derek carver, sr. solutions architect - isaca south...
TRANSCRIPT
![Page 1: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/1.jpg)
1
Derek Carver, Sr. Solutions Architect
![Page 2: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/2.jpg)
2
![Page 3: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/3.jpg)
3
![Page 4: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/4.jpg)
4
![Page 5: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/5.jpg)
7
![Page 6: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/6.jpg)
8
![Page 7: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/7.jpg)
9
![Page 8: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/8.jpg)
10
REAL TIME
The Objective: “Continuous Threat Protection”
THEFT OF ASSETS & IP
COST OF RESPONSE
DISRUPTION TO BUSINESS
REPUTATION RISK
Prevent
Time to Detect Time to Fix
![Page 9: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/9.jpg)
11
![Page 10: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/10.jpg)
16
“Defense-in-Depth” is Ineffective
Firewalls/ NGFW UTM
Secure Web Gateways
IPSEmail
Gateways
Desktop AV
The New Breed of Attacks Evade Signature-Based Defenses
>95% organizations compromised*
* Based on data from customer evaluations conducted by FireEye
![Page 11: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/11.jpg)
17
Result of Relying Solely on the Defense in Depth Model
3 Months
6 Months
9 Months
229 Days Median # of days attackers are present on
a victim network before detection.
Initial Breach of Companies Learned
They Were Breached from an External Entity
of Victims Had Up-To-Date Anti-Virus
Signatures
THREAT UNDETECTED REMEDIATION
Source: M-Trends Report
![Page 12: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/12.jpg)
18
Latest Breaches Substantiate Sophistication of Attackers
![Page 13: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/13.jpg)
19
Reimagined Security Reimagined Security
How Does FireEye Address Today’s Threats
![Page 14: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/14.jpg)
20
Virtual Machine-Based Model of Detection
Purpose-Built for Security Hardened Hypervisor
Scalable Portable
SECURITY Needs To Be
To Address
The New Threat Landscape
FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REAL TIME ACROSS ALL VECTORS
![Page 15: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/15.jpg)
21
FireEye’s Technology: State of the Art Detection CORRELATE ANALYZE
(500,000 OBJECTS/HOUR)
Within VMs Across VMs
Cross-enterprise
Network
Mobile
Files
Exploit
Callback
Malware Download
Lateral Transfer
Exfiltration
DETONATE
![Page 16: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/16.jpg)
22
Exploit Detection is Critical Malware exploits take a similar form:
– Write data to memory – Trick the system to execute that code in memory – Apply Obfuscation to avoid detection
Exploitation of system is the first stage – Subsequent stages can be hidden – You will miss attacks if relying on object/file analysis
FireEye detects exploit stage – Captures resulting stages – Shares globally
![Page 17: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/17.jpg)
23
FireEye Detection - Multi-Flow Analysis of APT Attacks
MVX exploit phase detection Analyzes malware malicious behavior Logs Malicious behavior and IOCs Threat rule is created in real time &
automatically to block the threat MVX takes in encrypted malware object for analysis Runs it within the MVX logging all activity that
happens when the malware executes Confirms the malicious behavior irrefutably
and avoids false positives/ false negatives
Exploit in compromised Web page
Command and Control Server
Embedded Exploit Alters Endpoint
Callback and data exfiltration
1
Callback
Callback 3
Encrypted Malware
Encrypted malware downloads
2 4
![Page 18: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/18.jpg)
24
FireEye Detection - Multi-Flow Analysis of APT Attacks
MVX detects callback phase Can identify malicious transmissions
to known or unknown malicious destinations
If command and control communication is observed, a C&C threat rule is created in real time & automatically blocks communication
