fireeye innovation today and tomorrow · fingerprinting faude screenshots impersonation supply...
TRANSCRIPT
FireEye Innovation Today and TomorrowGrady Summers
The FireEye Ecosystem
FireEye Innovation
WebshellDetection
NX PhishingDetection
JA3Fingerprinting
FAUDEScreenshots
ImpersonationDetection
Supply ChainImpersonation
Detection
0365 Auto-Remediation
URL ClickTracking
Process GuardModule
ProcessTracker Enricher 0365
AnalyticsAWS
Analytics Azure
Analytics
FireEye Innovation in Action
050
100150
200250300350400450500
2014-8
2014-9
2014-10
2014-11
2014-12
2015-1
2015-2
2015-3
2015-4
2015-5
2015-6
2015-7
2015-8
2015-9
2015-10
2015-11
2015-12
2016-1
2016-2
2016-3
2016-4
2016-5
2016-6
2016-7
2016-8
2016-9
2016-10
2016-1 1
2016-12
2017-1
2017-2
2017-3
2017-4
2017-5
2017-6
2017-7
2017-8
2017-9
2017-10
2017-11
2017-12
2018-0
1
2018-0
2
2018-0
3
2018-0
4
2018-0
5
2018-0
6
2018-0
7
2018-0
8
2018-0
9
2018-10
2018-11
2018-12
2019-0
1
2019-0
2
2019-0
3
2019-0
4
2019-0
5
2019-0
6
2019-0
7
2019-0
8
2019-0
9
HELIX UNIQUE DETECTIONS OVER TIME
FireEye Innovation in Action ACTIVE EVIL
APT41
UNC902
UNC1285
UNC1630
UNC530
UNC1267
UNC1518
UNC1649
LAST 30 DAYS
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
180,000
Q1'18 Q2'18 Q3'18 Q4'18 Q1'19 Q2'19 Q3'19
PHISHVISION 2018 VS 2019
0
200
400
600
800
1,000
1,200
1,400
2018-10
2018-11
2018-12
2019-0
1
2019-0
2
2019-0
3
2019-0
4
2019-0
5
2019-0
6
2019-0
7
2019-0
8
AVERAGE FAUDEALERTS PER APPLIANCE
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
Sep-18
Oct-18
Nov-18
Dec-18
Jan-
19
Feb-19
Mar-19
Apr-19
May-19
Jun-19
Jul-1
9
Aug-19
Sep-19
ALERT GROWTH BY ENGINE
AV Alerts MG Alerts IOC Alerts
Network Security Learn More in SOL-02Wednesday at 2:00 in Columbia 2
INTELLIGENTSERVER DEFENSE
DETECTIONWITHOUT DECRYPTION
VIRTUAL NETWORKFORENSICS
16GB SMARTVISIONAPPLIANCE
Email Security Learn More in SOL-08Thursday at 3:30 in Columbia 2
SECUREEMAIL GATEWAY
IMPERSONATIONDETECTION
ARCHITECTURALRESILIENCE
O365INTEGRATION
133%2017-2018
Increase in BECAttempts
HEALTHCARE
22%FINANCIAL INSTITUTIONS
27%EDUCATION
12%PROFESSIONAL SERVICES
11%
Learn More in SOL-04Wednesday, 4:30 PM in Columbia 2
LINUX EDR METADATASTREAMING
INNOVATIONARCHITECTURE
PROCESS GUARD
COMING SOON!
