SlideShare a Scribd company logo

FireEye Use Cases — FireEye Solution Deployment Experience

Valery Yelanin
Valery Yelanin

My presentation on ITBIZ/BAKOTECH event @UK Ambassador Residence win cooperation with Jason Steer, Director for Strategy, FireEye EMEA.

1 of 24
Download to read offline
1 FireEye Use Cases FireEye Solution Deployment Experience Valery Elanin, ITBiz ReimaginedSecurity
2 FIREEYE PLATFORM OVERVIEW REAL WORLD TESTS — REAL WORLD RESULTS CASE STUDY
3 Virtual Machine-Based Model of Detection Purpose-Built for Security Hardened Hypervisor Scalable Portable SECURITY Needs To Be To Address The New Threat Landscape FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REALTIMEACROSSALLVECTORS
4 FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE
5 FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention Dynamic Threat Intelligence Network Threat Prevention Content Threat Prevention Mobile Threat Prevention Endpoint Threat Prevention Email Threat Prevention
6 Why Trust FireEye? 11 of 13 Zero Days from 2013 discovered by FireEye First to detect malware Over 80% of the times (compared to traditional AV engines) 55 Industry-leading Customer Net Promoter Score
7 Real World Tests, Real World Results Data Collection Methodologies Dynamic Threat Intelligence Email Threat Prevention Network Threat Prevention 1,614 NX and EX PoV Appliances with 2-way Sharing License from October 2013 to March 2014 348Customer Survey of Deployment Topology at time of PoV
8 Real World Tests, Real World Results By the Number What Was Discovered During FireEye PoV 1216* PoV Customers 20+ Industries 97% Customers Compromised 27% Had APT 63 Countries * 1217 PoV executed (one customer conducted two PoV)
9 43% 29% 20% N. America EMEA APAC JAPAN LATAM ROW FireEye POV Customers By Region Number of PoV Customers % PoV N. AMERICA 528 43% EMEA 351 29% APAC 242 20% JAPAN 54 4% LATAM 38 3% ROW 3 <1%
10 FireEye PoV Customers By Industry 16% Government 6% Energy 18% Financial 5% Retail 7% High-Tech 7% Chemical & Manufacturing 7% Consulting Others (12+) 30% Others 4% Healthcare
11 Traditional Defense Fails to Stop Today’s Threats Exploit Malware Download Command and Control of PoV customers were compromised (attacks went through customers’ defense)97% of PoV customers had CnC communication75%
12 Today’s Malware is Highly Targeted of all the unique malware detected was seen ONCE 75% 208,184 Malware Download 124,289 Unique Malware 93,755 Malware Seen ONCE
13 Traditional Security Solution in POV Cisco Check Point PAN Juniper Fortinet Others 212 Firewall Blue Coat WebSense Cisco McAfee Fortinet Others 119 Proxy 138 McAfee Cisco HP SourceFire Check Point Others IDS/IPS McAfee SymantecTrend Microsoft Kaspersky Others 75 Network AV McAfee Symantec Trend Microsoft Sophos Others 169 Desktop AV
14 AV Ineffective for Today’s Threat 124,289 Unique Malware MD5s During PoVs 63,035 MD5s Known To Top 6 AV Vendors in PoV 25% Malware Undetected By Any of Top 6 AVs 62% Malware Undetected By At Least 4 of the Top 6 AVs
15 File-based Sandbox Also Insufficient for Today’s Threat PoV Customers Reported Having File-based Sandbox 18 PoV Customers Had Compromised Endpoints withActive Callback 15 They Were Protected By 32% 32% 11% 11% 5% 5% 5%
16 Ignorant of environment Fixed behavior, no data Theft capacity Nuisance infection , loss of productivity Cost of cleaning up device and restoring Noisy, sends spam, or DDOS, consumes System wide resources, is able to send and Receive instructions Leads to disruption and potential For embarrassment as source of illegal activity Risk Exposure Steals personal data, Identity theft, banking information, credit cards, social security numbers, resilient communication System, modular system incremental payloads Reputation risk, targets sensitive and controlled data, disclosure has potential for reduced morale/confidence from victims, grievances and regulatory controls may lead to possible legal action. Remotely controlled asset, highly functional , is able to hide, is aware of it’s environment Sells access and steals data to make money Financial Risk Steals corporate credentials For network access , email, etc. Will Leak or Sell confidential information, Provides exposure To all other threat levels Highly targeted, preferred tool of Nation State Actors. stealthy campaigns Major Business Risk. Espionage . Steals competitive Advantage Intellectual property Trade secrets R&D Commercial and Political data 1 2 3 4 5 Low High APT 1 Trojan 17 Backdoor 1 Bot 5 Virus 1 Infostealer 2 Worm 1
17 National PoV Results 5 + PoV Customers 500+ users 3 Industries 100% Customers Compromised Zero-day (1) Infostealler (300+) Trojans (1000+) 40% Had APT
18 Example: Council on Foreign Relations (CFR) Attack Lateral spread infecting more machines About CFR: • Independent, nonpartisan organization, think tank, and publisher • Influential among US policy makers • Members include preeminent personalities and corporations
19 FireEye Platform: Workflow 1 FireEye Network Platforms Monitor Flows for Events Signature-less virtual execution technology Monitors for Targeted and Zero-day attacks Multi-vector threat defense Real-time threat protection MVX 2 FireEye Network Platforms Alert FireEye HX On Event + OS Change Report
20 FireEye Platform: Workflow 3 FireEye HX Validates Endpoints For Compromise Agent Anywhere™ Automatically Investigates Endpoints No Matter Where They Are Reach Endpoints Anywhere Understand What Happened Without Forensics Detect Events in the Past Airplane Hotel Corporate Headquarters Home Office Coffee Shop
21 FireEye Platform: Workflow 4 Contain & Isolate Compromised Devices Deny attackers access to systems with a single mouse click while still allowing remote investigation. Airplane Hotel Corporate Headquarters Home Office Coffee Shop
22 Large and Growing Base of Customers Small Medium Enterprise Government Infrastructure High Tech Healthcare Financial Services, Insurance Retail Small Medium Enterprise
23 Key Takeaways: FireEye by the Numbers Malware events detected in customer networks in 2013 Callbacks to 184 countries detected in 2013 APT campaigns detailed in the APT Encyclopedia Purpose built VMs and EndpointAgents Deployed At Points of Attack IncidentsAddressed by FireEye Security Experts Customers across various verticals actively contributing to threat intelligence 54M 45M 248 4M 1000s 1500+
24 ReimaginedSecurity ReimaginedSecurity Thank You

