gear up with new capabilities - fireeye cdl 2019 · 2019. 4. 10. · the forrester new wave tm...
TRANSCRIPT
Gear Up With New Capabilities
Steve Ledzian
©2019 FireEye©2019 FireEye
Leader in Cyber Security Services
3
©2019 FireEye©2019 FireEye
IDC MarketScape: Asia/Pacific Threat
Lifecycle Services 2018
Vendor Assessment
July 2018
4
Leader in Cyber Threat Intelligence
5
©2019 FireEye©2019 FireEye
The Forrester New Wave TM External Threat Intelligence Services, Q3
2018
Sep 2018
6
©2019 FireEye©2019 FireEye
Nov 2018 – FireEye Uncovers an Iranian Influence Operation
7
©2019 FireEye©2019 FireEye
Google announced Thursday it had disabled dozens of YouTube channelsand other accounts linked to a state-run Iranian broadcaster for a political influence campaign.
Social Media Responds to FireEye Intelligence
8
The social network said Tuesday that it had removed 652 pages, groups, and accounts linked to Russia and, unexpectedly, Iran, for “coordinated inauthentic behavior” that included the sharing of political material.
Working with our industry peers today, we have suspended 284 accounts from Twitter for engaging in coordinated manipulation. Based on our existing analysis, it appears many of these accounts originated from Iran.
©2019 FireEye©2019 FireEye
“They’ve really become the Navy SEALs of cybersecurity, especially for next-generation cybersecurity threats,” -GBH Insights analyst Dan Ives. In APNews article “FireEye: Tech firms’ secret weapon against disinformation”
FireEye : Analyst Endorsement
9Source : https://apnews.com/191b31b5510442afb04502a0702208a1/FireEye:-Tech-firms'-secret-weapon-against-disinformation
Leader in Email Security
10
©2019 FireEye©2019 FireEye
Winning with FireEye Email Security
11
Best Email Security SolutionWINNER: FireEye Email Solution
Source : http://www.scawardseurope.com/results-2018/Source : https://www.crn.com/rankings-and-lists/ti2018.htmSource : https://www.scmagazine.com/2019-trust-awards/Source : https://www.scmagazine.com/home/security-news/company-news/the-winners-of-the-2019-sc-awards-honored-in-the-u-s/
Jun 2018
Security - EmailWINNER: FireEye Email Solution
Nov 2018
Best Email Security SolutionWINNER : FireEye Email Solution
Dec 2018
Leader in Technology
12
©2019 FireEye©2019 FireEye
Machine Learning Everywhere
13
FireEye Network Security
FireEye Email Security
FireEye Endpoint Security
©2019 FireEye©2019 FireEye
SmartVision – Addressing Post Exploitation
14
Living off the Land Attacks
RDP
Powershell
PSExec / CLI
Thought Leadership
15
©2019 FireEye©2019 FireEye
Sep 2018 – FireEye CEO Testifies to US Congress
16Source : https://www.hsgac.senate.gov/hearings/evolving-threats-to-the-homeland
Easy To Do Business With
17
©2019 FireEye©2019 FireEye
Available on the FireEye Website
18
FireEye Email Security FireEye Endpoint Security FireEye Intelligence
©2019 FireEye©2019 FireEye
More Deployment Modes
19
©2019 FireEye©2019 FireEye
More Ways to Buy
20
Subscriptions
Appliances
Newly Named APT Groups
21
©2019 FireEye©2019 FireEye
FireEye APT attribution is the gold standard
22
©2019 FireEye©2019 FireEye
Feb 2018 – APT37 Report
24
©2019 FireEye©2019 FireEye
October 2018 – APT38 Report
25
©2019 FireEye©2019 FireEye
Dec 2018 – APT39 Report
26Source : https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html
©2019 FireEye©2019 FireEye
Dec 2018 – APT40 Report
27
©2019 FireEye©2019 FireEye28
Introducing :Expertise on Demand
29
©2019 FireEye©2019 FireEye
Leverage threat
intelligence from the frontlines
All packages include:
31
Incident Response Retainer *
*Optional SLA available
31
Insights
Context Inquiries
Quarterly Threat Briefings
Daily News Analysis
©2019 FireEye©2019 FireEye
Available Microservices
32
Ask an Analyst Frontline Intelligence Ensure Cyber-readiness
