Threat protection firm FireEye has announced new offerings designed to provide customers with on-demand access to its cyber defense technology, intelligence, and analysts expertise on a subscription basis.

Designed to help enterprises scale their defense strategies, the new offerings provide customers with a single point of contact to meet their needs before, during or after a security incident.

The new FireEye as a Service offering is an on-demand security management offering that allows organizations to leverage FireEye’s technology, intelligence and expertise to discover and thwart cyber attacks.

The second new offering, FireEye Advanced Threat Intelligence, provides access to threat data and analytical tools that help identify attacks and provide context about the tactics and motives of specific threat actors, FireEye said.

Combined, the solutions are designed to equip enterprise security teams so they can implement an Adaptive Defense security model, an approach for defending against advanced threat actors that scales up or down based on the unique needs of each security organization.

“The new FireEye Advanced Threat Intelligence offering adds two new capabilities to complement FireEye’s existing Dynamic Threat Intelligence subscription,” the company explained in its announcement. “First, when the FireEye Threat Prevention Platform identifies an attack, users will now be able to view intelligence about the attackers and the malware. Security teams will be able to see who the associated threat actor is, what their likely motives are, and get information about the malware and other indicators they can use to search for the attackers.”

Additionally, a new threat intelligence research service allows customers to subscribe to ongoing research including dossiers, trends, news and analysis on advanced threat groups as well as profiles of targeted industries, including information about the types of data that threat groups target.

Other highlights of FireEye as a Service include:

• Detection of Adversaries and their Actions – FireEye analysts staff an around the clock global network of security operations centers to hunt for attackers in an environment using FireEye technology and advanced analytics that identifies outliers and correlates them with behaviors of known attackers. By finding high-risk threats at the earliest stages of an attack, FireEye minimizes the risk of a breach.

• Ability to Pivot to Incident Response – With FireEye as a Service, organizations can quickly engage a Mandiant incident response team when needed.

• Access to Personalized Intelligence Reports — FireEye as a Service customers get access to key intelligence findings and judgments specific to their organization from the FireEye intelligence team. This includes identification of attackers specifically targeting their industry, typical attack methodologies used by relevant adversaries, and key business or financial data that motivates attackers to target your organization.

“We need to analyze the environment to address the attacks that penetrate an organization’s perimeter and bypass preventive measures,” FireEye COO, Kevin Mandia, wrote in a blog post. “And then ultimately, when we understand an attack well enough, contain it to get back to normal business operations. To succeed in today’s cyber-threat environment this cycle must shrink – from alert to fix in months, to alert to fix in minutes – in order to eliminate the consequences of a security breach.”

With FireEye as a Service, customers have the option to manage their own security operations, offload security operations to FireEye, or co-manage operations with FireEye or a FireEye partner.

Both new offerings are available as a subscription to customers that have purchased FireEye products. Pricing for ongoing monitoring starts at $ 10,000 per month for smaller clients needing full support and. For larger organizations the price is much higher.

Organizations pay a subscription fee and account for the service as an operational expense or pay up front and account for it as a capital expense, FireEye said.

Tags:

• Network Security
• NEWS & INDUSTRY

Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.

The security flaw is a remote code execution vulnerability (CVE-2014-1776) that affects versions of IE6 through IE11, which in total accounted for 26.25% of the browser market in 2013. 

The campaign is currently targeting US-based firms tied to the defense and financial sectors, a FireEye spokesperson told SecurityWeek, and is specifically targeting IE9 through IE11. 

“The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections,” FireEye wrote in a blog post Saturday. 

Microsoft also issued a security advisory on Saturday and said they were working with partners in its Microsoft Active Protections Program (MAPP) to extend broader protections to customers as soon as possible.

If successfully exploited, an attacker could gain the same user rights on the impacted system as the current user, Microsoft said. Accounts configured with fewer rights on the could be less impacted than users who operate with administrative privilages.

FireEye has named the campaign “Operation Clandestine Fox,” but has shared very little details other than saying the group behind the exploit has been the first to have access to a select number of browser-based 0-days in the past.

