Threat protection firm FireEye has announced new offerings designed to provide customers with on-demand access to its cyber defense technology, intelligence, and analysts expertise on a subscription basis.

Designed to help enterprises scale their defense strategies, the new offerings provide customers with a single point of contact to meet their needs before, during or after a security incident.

The new FireEye as a Service offering is an on-demand security management offering that allows organizations to leverage FireEye’s technology, intelligence and expertise to discover and thwart cyber attacks.

The second new offering, FireEye Advanced Threat Intelligence, provides access to threat data and analytical tools that help identify attacks and provide context about the tactics and motives of specific threat actors, FireEye said.

Combined, the solutions are designed to equip enterprise security teams so they can implement an Adaptive Defense security model, an approach for defending against advanced threat actors that scales up or down based on the unique needs of each security organization.

“The new FireEye Advanced Threat Intelligence offering adds two new capabilities to complement FireEye’s existing Dynamic Threat Intelligence subscription,” the company explained in its announcement. “First, when the FireEye Threat Prevention Platform identifies an attack, users will now be able to view intelligence about the attackers and the malware. Security teams will be able to see who the associated threat actor is, what their likely motives are, and get information about the malware and other indicators they can use to search for the attackers.”

Additionally, a new threat intelligence research service allows customers to subscribe to ongoing research including dossiers, trends, news and analysis on advanced threat groups as well as profiles of targeted industries, including information about the types of data that threat groups target.

Other highlights of FireEye as a Service include:

• Detection of Adversaries and their Actions – FireEye analysts staff an around the clock global network of security operations centers to hunt for attackers in an environment using FireEye technology and advanced analytics that identifies outliers and correlates them with behaviors of known attackers. By finding high-risk threats at the earliest stages of an attack, FireEye minimizes the risk of a breach.

• Ability to Pivot to Incident Response – With FireEye as a Service, organizations can quickly engage a Mandiant incident response team when needed.

• Access to Personalized Intelligence Reports — FireEye as a Service customers get access to key intelligence findings and judgments specific to their organization from the FireEye intelligence team. This includes identification of attackers specifically targeting their industry, typical attack methodologies used by relevant adversaries, and key business or financial data that motivates attackers to target your organization.

“We need to analyze the environment to address the attacks that penetrate an organization’s perimeter and bypass preventive measures,” FireEye COO, Kevin Mandia, wrote in a blog post. “And then ultimately, when we understand an attack well enough, contain it to get back to normal business operations. To succeed in today’s cyber-threat environment this cycle must shrink – from alert to fix in months, to alert to fix in minutes – in order to eliminate the consequences of a security breach.”

With FireEye as a Service, customers have the option to manage their own security operations, offload security operations to FireEye, or co-manage operations with FireEye or a FireEye partner.

Both new offerings are available as a subscription to customers that have purchased FireEye products. Pricing for ongoing monitoring starts at $ 10,000 per month for smaller clients needing full support and. For larger organizations the price is much higher.

Organizations pay a subscription fee and account for the service as an operational expense or pay up front and account for it as a capital expense, FireEye said.

Tags:

• Network Security
• NEWS & INDUSTRY

BEIJING  – Chinese state broadcaster CCTV has accused US technology giant Apple of threatening national security through its iPhone’s ability to track and time-stamp a user’s location.

The “frequent locations” function, which can be switched on or off by users, could be used to gather “extremely sensitive data”, and even state secrets, said Ma Ding, director of the Institute for Security of the Internet at People’s Public Security University in Beijing.

The tool gathers information about the areas a user visits most often, partly to improve travel advice. In an interview broadcast Friday, Ma gave the example of a journalist being tracked by the software as a demonstration of her fears over privacy.

“One can deduce places he visited, the sites where he conducted interviews, and you can even see the topics which he is working on: political and economic,” she said.

The frequent locations function is available on iOS 7, the operating system used by the current generation of iPhones released in September 2013. “CCTV has only just discovered this?” said one incredulous Chinese microblogger.

The dispute is not the first time Apple has been embroiled in controversy in China, where its products are growing in popularity in a marketplace dominated by smartphones running Google’s Android operating system.

Apple lost a lawsuit against a Chinese state regulator over patent rights to voice recognition software such as the iPhone’s “Siri” just this week.

In March 2013 the Californian company was notably the target of criticism orchestrated by the Chinese media on behalf of consumers, who were critical of poor after-sales service.