Recommended

FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
Prime Infoserv
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
Prime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 

Recommended

FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
Prime Infoserv
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
Prime Infoserv
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
FireEye, Inc.
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
Matthew Dunwoody
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptx
SMIT PAREKH
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
MITRE ATT&CK
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014
Sophos Benelux
 
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Nancy Nimmegeers
 

More Related Content

What's hot

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
AbimbolaFisher1
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
MITRE ATT&CK
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
Panda Security
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptx
SMIT PAREKH
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
MITRE ATT&CK
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
MarketingArrowECS_CZ
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
Prime Infoserv
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
MITRE ATT&CK
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
AddWeb Solution Pvt. Ltd.
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
♟Sergej Epp
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
wremes
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 

What's hot (20)

Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
ATT&CKING Containers in The Cloud
ATT&CKING Containers in The CloudATT&CKING Containers in The Cloud
ATT&CKING Containers in The Cloud
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda Security
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptx
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Forcepoint Dynamic Data Protection
Forcepoint Dynamic Data ProtectionForcepoint Dynamic Data Protection
Forcepoint Dynamic Data Protection
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
ATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CKATT&CK Updates- Defensive ATT&CK
ATT&CK Updates- Defensive ATT&CK
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Ossec Lightning
Ossec LightningOssec Lightning
Ossec Lightning
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 

Similar to FireEye Use Cases — FireEye Solution Deployment Experience

Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014
Sophos Benelux
 
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Nancy Nimmegeers
 
FireEye Report.ppt
FireEye Report.pptFireEye Report.ppt
FireEye Report.ppt
DubemJavapi
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 
Sandboxing
SandboxingSandboxing
Sandboxing
Lan & Wan Solutions
 
Zlatibor asseco-fire eye
Zlatibor asseco-fire eyeZlatibor asseco-fire eye
Zlatibor asseco-fire eye
Dejan Jeremic
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats
Dell World
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
TechBiz Forense Digital
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
Lumension
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
Peggy Lawless
 
NetWitness
NetWitnessNetWitness
NetWitness
TechBiz Forense Digital
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
Lumension
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
MarketingArrowECS_CZ
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
SLBdiensten
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
eFax Corporate®
 
