Alerts detect possible attacks. Intelligent answers resolve actual attacks.
It’s not enough to simply process alerts. When your systems and networks have been breached, you need answers: Who’s responsible? How did they get in? What did they want? What did they take? How widespread is this attack?
By only dealing with the isolated symptoms of an attack, like re-imaging a compromised system, organizations may miss important signs that attacks are hiding in or spreading through a system. And the longer it takes to gather real answers, the more organizations stand to lose data, reputation, and employee productivity. Turns out, they lose about $32,000 every day that an attacker remains in their systems.1
With the Incident Investigation solution from FireEye, you can build a strong, complete, fully integrated plan to eliminate all the blind spots between detection and remediation. The goal is to minimize damage, root out entrenched attackers and block similar future attacks. And you can do it fast.
Minimize the Damage from Cyber Attacks with an Integrated Response Workflow
- Build complete attack context while containing validated attacks in real time
- Systematically reduce day-to-day business risks by linking technology with intelligence and expertise
- Draw on an integrated set of technologies that allow you to respond to advanced threats effectively so that you can get the adversaries out of your environment and keep them out
Assess the Nature and Full Scope of Cyber Attacks
- Correlate between indicators of compromise (IOCs) across multiple channels and applications
- Provide context for all attacks across the entire computing infrastructure, from network to endpoint, on or off premises
- Use actionable intelligence to identify threat actors and their techniques to effectively remediate attacks
The solution components pivot from the FireEye Enterprise Network Protection solution by allowing you to gain visibility from network to endpoint.
Threat Prevention Platform (HX): Quickly validates and
contains attacks for both on- and off-premises endpoints, and
conducts endpoint forensics to better understand malware
Forensics (PX and IA): Extends incident investigation from
the endpoint to the network to build complete context for every
attack and accurately assess any data loss
Analysis (AX): Executes and profiles malware in a safe
virtual environment to clearly identify it and locate it throughout
your infrastructure using the Endpoint Threat Prevention
- Threat Analytics Platform (TAP): Determines correlations between security events gathered from across your infrastructure and applies FireEye Threat Intelligence in seconds to validate advanced threats at both local and remote locations