Endpoint Security
Learn More in SOL-07Thursday, 2:00 PM in Columbia 2Helix
Self-ServiceParsing
Cloud OnboardingPortal
FederatedConsoles
Major ContextEngine Updates
HuntingWith Context
Encrypted Syslog Support
AutomatedMonthly Reporting
Email MetadataStreaming
Chat withEOD and Support
MD InvestigationStatus Flags
Rule CoverageVisibility Widgets
EncryptedArchives
ArchiveExport
New AnalyticsBackend and
Modules
GuidedOnboarding
Learn More in SOL-07Thursday, 2:00 PM in Columbia 2Guided Onboarding
4 Add Dependencies
3 Create Dependent Rules
1 Creating Multi-Stage Rules
2 Add Assertion
Learn More in SOL-07Thursday, 2:00 PM in Columbia 2Federated Helix and
Coverage Widget
Expertise On Demand
Context inquiries
Insights
Analyst investigations
Full service portfolio
Even though we started by looking at email-related protection, we quickly understood what implementing FireEye across a broader range of threat vectors would mean to us. There was no question. We see FireEye at the forefront of the next wave of security solutions that focus on cyber resiliency, which for us equates to business continuity and trust.
ARCHIEVAL TOLENTINOCHIEF SECURITY OFFICER, LAND BANK OF THE PHILIPPINES
Customers Embracing the Cloud
Visibility into unique cloud threats
Native integration with cloud vendors
Easy provisioning and consumption
Automated monitoring for vulnerabilities27%
36% 36%
41% 40%
44%
Q1 '18 Q2 '18 Q3 '18 Q4 '18 Q1 '19 Q2 '19
FireEye Transactions for Cloud Offerings
Network Security on AWS See it in action at the Solutions Expo
FIREEYE NETWORK FORENSICS AND AMAZON WEB SERVICES
Virtual Machine
Replicated Network TrafficNetwork Traffic Communications
Network Zone
FireEye FullPacket Capture
FireEye InvestigationAnalysis System
FireEyeNetwork
Amazon EC2
Web Front Ends
Misc.App Services
DatabaseServices
User
feye.io/NetSecAWS
Network Security + iboss Partnership Learn More in SOL-02Wednesday, 2:00 PM in Columbia 2
AuthenticationSSL Decryption
Network Security
ProxySSL Re-Encrypt
Branch Offices
Headquarters Home Offices
Mobile Workers
Introducing See it in action at the Solutions Expo
CONTROLEFFECTIVENESS
KNOWN GOOD BASELINE
OPTIMIZATION RATIONALIZATION
Continuous Validation
Environmental Drift Detection
Measuring Security EffectivenessRob Potter
Broken Formula
SECURITYINVESTMENTS
SECURITYEFFORT
SECURITYEFFECTIVENESS
+ ≠
Cyber Security Is Based On Assumptions
WE ASSUME:Technologies work as vendors claim
WE ASSUME:People are correctly handling events and processes are effective
WE ASSUME:Products are deployed and configured correctly
WE ASSUME:Changes to the environmentare properly understood, communicated and implemented
Verodin’s Core Business Value
Are our controls working the way we expect them to?
Are they properly configured?
Are we able to increase the efficiency of the dollars already spent?
Are we using the full value of our existing tools?
Are we maximizing ROI?
Where are our overlaps and true gaps?
Can tools be removed from the stack?
Can we simplify the environment?
Demonstrate improvement over time
CONTROLEFFECTIVENESS
KNOWN GOOD BASELINE
OPTIMIZATION RATIONALIZATION
Continuous Validation
Environmental Drift Detection
Architecture
Architecture
Architecture
Architecture
The FireEye Ecosystem
Helix + Verodin
CONTINUOUSVALIDATION
VERODIN HELIX
Evolution of FireEye Detection
?
Questions….“FireEye detection is world class. Can we use it in…”
Our SIEM? My custom web app?
To scan my S3 buckets?
With my homegrown sensor? As part of my workflow?
With other products?
Introducing FireEye Detection On DemandAvailable via
FireEye Detection On Demand: Integrations
Learn more at the Detection On Demand Session. Thursday, 5:30 PM in Columbia 3
Get Started Now
feye.io/DetectionOnDemand
+
FireEye.Market
25,000+ downloads since launch
260+ plugins, add-ons, helper applications, and integrations
CYBER DEFENSE SUMMIT 2019Empowering Defenders. Together.