FireEye warned that the attackers are “extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”

“They have a number of backdoors including one known as Pirpi that we previously discussed here,” the researchers wrote. “CVE-2010-3962, then a 0-day exploit in Internet Explorer 6, 7, and 8 dropped the Pirpi payload discussed in this previous case.” 

“The SWF file calls back to Javascript in IE to trigger the IE bug and overwrite the length field of a Flash vector object in the heapspray,” FireEye explained. “The SWF file loops through the heapspray to find the corrupted vector object, and uses it to again modify the length of another vector object. This other corrupted vector object is then used for subsequent memory accesses, which it then uses to bypass ASLR and DEP.”

Because the attack leverages Adobe Flash, users who do not have Flash installed or have the Flash plugin for IE disabled, will be protected. Additionally, several versions of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) will break the exploit.

Additional technical details are available from FireEye. Microsoft also has provided some mitigation information. 

Related: ASLR Bypass Techniques Appearing More Frequently in Attacks

Tags:

• Network Security
• NEWS & INDUSTRY
• Incident Management
• Vulnerabilities
• Data Protection

FireEye, a provider of solutions that help companies block advanced cyber attacks, has expanded its FireEye Security Platform in an effort to offer customers a single solution that spans from threat detection and alerts to remediation.

The enhancements incorporate endpoint protection and managed security services from Mandiant, the company FireEye recently acquired for roughly $ 1 billion. Additionally, the updated platform includes new analytics and intrusion prevention capabilities, FireEye said. 

The FireEye Security Platform is powered by the company’s Multi-Vector Virtual Execution (MVX) engine that conducts signature-less analysis in a specialized sandbox to provide protection across the primary threat vectors—Web, email and files. FireEye’s Security Platform also has been updated to include FireEye Dynamic Threat Intelligence.

Overall, FireEye said that the new capabilities of its FireEye Security Platform include:

Intrusion Prevention System – A new intrusion prevention system applies FireEye’s MVX technology to validate attacks and minimize the time and resources security teams spend investigating false alerts. Users get actionable insight from validated alerts so they can focus on alerts that present the greatest risk and accelerate incident response.

Endpoint Threat Detection & Response – The platform now incorporates Mandiant’s endpoint threat detection and response products (formerly sold as Mandiant for Security Operations). FireEye customers can now confirm when network and email alerts result in compromise.

Threat Analytics – New threat analytics capabilities allow security teams to apply FireEye’s threat intelligence to security event data generated from their existing security infrastructure so they can find and scope attacks as they are unfolding. A cloud-based solution, the threat analytics can perform real-time correlation of event logs against FireEye’s threat intelligence to identify when attackers are active in an environment.

Managed Defense Subscription Services – New subscription services build on FireEye’s continuous monitoring subscription service by offering additional expertise from Mandiant’s Managed Defense service. Organizations will now be able to choose from an expanded menu of monitoring and protection services and draw on FireEye security analysts to actively hunt for adversaries to find and stop attacks as they begin to unfold.

“FireEye is enabling us to address new layers of security infrastructure with the advanced technology that made their core products so effective,” said Brandy Peterson, CTO, FishNet Security. “The new platform will allow us to approach our customers with the right mix of new technology, updates for outdated products and services to help protect them from today’s advanced attacks.”

The new products and services are expected to be available during the first half of 2014, the company said.

Tags:

• Network Security
• NEWS & INDUSTRY
• Security Infrastructure

OpenDNS, the company best known for its DNS service that adds a level of security by monitoring domain name requests, today announced that its Umbrella security service is now integrated with the FireEye Web Malware Protection System (MPS).

Launched by OpenDNS in November 2012, Umbrella is a DNS-based security solution delivered through the cloud that helps protect users from malware, botnet and phishing threats regardless of location or device. 

Adding FireEye’s behavioral analysis technology to Umbrella will provide OpenDNS customers with real-time protection against custom malware, zero-day exploits and advanced persistent threats (APTs), the company said.

Using predictive threat detection and enforcement, the combination of OpenDNS and FireEye will enable customers to extend security policies to the cloud and transparently protect any user and any device, both on and off the corporate network.

“Malicious activity detected by FireEye is automatically fed to the Umbrella service to enhance security policy enforcement, protecting customers from infection and preventing data leakage,” the company explained.