The unprecedented state of web insecurity
The unprecedented state of web insecurityThe unprecedented state of web insecurity
The unprecedented state of web insecurity
Vincent Kwon
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
TechBiz Forense Digital
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 

Similar to FireEye Use Cases — FireEye Solution Deployment Experience (20)

Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014Security: more important than ever - Sophos Day Belux 2014
Security: more important than ever - Sophos Day Belux 2014
 
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
Het ecosysteem als complete bescherming tegen cybercriminaliteit [pvh]
 
FireEye Report.ppt
FireEye Report.pptFireEye Report.ppt
FireEye Report.ppt
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
Zlatibor asseco-fire eye
Zlatibor asseco-fire eyeZlatibor asseco-fire eye
Zlatibor asseco-fire eye
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats Key Security Insights: Examining 2014 to predict emerging threats
Key Security Insights: Examining 2014 to predict emerging threats
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
The Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day RealityThe Role of Application Control in a Zero-Day Reality
The Role of Application Control in a Zero-Day Reality
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014
 
NetWitness
NetWitnessNetWitness
NetWitness
 
Key Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your EnterpriseKey Strategies to Address Rising Application Risk in Your Enterprise
Key Strategies to Address Rising Application Risk in Your Enterprise
 
Ochrana pred modernými malware útokmi
Ochrana pred modernými malware útokmiOchrana pred modernými malware útokmi
Ochrana pred modernými malware útokmi
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
 
The unprecedented state of web insecurity
The unprecedented state of web insecurityThe unprecedented state of web insecurity
The unprecedented state of web insecurity
 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
 