And in 2012 the US firm paid $ 60 million to settle a dispute with another Chinese firm over the iPad trademark.

The privacy scare also reflects mutual distrust between the US and China after a series of allegations from both sides on the extent of cyber-espionage.

Leaks by former US government contractor Edward Snowden have alleged widespread US snooping on China, and this month it was reported Chinese hackers had penetrated computer networks containing personal information on US federal employees.

Apple did not immediately respond when contacted by AFP for comment.

Related: Obama Not Allowed an iPhone for Security Reasons

Related: NSA Tracks Mobile Phone Locations Worldwide

Tags:

• NEWS & INDUSTRY
• Privacy
• Mobile & Wireless

If there is a silver lining to the series of high-profile targeted attacks that have made headlines over the past several months, it is that more enterprises are losing faith in the “magic bullet” invulnerability of their prevention-based network security defense systems.

That is, they are recognizing that an exclusively prevention-focused architecture is dangerously obsolete for a threat landscape where Advanced Persistent Threats (APTs) using polymorphic malware can circumvent anti-virus software, firewalls (even “Next Generation”), IPS, IDS, and Secure Web Gateways — and sometimes with jarring ease. After all, threat actors are not out to win any creativity awards. Most often, they take the path of least resistance; just ask Target.

As a result of this growing awareness, more enterprises are wisely adopting a security architecture that lets them analyze traffic logs and detect threats that have made it past their perimeter defenses – months or possibly even years ago. It is not unlike having extra medical tests spot an illness that was not captured by routine check-ups. Even if the news is bad (and frankly, it usually is), knowing is always better than not knowing for obvious reasons.

m

However, while analyzing traffic logs is a smart move, enterprises are making an unwelcome discovery on their road to reliable threat detection: manual analytics is not a feasible option. It is far too slow, incomplete, expensive, and finding qualified professionals in today’s labor market is arguably harder than finding some elusive APTs; at last look on the “Indeed” job board, there were over 27,000 unfilled security engineer positions in the US alone.

The average 5,000 person enterprise can expect their FW/IPS/SWG to generate over 10 gigabytes of data each day, consisting of dozens of distinct incidents that need to be processed in order to determine if and how bad actors have penetrated the perimeter. All of this creates more than a compelling need for automated analysis of traffic logs, which allows enterprises to:

● Efficiently analyze logs that have been collected over a long period of time

● Process logs at every level: user, department, organization, industry, region

● Correlate the logs with malware communication profiles that are derived from a learning set of behaviors and represent a complete picture of how malware acts in a variety of environments

● Use machine learning algorithms to examine statistical features, domain and IP reputation, DGA detection, and botnet traffic correlation, etc.

● Adapt by using information about different targeted and opportunistic attacks from around the world (“crowdsourcing”) in order to get a perspective on the threat landscape that is both broader and clearer

● Integrate credible and actionable threat data to other security devices in order to protect, quarantine, and remediate actual threats

● Get insight on how the breach occurred in order to aid forensic investigations and prevent future attacks

With this being said, does this mean that enterprises will finally be able to prevent 100% of the targeted attacks? No; there has never been a magic bullet, and this is unlikely to change in our lifetime. Any belief to the contrary plays directly into the hands of threat actors.

However, automated traffic log analysis can help enterprises reduce the number of infections, including those that they do not know about, yet are unfolding in their networks right now, before the compromise becomes a breach. And considering that it only takes one successful breach to create a cost and reputation nightmare that can last for years, the question is not whether automatic analysis makes sense, but rather, how can enterprises hope to stay one step ahead of the bag guys without it?

Related Reading: The Next Big Thing for Network Security: Automation and Orchestration

Related Reading: Network Security Considerations for SDN

Related Reading: Making Systems More Independent from the Human Factor

Related Reading: Software Defined Networking – A New Network Weakness?

Tags:

• INDUSTRY INSIGHTS
• Network Security

OpenDNS, the company best known for its DNS service that adds a level of security by monitoring domain name requests, today announced that its Umbrella security service is now integrated with the FireEye Web Malware Protection System (MPS).

Launched by OpenDNS in November 2012, Umbrella is a DNS-based security solution delivered through the cloud that helps protect users from malware, botnet and phishing threats regardless of location or device. 

Adding FireEye’s behavioral analysis technology to Umbrella will provide OpenDNS customers with real-time protection against custom malware, zero-day exploits and advanced persistent threats (APTs), the company said.