David Ulevitch, CEO of OpenDNS, called the partnership a “force-multiplier for Enterprise security.”

The announcement of the partnership was made at the FireEye 2014 Momentum Partner Conference, taking place in Las Vegas this week.

“Through this partnership, we are able to extend FireEye’s advanced threat protection to the cloud and provide centralized security policy enforcement to any device, on or off the network,” said Didi Dayton, vice president of worldwide strategic alliances at FireEye.

Because Umbrella resolves more than 50 billion DNS requests each day through its OpenDNS network, it is able to collect massive volumes of data and gain unique insight into emerging security threats and attacks. Using data collected from its DNS requests, OpenDNS leverages big data analytics to predict and block cyber threats without the need for manual intervention by security teams.

FireEye’s technology utilizes an isolated virtual environment (Virtual Execution Engine) to analyze file behavior and detect malicious code embedded in common file types. FireEye delivers alerts to OpenDNS when new threats are detected.

The OpenDNS-FireEye integration extends enforcement beyond the eroding network perimeter, Ulevitch said. “Together we can detect, alert and block advanced threats before damage can be done.”  

The Umbrella service with FireEye integration is available immediately.

Tags:

• Network Security
• NEWS & INDUSTRY
• Malware

FireEye, the recently-gone-public provider of threat protection solutions, has made its flagship threat prevention platform available for small and midsize businesses (SMBs).

The platform, dubbed “Oculus” by FireEye, is a real time, continuous threat protection platform that helps organizations protect intellectual property and data. Oculus for SMB combines technology, services, and threat expertise in a solution specially tailored to small and midsized businesses, the company said.

According to Verizon’s 2013 Data Breach Investigations Report, of the 621 confirmed data breaches examined, nearly half occurred at companies with fewer than 1,000 employees, including 193 incidents at organizations with fewer than 100 workers. These stats clearly show that attackers are targeting smaller businesses that often lack advanced IT security protections that larger enterprises tend to have in place.

According to the U.S. Small Business Administration, SMBs represent 99 percent of U.S. businesses, and according to research firm IDC, SMB spending on security technology is predicted to top $ 5.6 billion in 2015.

Oculus for SMB leverages FireEye’s advanced threat prevention platforms for Web, email, and mobile, and includes:

• Web threat protection: With the FireEye NX series platform, SMBs can stop Web-based attacks often missed by next-generation firewalls (NGFW), IPS, AV, and Web gateways. The NX series protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe.

• Email threat protection: SMBs can leverage cloud-based or the on-premise EX series platform to protect against today’s advanced email attacks.

• Mobile threat protection: SMBs can leverage a cloud-based platform to address threats targeting mobile devices and help ensure that mobile apps are safe to use.

Oculus for SMB also provides Continuous Monitoring to help ensure that constrained security resources do not hinder an organization’s ability to counter targeted threats. Capabilities include:

• Continuous Monitoring: FireEye threat intelligence augments customer IT teams to proactively recognize advanced persistent threat (APT) attacks.

• Cybercon Reports: Vertical-specific threat information provides a view of the landscape so SMBs are better prepared to manage risk in their specific threat environment.

• Health Check: Alerts notify customers when their deployments fail remote health checks to ensure uninterrupted protection against advanced threats.

“FireEye is putting virtual machine technology into the hands of SMBs,” said Manish Gupta, FireEye senior vice president of products. “With the FireEye solution, SMBs obtain a simple and scalable security solution for advanced threats to safeguard corporate assets and drive down business risks. SMBs will enjoy unmatched advanced threat protection solution with continuous monitoring to augment their limited resources.”

Earlier this year, the security firm claimed that in over 95% of its prospective customer evaluations, it found incidents of advanced threats that were conducting malicious activities and that successfully evaded the prospective customers’ existing security infrastructure

The company was founded in 2005 by Ashar Aziz who served Chief Executive Officer until November 2012, and was followed by David DeWalt who previously served as president and CEO at McAfee from April 2007 until February 2011, after Intel’s surprise $ 7.68 billion acquisition of McAfee.

Tags:

• Network Security
• NEWS & INDUSTRY
• Malware
• Security Infrastructure