Recently uploaded

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

FireEye Use Cases — FireEye Solution Deployment Experience

  • 1. 1 FireEye Use Cases FireEye Solution Deployment Experience Valery Elanin, ITBiz ReimaginedSecurity
  • 2. 2 FIREEYE PLATFORM OVERVIEW REAL WORLD TESTS — REAL WORLD RESULTS CASE STUDY
  • 3. 3 Virtual Machine-Based Model of Detection Purpose-Built for Security Hardened Hypervisor Scalable Portable SECURITY Needs To Be To Address The New Threat Landscape FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REALTIMEACROSSALLVECTORS
  • 4. 4 FireEye’s Technology: State of the Art Detection CORRELATEANALYZE ( 5 0 0 , 0 0 0 O B J E C T S / H O U R ) Within VMs Across VMs Cross-enterprise Network Email Mobile Files Exploit Callback Malware Download Lateral Transfer Exfiltration DETONATE
  • 5. 5 FireEye Product Portfolio SEG IPS SWG IPS MDM Host Anti-virus Host Anti-virus MVX Threat Analytics Platform Mobile Threat PreventionEmail Threat Prevention Dynamic Threat Intelligence Network Threat Prevention Content Threat Prevention Mobile Threat Prevention Endpoint Threat Prevention Email Threat Prevention
  • 6. 6 Why Trust FireEye? 11 of 13 Zero Days from 2013 discovered by FireEye First to detect malware Over 80% of the times (compared to traditional AV engines) 55 Industry-leading Customer Net Promoter Score
  • 7. 7 Real World Tests, Real World Results Data Collection Methodologies Dynamic Threat Intelligence Email Threat Prevention Network Threat Prevention 1,614 NX and EX PoV Appliances with 2-way Sharing License from October 2013 to March 2014 348Customer Survey of Deployment Topology at time of PoV
  • 8. 8 Real World Tests, Real World Results By the Number What Was Discovered During FireEye PoV 1216* PoV Customers 20+ Industries 97% Customers Compromised 27% Had APT 63 Countries * 1217 PoV executed (one customer conducted two PoV)
  • 9. 9 43% 29% 20% N. America EMEA APAC JAPAN LATAM ROW FireEye POV Customers By Region Number of PoV Customers % PoV N. AMERICA 528 43% EMEA 351 29% APAC 242 20% JAPAN 54 4% LATAM 38 3% ROW 3 <1%
  • 10. 10 FireEye PoV Customers By Industry 16% Government 6% Energy 18% Financial 5% Retail 7% High-Tech 7% Chemical & Manufacturing 7% Consulting Others (12+) 30% Others 4% Healthcare
  • 11. 11 Traditional Defense Fails to Stop Today’s Threats Exploit Malware Download Command and Control of PoV customers were compromised (attacks went through customers’ defense)97% of PoV customers had CnC communication75%
  • 12. 12 Today’s Malware is Highly Targeted of all the unique malware detected was seen ONCE 75% 208,184 Malware Download 124,289 Unique Malware 93,755 Malware Seen ONCE
  • 13. 13 Traditional Security Solution in POV Cisco Check Point PAN Juniper Fortinet Others 212 Firewall Blue Coat WebSense Cisco McAfee Fortinet Others 119 Proxy 138 McAfee Cisco HP SourceFire Check Point Others IDS/IPS McAfee SymantecTrend Microsoft Kaspersky Others 75 Network AV McAfee Symantec Trend Microsoft Sophos Others 169 Desktop AV
  • 14. 14 AV Ineffective for Today’s Threat 124,289 Unique Malware MD5s During PoVs 63,035 MD5s Known To Top 6 AV Vendors in PoV 25% Malware Undetected By Any of Top 6 AVs 62% Malware Undetected By At Least 4 of the Top 6 AVs
  • 15. 15 File-based Sandbox Also Insufficient for Today’s Threat PoV Customers Reported Having File-based Sandbox 18 PoV Customers Had Compromised Endpoints withActive Callback 15 They Were Protected By 32% 32% 11% 11% 5% 5% 5%
  • 16. 16 Ignorant of environment Fixed behavior, no data Theft capacity Nuisance infection , loss of productivity Cost of cleaning up device and restoring Noisy, sends spam, or DDOS, consumes System wide resources, is able to send and Receive instructions Leads to disruption and potential For embarrassment as source of illegal activity Risk Exposure Steals personal data, Identity theft, banking information, credit cards, social security numbers, resilient communication System, modular system incremental payloads Reputation risk, targets sensitive and controlled data, disclosure has potential for reduced morale/confidence from victims, grievances and regulatory controls may lead to possible legal action. Remotely controlled asset, highly functional , is able to hide, is aware of it’s environment Sells access and steals data to make money Financial Risk Steals corporate credentials For network access , email, etc. Will Leak or Sell confidential information, Provides exposure To all other threat levels Highly targeted, preferred tool of Nation State Actors. stealthy campaigns Major Business Risk. Espionage . Steals competitive Advantage Intellectual property Trade secrets R&D Commercial and Political data 1 2 3 4 5 Low High APT 1 Trojan 17 Backdoor 1 Bot 5 Virus 1 Infostealer 2 Worm 1
  • 17. 17 National PoV Results 5 + PoV Customers 500+ users 3 Industries 100% Customers Compromised Zero-day (1) Infostealler (300+) Trojans (1000+) 40% Had APT
  • 18. 18 Example: Council on Foreign Relations (CFR) Attack Lateral spread infecting more machines About CFR: • Independent, nonpartisan organization, think tank, and publisher • Influential among US policy makers • Members include preeminent personalities and corporations
  • 19. 19 FireEye Platform: Workflow 1 FireEye Network Platforms Monitor Flows for Events Signature-less virtual execution technology Monitors for Targeted and Zero-day attacks Multi-vector threat defense Real-time threat protection MVX 2 FireEye Network Platforms Alert FireEye HX On Event + OS Change Report
  • 20. 20 FireEye Platform: Workflow 3 FireEye HX Validates Endpoints For Compromise Agent Anywhere™ Automatically Investigates Endpoints No Matter Where They Are Reach Endpoints Anywhere Understand What Happened Without Forensics Detect Events in the Past Airplane Hotel Corporate Headquarters Home Office Coffee Shop
  • 21. 21 FireEye Platform: Workflow 4 Contain & Isolate Compromised Devices Deny attackers access to systems with a single mouse click while still allowing remote investigation. Airplane Hotel Corporate Headquarters Home Office Coffee Shop
  • 22. 22 Large and Growing Base of Customers Small Medium Enterprise Government Infrastructure High Tech Healthcare Financial Services, Insurance Retail Small Medium Enterprise
  • 23. 23 Key Takeaways: FireEye by the Numbers Malware events detected in customer networks in 2013 Callbacks to 184 countries detected in 2013 APT campaigns detailed in the APT Encyclopedia Purpose built VMs and EndpointAgents Deployed At Points of Attack IncidentsAddressed by FireEye Security Experts Customers across various verticals actively contributing to threat intelligence 54M 45M 248 4M 1000s 1500+