FireEye Malware Cloud Protection


Published on

The FireEye Malware Protection Cloud interconnects FireEye appliances deployed within
customer networks, technology partner networks, and service providers around the globe. It provides a real-time exchange of threat data on only confirmed cyber attacks. In turn, protecting what is important, your organization- worldwide.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

FireEye Malware Cloud Protection

  1. 1. DatasheetMalware Protection CloudA Real-Time Global Exchange of Threat Data Helps Preempt Emerging, Zero-Day AttacksHighlights The FireEye Malware Protection Cloud (MPC) is a global• Global sharing of anonymized network connecting Malware Protection Systems (MPS) intelligence on emerging Web-, into a real-time exchange of threat data on confirmed, email-, and file-enabled threats zero-day attacks.• Appliances can pull data feeds on zero-day malware and advanced targeted attacks to This Internet cybercrime watch system provides subscribers the prevent cybercriminal infiltration latest intelligence on zero-day attacks and unauthorized malware of the network callback destinations.• Ongoing callback destination updates block malware Real-time sharing of global malware intelligence communications and data The FireEye MPC interconnects FireEye appliances deployed within exfiltration customer networks, technology partner networks, and service providers• Subscription and publishing of around the world. The MPC serves as a global distribution hub to threat intelligence are optional, efficiently share auto-generated malware security intelligence such as so sites can decide how much new malware profiles, vulnerability exploits, and obfuscation tactics, to share as well as new threat findings from the FireEye Malware Intelligence Lab and verified third-party security feeds. Through the MPC, FireEye appliances are more efficient at detecting both known malware as well as the zero-day, highly targeted attacks used in cybercrime, cyber espionage, and cyber reconnaissance. How it works: stopping advanced targeted attacks The FireEye Web MPS, Email MPS, File MPS, and MAS appliances analyze across major threat vectors—Web, email, and files—for advanced targeted attacks. Within each appliance, the Virtual Execution (VX)The FireEye Malware Protection Cloud helps engine creates dynamic security content based on the analysis ofshare dynamic threat intelligence between suspicious Web traffic, email attachments, and files. The FireEye CentralFireEye researchers and appliances Management System (CMS) is then used to distribute the dynamic security content locally to each appliance to provide real-time protection throughout the entire FireEye deployment. “Within seconds of a potential compromise the FireEye appliance tells us exactly what we need to know, and it allows us to focus our resources on what is important. The benefits, not only to my own organization but to all the scientists and engineers, have been invaluable.” — Lead Analyst, Cyber Defense, Government Agency
  2. 2. DatasheetOrganizations that subscribe to the MPC will • Fully qualified malware callback destinationsreceive threat data from, and can opt-in to send (destination IP address, protocols used, portsthreat data to, the global subscriber base to stop used) used to exfiltrate data and deliveremerging threats. cybercriminal commands • Malware communication protocol characteristics,Dynamic analysis protects against unknown, such as custom commands used to instantiatezero-day attacks transmission sessionsThe multi-phase VX engine captures, replays, andconfirms zero-day malware and targeted attacks Blocks based on facts to avoid false positivesby executing suspicious binaries and Web objects Unlike reputation and risk-based threat intelligenceagainst a range of browsers, plug-ins, applications, networks, which make assumptions about potentiallyand operating environments. The VX engine is risky code and broadcast signatures that may eitherinstrumented to confirm an attack is underway falsely block or falsely allow traffic, FireEye systemstracking vulnerability exploitation, memory corruption confirm malicious activity. The assessments capturedto facilitate arbitrary code execution, and other by the FireEye systems are conclusive, becausedefinitive malicious actions. As the virtual attack suspicious code is fully tested in a virtual executionplays out, it captures dynamic callback channels environment. An example demonstrates the valueused by the zero-day attack and then creates of real-time intelligence updates:blocking rules for that channel. 1. A FireEye appliance identifies a maliciousBy integrating MPS inspections across multiple IP address serving as a command and controlthreat vectors, customers get comprehensive threat (C&C) system and begins to block outboundanalysis of OS, Web-based, email, and application calls to that addressthreats. This integrated approach enables the most 2. The appliance automatically notifies thecomprehensive protection against known and zero-day malware used in advanced targeted attacks. FireEye MPC of the destination IP address, port,By sharing real-time local detections, subscribers and malware protocol used in the attemptedcontribute to and gain from the global Malware connectionProtection Cloud to mitigate the ongoing threats 3. MPC subscribers’ FireEye appliances pulltargeting organizations worldwide. down regular updates and block connections to that IP address that use the same port andDetailed intelligence on emerging threats malware protocolThreat intelligence includes: 4. Compromised systems at all MPC subscriber• Malware attack profiles (MD5s of malware sites are cut off from contacting the botnet code, network behaviors, obfuscation tactics) C&C system that identify confirmed and known attacks• Analysis of file share objects, email attachments, and URLs© 2012 FireEye, Inc. All rights reserved. FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or maybe trademarks or service marks of their respective owners. – DS.MPC.022012FireEye, Inc. | 1390 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) | |