Outbound callback tracking and blocking across protocols of unauthorized communications
Exploit in compromised Web page
Command and Control Server
Embedded Exploit Alters Endpoint
Callback and data exfiltration
1
Callback
Callback 3
Encrypted Malware
Encrypted malware downloads
2 4
![Page 19: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/19.jpg)
25
Reimagined Security Reimagined Security
Product Overview
![Page 20: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/20.jpg)
26
Anti-Spam
Mail Servers
LAN
IPS
NX Series
EX Series
CM Series
Firewall
Web Sec GTWY
File Share 2
File Share 1
FX Series
AX Series
Network Threat Prevention Platforms
HX: Host Endpoint
Core Technology Multi Vector Virtual Execution
MVX
EX: Email MPS On Premise or Cloud
FX: File MPS
File Share Scanning Online Portal Scanning
AX: Forensics CM: Central Management
Internet Dynamic Threat Intelligence
DTI: Dynamic Threat Intelligence
HX Series
NX: Web MPS
![Page 21: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/21.jpg)
27
FireEye Platform: Magic of MVX
Custom hypervisor with built-in countermeasures Designed for threat analysis
FireEye Hardened Hypervisor 1 Multi-modal Virtual Execution 2 Multiple operating systems Multiple service packs Multiple applications Multiple file types
Threat Protection at Scale 3 Over 2,000 simultaneous executions Multi-stage analysis
Hardware
FireEye Hardened Hypervisor
Multi-modal Virtual Execution
Parallel execution environments
Over 10 micro-tasks
v1 v1 v2 v3 v2 v3
MVX Core
DTI Enterprise DTI Cloud
![Page 22: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/22.jpg)
28
Web MPS Technology Overview
Windows 7 – SP1
Virtual Execution Environment Analysis
Initial Analysis
Play Malware Attack
Windows XP - Base Windows XP – SP2
Windows XP – SP3 Windows 7 - Base
Fast Path Blocking of
Known Threats
WEB TRAFFIC
Aggressive Packet Capture
1 2 3 4
CA L L BACK ENG I NE
DTI Zero Day Malware Profiles
5 Exfiltration
& C&C Prevention
Port 0
65k
Outbound
Exploit detection Executable analysis Cross-matrix of OS/apps Originating URL
Subsequent URLs C&C protocol descriptors OS Modification Report
![Page 23: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/23.jpg)
29
Deployment Modes SPAN/TAP
– Used to monitor and alert
Inline – Used to monitor, alert and block
![Page 24: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/24.jpg)
30
SPAN/TAP Deployment
SPAN/TAP
Proxy, Gateway, IPS/IDS
Internet
Firewall
Desktops/Laptops
Users
Web MPS
Administrator
SSH HTTPS Alerts
![Page 25: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/25.jpg)
31
Inline Deployment
Proxy, Gateway, IPS/IDS
Internet
Firewall
Desktops/Laptops
Users
SSH HTTPS Alerts
Web MPS
Administrator
![Page 26: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/26.jpg)
32
Extended/Integrated Deployments
Proxy, Gateway, IPS/IDS
Internet
Firewall
Desktops/Laptops
Users
Web MPS
Email MPS
CMS
Grey List URLs
URLs
Correlated Web & Email Traffic
Email Traffic
Web Traffic
![Page 27: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/27.jpg)
33
Threat Prevention Platform P
rice/
Per
form
ance
Small Business Large Enterprise
NX 10000
Remote office / Branch office
NX 1400 4310, 4320 7300, 7320 900
![Page 28: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/28.jpg)
35
Email MPS Technology Overview
8300 supports 96 Virtual Execution Environments (VXE)
Virtual Execution Environment (VXE) Analysis
Play Malware Attack
Windows XP - base Windows XP – SP2
Windows XP – SP3
Windows 7 - Base
Windows 7 – SP1
Object Breakdown Email Capture
1 2 3
URL’s passed to Web MPS via CMS for
gray listing
Reporting, Alerting and Quarantining
4
✔
✔
✔
Exploit detection Executable analysis Cross-matrix of OS/apps Originating URL C & C Protocol descriptors
![Page 29: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/29.jpg)
36
Deployment Modes SPAN/TAP
– Used to monitor and alert
Bcc – Used to monitor and alert
MTA – Used to monitor, alert and block
![Page 30: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/30.jpg)
37
SPAN/TAP Deployment
SPAN/TAP
AntiSpam Gateway or MTA
Internet
Firewall
Mail Servers (Exchange, etc.)
