Incident Investigation

Alerts detect possible attacks. Intelligent answers resolve actual attacks.

It’s not enough to simply process alerts. When your systems and networks have been breached, you need answers: Who’s responsible? How did they get in? What did they want? What did they take? How widespread is this attack?

By only dealing with the isolated symptoms of an attack, like re-imaging a compromised system, organizations may miss important signs that attacks are hiding in or spreading through a system. And the longer it takes to gather real answers, the more organizations stand to lose data, reputation, and employee productivity. Turns out, they lose about $32,000 every day that an attacker remains in their systems.1

With the Incident Investigation solution from FireEye, you can build a strong, complete, fully integrated plan to eliminate all the blind spots between detection and remediation. The goal is to minimize damage, root out entrenched attackers and block similar future attacks. And you can do it fast.

FireEye Incident Investigation Solution

FireEye Incident Investigation Solution

Learn how to immediately validate and contain advanced attacks while building a complete picture of the threat in real time. (video - 1:34 min)

Benefits of incident investigation

Minimize the Damage from Cyber Attacks with an Integrated Response Workflow

Minimize the Damage from Cyber Attacks with an Integrated Response Workflow

  • Build complete attack context while containing validated attacks in real time
  • Systematically reduce day-to-day business risks by linking technology with intelligence and expertise
  • Draw on an integrated set of technologies that allow you to respond to advanced threats effectively so that you can get the adversaries out of your environment and keep them out

Assess the Nature and Full Scope of Cyber Attacks

Assess the Nature and Full Scope of Cyber Attacks

  • Correlate between indicators of compromise (IOCs) across multiple channels and applications
  • Provide context for all attacks across the entire computing infrastructure, from network to endpoint, on or off premises
  • Use actionable intelligence to identify threat actors and their techniques to effectively remediate attacks

Solution components:

The solution components pivot from the FireEye Enterprise Network Protection solution by allowing you to gain visibility from network to endpoint.

  • Endpoint Threat Prevention Platform (HX): Quickly validates and contains attacks for both on- and off-premises endpoints, and conducts endpoint forensics to better understand malware behavior

  • Enterprise Forensics (PX and IA): Extends incident investigation from the endpoint to the network to build complete context for every attack and accurately assess any data loss 

  • Malware Analysis (AX): Executes and profiles malware in a safe virtual environment to clearly identify it and locate it throughout your infrastructure using the Endpoint Threat Prevention Platform

  • Threat Analytics Platform (TAP): Determines correlations between security events gathered from across your infrastructure and applies FireEye Threat Intelligence in seconds to validate advanced threats at both local and remote locations

1 Ponemon Institute. "2013 Cost of Cyber Crime Study: United States." October 2013.