centrally managed from the cloud, there’s no need for additional management consoles.


TAP Healthcare Breach Use Case

Evolve Detection As Rapidly As Your Attackers

Your adversaries are constantly changing. Your detection and investigation capabilities must evolve just as quickly.

Every day, FireEye responds to the world’s most critical security breaches. TAP’s dedicated team of data scientists and security researchers leverage this front-line experience to create comprehensive detection rules, behavioral analytics and guided investigations to ensure you can detect the latest threats.

Upon discovering malicious activity, TAP generates alerts enriched with threat intelligence and attacker context to expedite validating and scoping the incident.

Accelerate Threat Investigations

TAP expedites investigation by enriching alerts with supporting data. Threat intelligence, point-in-time context regarding users impacted, actions taken and hosts involved help you validate and scope the incident.

TAP Guided Investigation capability guides you through industry-leading investigative strategies by providing pre-populated queries based on different attack scenarios.

Upon receiving an alert, TAP selects and presents the relevant queries, providing a best practice workflow to guide and inform your threat investigation.


“TAP has become a tremendous source of analysis for us. Not only does it provide us with the ability to proactively raise alerts, based on FireEye's intelligence, it also serves as a great analytics tool to be able to query our data when we need to look for a specific item or chain of events. It’s the platform that we most frequently use to triage potential threat-related situations.”

- VP of Information Security, Top Global Retailer


View Demo: Threat Analytics Platform

Proactively Hunt For Covert Activity

When an adversary evades detection, there is no evidence of compromise, no starting point for your investigation. To detect the undetectable, you must preemptively search for evidence of covert behavior.

TAP enables quick and nimble data exploration and threat analysis across billions of events so you can proactively hunt for hidden indicators of compromise. Once identified, agile investigation tools help you pivot from one indicator to the next, reconstruct the attack storyline and execute a forceful response to disrupt the attack.

Think Like Your Attacker

To detect the undetectable you must learn to think like your attacker.

FireEye’s strategic intelligence helps security analysts understand and anticipate their adversary’s next moves, streamlining incident investigations. A simple pivot within TAP provides comprehensive threat actor profiles detailing the tools, techniques and procedures employed by adversaries specifically targeting your industry.

Security at Scale. From the Cloud, Extending to the Cloud.

With TAP, security information and event management for businesses can move quickly and securely to the cloud.  TAP extends threat detection and investigation to on-premises, hybrid and AWS cloud environments ensuring complete visibility and actionable insight into the threats targeting your company.

Minimal onsite configuration simplifies deployment so you’re up and running in hours, eliminating the need for costly professional services engagements.

TAP’s elastic, cloud-based security solution automatically adds capacity during activity bursts and seamlessly scales as business needs or seasonal requirements change.

Consuming Security-as-a-Service provides greater financial flexibility, including software, support, infrastructure, threat intelligence, and security expertise as a single, predicable operating expense.


Securing Your Data on AWS

Related resources