Users
Quarantine Email MPS
Administrator
SSH HTTPS Alerts
![Page 31: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/31.jpg)
38
Bcc Deployment
Quarantine
AntiSpam Gateway or MTA
Internet
Firewall
Mail Servers (Exchange, etc.)
Email MPS
Administrator
Users
Bcc
SSH HTTPS Alerts
![Page 32: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/32.jpg)
39
MTA (Inline) Deployment
AntiSpam Gateway or MTA
Internet
Firewall
Mail Servers (Exchange, etc.)
Users
SSH HTTPS
Quarantine
Alerts
Email MPS
Administrator
![Page 33: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/33.jpg)
40
Extended/Integrated Deployments
AntiSpam Gateway or MTA
Internet
Firewall
Mail Servers (Exchange, etc.)
Users
Email MPS
Web MPS
CMS
URLs
Correlated Web & Email Traffic
Web Traffic
Email Traffic
![Page 34: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/34.jpg)
41
Email Threat Prevention
§ Open email attachment(s) in virtual machine to detect hidden malware
§ 30+ file types support
§ Leverage threat intelligence from FireEye DTI and NX platform to detect malicious URL(s) in email
MVX
MVX
Cloud based solution that detects and stops spear phishing attacks
![Page 35: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/35.jpg)
46
Endpoint Security (FireEye HX Series)
![Page 36: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/36.jpg)
47
Integrated network and endpoint security
Validates network alerts by finding
matching activity on endpoint Continuously monitors all hosts for
current threats seen at the perimeter Agent Anywhere™ technology provides
uninterrupted coverage for assets outside the corporate network
Contain compromised endpoints
immediately to interrupt attacks in progress
Endpoint Threat Prevention Platform
Anti-Spam
Mail Servers
LAN
IPS
NX Series EX Series
CM Series
Firewall
Dynamic Threat Intelligence
HX Series
Web Sec GTWY
HX Series
![Page 37: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/37.jpg)
48
Anti-Spam
Mail Servers
LAN
IPS
NX Series EX Series
HX Series CM Series
Firewall
Dynamic Threat Intelligence
Web Sec GTWY
1. FireEye Network Platforms Monitor Flows for Advanced Threats
2. A Threat is detected by the MVX 3. FireEye Network Platforms
Alert FireEye HX On IOCs
IOCs From CMS
Endpoint Threat Prevention Platform: Workflow
![Page 38: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/38.jpg)
49
LAN
4. Sweeps Endpoint Points for Compromise 5. Quickly Validates initially infected
endpoints 6. Identifies other endpoints that are
compromised 7. Tells Security Analyst who is compromised 8. Then a triage package is collected from the
hosts for the security analyst to review and confirm the infection
Network Threat Prevention Platforms
Anti-Spam
Mail Servers
IPS
NX Series EX Series
HX Series CM Series
Firewall
Dynamic Threat Intelligence
Web Sec GTWY
IOCs From CMS
![Page 39: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/39.jpg)
50
FireEye Platform: Workflow
9. Contain & Isolate Compromised Devices
Deny attackers access to systems with a single mouse click while still allowing remote investigation.
Airplane
Hotel Corporate Headquarters
Home Office
Coffee Shop
Agent Anywhere™ Automatically Investigates Endpoints No Matter Where They Are
![Page 40: Derek Carver, Sr. Solutions Architect - ISACA South Floridaisacasfl.org/.../2015/02/Derek_Carver_FireEye_ISACA... · EX Series CM Series Firewall Web Sec ... Port 0 65k Outbound JExploit](https://reader034.vdocument.in/reader034/viewer/2022051406/5ac3deb77f8b9aa0518ce4fb/html5/thumbnails/40.jpg)
51