Using predictive threat detection and enforcement, the combination of OpenDNS and FireEye will enable customers to extend security policies to the cloud and transparently protect any user and any device, both on and off the corporate network.

“Malicious activity detected by FireEye is automatically fed to the Umbrella service to enhance security policy enforcement, protecting customers from infection and preventing data leakage,” the company explained.

David Ulevitch, CEO of OpenDNS, called the partnership a “force-multiplier for Enterprise security.”

The announcement of the partnership was made at the FireEye 2014 Momentum Partner Conference, taking place in Las Vegas this week.

“Through this partnership, we are able to extend FireEye’s advanced threat protection to the cloud and provide centralized security policy enforcement to any device, on or off the network,” said Didi Dayton, vice president of worldwide strategic alliances at FireEye.

Because Umbrella resolves more than 50 billion DNS requests each day through its OpenDNS network, it is able to collect massive volumes of data and gain unique insight into emerging security threats and attacks. Using data collected from its DNS requests, OpenDNS leverages big data analytics to predict and block cyber threats without the need for manual intervention by security teams.

FireEye’s technology utilizes an isolated virtual environment (Virtual Execution Engine) to analyze file behavior and detect malicious code embedded in common file types. FireEye delivers alerts to OpenDNS when new threats are detected.

The OpenDNS-FireEye integration extends enforcement beyond the eroding network perimeter, Ulevitch said. “Together we can detect, alert and block advanced threats before damage can be done.”  

The Umbrella service with FireEye integration is available immediately.

Tags:

• Network Security
• NEWS & INDUSTRY
• Malware

FireEye, the recently-gone-public provider of threat protection solutions, has made its flagship threat prevention platform available for small and midsize businesses (SMBs).

The platform, dubbed “Oculus” by FireEye, is a real time, continuous threat protection platform that helps organizations protect intellectual property and data. Oculus for SMB combines technology, services, and threat expertise in a solution specially tailored to small and midsized businesses, the company said.

According to Verizon’s 2013 Data Breach Investigations Report, of the 621 confirmed data breaches examined, nearly half occurred at companies with fewer than 1,000 employees, including 193 incidents at organizations with fewer than 100 workers. These stats clearly show that attackers are targeting smaller businesses that often lack advanced IT security protections that larger enterprises tend to have in place.

According to the U.S. Small Business Administration, SMBs represent 99 percent of U.S. businesses, and according to research firm IDC, SMB spending on security technology is predicted to top $ 5.6 billion in 2015.

Oculus for SMB leverages FireEye’s advanced threat prevention platforms for Web, email, and mobile, and includes:

• Web threat protection: With the FireEye NX series platform, SMBs can stop Web-based attacks often missed by next-generation firewalls (NGFW), IPS, AV, and Web gateways. The NX series protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe.

• Email threat protection: SMBs can leverage cloud-based or the on-premise EX series platform to protect against today’s advanced email attacks.

• Mobile threat protection: SMBs can leverage a cloud-based platform to address threats targeting mobile devices and help ensure that mobile apps are safe to use.

Oculus for SMB also provides Continuous Monitoring to help ensure that constrained security resources do not hinder an organization’s ability to counter targeted threats. Capabilities include:

• Continuous Monitoring: FireEye threat intelligence augments customer IT teams to proactively recognize advanced persistent threat (APT) attacks.

• Cybercon Reports: Vertical-specific threat information provides a view of the landscape so SMBs are better prepared to manage risk in their specific threat environment.

• Health Check: Alerts notify customers when their deployments fail remote health checks to ensure uninterrupted protection against advanced threats.

“FireEye is putting virtual machine technology into the hands of SMBs,” said Manish Gupta, FireEye senior vice president of products. “With the FireEye solution, SMBs obtain a simple and scalable security solution for advanced threats to safeguard corporate assets and drive down business risks. SMBs will enjoy unmatched advanced threat protection solution with continuous monitoring to augment their limited resources.”

Earlier this year, the security firm claimed that in over 95% of its prospective customer evaluations, it found incidents of advanced threats that were conducting malicious activities and that successfully evaded the prospective customers’ existing security infrastructure

The company was founded in 2005 by Ashar Aziz who served Chief Executive Officer until November 2012, and was followed by David DeWalt who previously served as president and CEO at McAfee from April 2007 until February 2011, after Intel’s surprise $ 7.68 billion acquisition of McAfee.

Tags:

• Network Security
• NEWS & INDUSTRY
• Malware
• Security Infrastructure