Analyst Investigation
• Risk assessment, related to specific
threat actors, events or campaigns
• Actor/Group attribution
• Interpretation of media
events/reporting
• Questions regarding adversary
activity
• Analysis of website / domain
ownership and content
Custom Threat Research
• Custom analysis and/or research as
request by customer
Incident Response Retainer
• Incident Response SLA
• Incident Response Preparedness
Service (IRPS)
Access to our Intel holdings
• Query our intelligence portal
• Enrich internal data with external
threat intelligence to gain insight
• Access our Finished Intelligence
• Detailed profiles on actors,
techniques and malware families
Malware Triage
• Malware confirmation and analysis
of a customer-provided binary
Situational Awareness
• Daily threat media highlights
• Visibility to emerging campaigns
• Quarterly threat briefings
Tabletop Exercises
• Executive or Technical
• Optional After-Action Report
Mandiant Training (per seat)
• Windows Enterprise Incident Response
• Malware Analysis Crash Course
Onsite Mandiant Training
• Windows Enterprise Incident Response
• Network Traffic Analysis
• Malware Analysis Essentials
• Malware Analysis Crash Course
ICD Workshops
• Analytic Tradecraft Workshop Hunt
Mission Workshop
©2019 FireEye©2019 FireEye
Example 1 : Your SOC found an unknown malware
34
©2019 FireEye©2019 FireEye
Example 2 : Your management is asking for Intel
35
FireEye Email Security
37
©2019 FireEye©2019 FireEye
A Secure Email Gateway that blocks inbound and outbound malware, phishing URLs, impersonation techniques and spam, leaving attackers no chance to take advantage of users.
What is FireEye Email Security?
38
Attachments
Impersonation
URLs
Multi-Stage
©2019 FireEye©2019 FireEye
Impersonation Detection
40
aka Business Email Compromise (BEC) threats
Looks-Like & Sounds-Like Domains
Reply-to-Address & Message Header Analysis
Friendly Display Name & Username Matching
CEO Fraud Algorithms
Newly Existing Domains
©2019 FireEye©2019 FireEye
FireEye Email Security Becomes a full SEG
41
2018
FireEye Email Security (ETP)
Secure Email Gateway
(SEG)
Your EnterpriseInternet
©2019 FireEye©2019 FireEye
FireEye Email Security offers more consolidation options
42
2019
FireEye Email Security (ETP) is a
SEG
Your EnterpriseInternet
FireEye Endpoint Security
43
©2019 FireEye©2019 FireEye
Answers, Not Alerts
44Source : https://www.fireeye.com/blog/products-and-services/2019/02/mitre-evaluation-validates-fireeye-endpoint-security-as-most-effective-edr-solution.html
Scoring By Forrester
FireEye Helix ready as a SIEM
45
©2019 FireEye©2019 FireEye
FireEye Helix
FireEye Helix is a security operations platform that
allows organizations to take control of any incident
from alert to fix.
FireEye Helix integrates disparate security tools and
augments them with next generation SIEM,
orchestration, and threat intelligence capabilities to
capture the untapped potential of security investments.
©2019 FireEye©2019 FireEye
How Can I Get Helix?
48
FireEye HELIX(Licensed by EPS)
FireEye Network Security (NX)
FireEye Endpoint Security (HX)
FireEye Email Security (ETP)
OR
100 EPS of FireEye Helix included
FireEye Security Orchestrator
Included for 200 EPS and up
What Can I do with 100 EPS?
49
©2019 FireEye
#1) Get Visibility into the cloud50
©2019 FireEye©2019 FireEye
#2) Get Network Visibility Fundamentals
51
FireEye Network Security (NX)
MVX Engine
IPS Engine
Riskware Engine
SmartVision Engine
Evidence Collector EngineFile Transfer EventsConnection EventsDNS EventsMany More…
FireEye HELIX
©2019 FireEye©2019 FireEye
#3) Start ingesting 3rd party events
52
FireEye Network Security (NX)
FireEye HELIX
Compressed
EncryptedLogs & Events
Sources
©2019 FireEye
Concluding Slide
53
Thank You