Free community edition

Request a demo

FireEye HX and DFLabs: A Layered Security Approach to Endpoint Detection and Respоnse

Back to all articles

Introduction

DFLabs integration with FireEye HX combines FireEye’s layered security approach to DFLabs’ automation and orchestration capabilities to enhance an organization’s ability to quickly respond to potential incidents.

FireEye’s protection engines are capable of protecting organizations from common and modern attacks by employing both signature-based and machine learning algorithms to equip their endpoint protection suite with real-time knowledge from the frontlines of current cyber attacks.

FireEye’s endpoint detection and response capabilities are produced by their behavior-based analytics engine, which will help bring an in-depth defense solution to organizations in order to protect the vital information stored on their endpoints.

The Problem - Traditional Endpoint Protection Solutions Cannot Protect Against Modern Attacks

Traditional endpoint security has not been effective against modern security threats. These solutions were never designed to deal with sophisticated or Advanced Persistent Threat (APT) attacks. In order to keep endpoints safe, a solution must quickly analyze and respond to such threats.

Another constant concern with Endpoint Protection Platforms (EPP) is that they miss a great number of security threats, which forces organizations to spend an exorbitant amount of time trying to find and clean up the damage. And even when an endpoint protection product does successfully stop a threat, it doesn’t capture details on the particular security incident.

These traditional endpoint solutions can not provide analysts with the vital information needed to determine what the cyber attack or attacker was attempting to do. This leaves network defenders with an incomplete view of the exact scope of the security threat to their environment.

So, how can security operations programs achieve the following:

  • Fully integrate malware protection with anti-virus defenses, remediation, behavior analysis intelligence and endpoint visibility?

  • Utilize both signature-based and modern machine learning technologies to being an all-in-one defense in-depth solution?

  • Bring real time threat intelligence from the frontlines of current cyber attacks to their operational security strategy?

The DFLabs and FireEye HX Solution

The DFLabs and FireEye solution addresses the wide variety of threats organizations are facing on a daily basis by integrating FireEye’s industry leading endpoint capabilities with DFLabs’ Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, to combat the ever-changing threat landscape. Through the automation and orchestration capabilities of IncMan SOAR, organizations can quickly prioritize and respond to endpoint threats.

FireEye Endpoint Security is the next generation of endpoint protection. Not only can it help detect what antivirus detects, but also what it misses. Its comprehensive endpoint visibility and threat intelligence enables analysts to adapt their defense based on real-time details to deploy informed, tailored responses to threat activity. FireEye Endpoint Security delivers protection beyond a single limited methodology. It enhances overall threat protection by integrating key security mechanisms within a single agent and threat management workflow system.

About FireEye HX

FireEye HX is an integrated solution that detects what endpoint detection solutions miss and protects endpoints against known and unknown threats. With FireEye HX’s powerful single agent, analysts understand the “who, what, where, and when” of any critical endpoint threat, thus minimizing alert fatigue and accelerating response. The unified management workflow allows you to conduct detailed inspection and analysis of threat activity and create appropriate responses in real-time.

Traditional endpoint protection leaves gaps as it tries to address modern threats. FireEye HX improves security visibility and the quality and relevance of an organization’s threat data to address these gaps. The combination of endpoint detection and response (EDR) and other capabilities into a single integrated FireEye solution gives analysts the fastest possible way to inspect, search and analyze any suspicious activity on any endpoint enabling them to adapt a defense based on detailed threat information in real time.

Use Case

A SIEM alert is received for a downloaded malicious file. IncMan SOAR from DFLabs automatically queries FireEye for system information on the victim machine and runs the source IP address through a reputation service. The potentially malicious file is downloaded by FireEye and its hash is checked against a file reputation service.

Once these artifacts are reviewed, IncMan comes to its first conditional statements. If the IP address is found to have a negative reputation score and the hash value is found to be malicious, IncMan automatically begins to take containment actions.

The IP address is blocked at the firewall and FireEye bans its hash and quarantines the victim machine. Once the containment actions are taken, IncMan upgrades the priority level of the incident and creates a new ticket for the help desk through their ticketing system to have the victim machine scanned and processed for further review.

cqKAS7BbJYhVTlpjwD07FICx9ucstJayiklEhM0_yeG3evl3VgOZ9eWxRMzfKnHVy5zCIqxOkfW2jnBj3Bn0Vb3eskKfyVPkGqJLvR1l8uqqlB5hgYkFiFLsHInOzRnlPsRLTrPO

Final Thoughts

Combining FireEye HX and DFLabs’ IncMan SOAR enables companies to respond faster to potential endpoint threats, minimizing the potential risk posed by the wide variety of threats facing the endpoint today. FireEye’s layered security approach, together with IncMan’s automation and orchestration capabilities allow full inspection and analysis of threat activities and faster real-time response to them.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo