Ensuring that business networks are secure, trustworthy and resilient is not an easy task -over 95% of businesses unknowingly host compromised endpoints, despite their use of firewalls, intrusion prevention systems (IPS), antivirus and Web gateways. Unforgiving of the time and effort spent defending networks, sophisticated cyber attackers continue to exploit gaps in Enterprise and Government organisations.

Defending against next-generation threats requires a strategy that moves beyond signatures and behavioural heuristics. While they remain valuable against known threats, traditional defences like firewalls, IPS, antivirus and Web gateways collapse against unknown threats, leaving a wide-open hole for cybercriminals. To regain the upper hand against next generation attacks, companies must turn to true next-generation protection: signature-less, proactive and real time. Through constant testing of any suspicious code and blocking of communications with malicious hosts, next-generation protections combat advanced malware, zero-day and targeted APT attacks that bypass traditional defences.

Cyber leaders have been seeking a way to move their tools and
processes to a proactive posture for years
Until now the only solutions at their fingertips have been fundamentally reactive. The attack vector has morphed from the network to the end-user, where attackers capitalise on techniques, such as: spear-phishing, web site hijacking, and mal-advertising campaigns to deliver the next zero-day browser exploit or deliver a weaponized file to company employees. Traditional network security and defensive tools are unlikely to detect these kinds of attacks. For example, anti-virus and intrusion prevention systems would have to discover a successful attack, analyse it, and create a signature, which would then have to be tested for quality assurance, published, and eventually deployed to prevent the same attack at another organisation.

Since enterprises do not always share attack information with vendors, signatures may not be developed until the after attack is realised in commercial sectors. This reactive posture leaves them vulnerable to the next zero-day attack, which hands over complete control of compromised systems to the hackers. This translates into attackers having complete control of compromised systems for weeks before the compromised system is discovered or signatures are developed. An even more harrowing scenario is when a zero-day attack is used against a single target thus eliminating the possibility that signatures might uncover the compromised system; systems have been known to remain infected for months.

Stopping weaponized email attachments is not enough. Blocking web sites containing browser-based exploits is not enough. To transform a cybersecurity operation from a reactive and vulnerable position into a proactive and protected state, four things are required:

1) Detect and stop zero-day web-based exploits when they first appear on the enterprise network.
2) Detect and stop zero-day email based exploits.
3) Expose the entire cyber attack (lifecycle) by correlating the spear-phishing and the related web-based exploits.
4) Produce complete cyber forensic details of attacks utilising web, email, or both web-and-email attack vectors.

The “New Security Layer”: Real-time Signature-less Zero-Day Detection
By leveraging existing best practices in a revolutionary way, FireEye products are able to detect and stop zero-day attacks and outbound callbacks when they occur. Cybersecurity and Computer Incidence Response Teams (CIRT) have traditionally used sandbox tools and are beginning to use network traffic capture systems to conduct their Incident Response activities. FireEye brings elements of both of these capabilities, in real-time, to the edge of the network.

How? FireEye solutions utilise advanced machine learning algorithms and a sophisticated virtual execution engine that both behaviourally and forensically analyse web and email content in real-time. Both inbound exploits (web and email) are correlated with outbound callbacks to CnCs to ensure the most advanced detection and blocking.

Imagine the following:

• Knowing the moment a malicious email, with an embedded zero-day attack, was delivered; and stopping the malicious attachment from reaching the end-user.
• Knowing the moment a malicious web page was requested by an end-user, and blocked by FireEye.
• Being alerted to a web-based zero-day exploit within seconds of the first connection to that URL by one of your enterprise end-users.
• Blocking access to all websites known to host malware, or malware Command & Control; and adding brand new zero-day sites to the block-and-alert list within minutes of that website being used by any attack touching your enterprise.
• Being able to directly correlate a web-based exploit that was generated by a spear-phishing attack
• Having complete forensic detail (evidence) for each web-based and each email-based cyber attack against your organisation.

All of this analysis is done in the FireEye appliance and all threat information and forensic evidence is retained within your organisation.

FireEye customers benefit from all of these capabilities every day. According to a Cyber Analyst at one enterprise organisation, “FireEye is stellar. We were able to clearly demonstrate what the FireEye appliance was doing for our response times and for our abilities to expediently remediate and protect the environment from advanced malware, zero–day and targeted APTs.”

A Proactive and Protected Cyber Posture
No longer do organisations have to wait for the next emergency Incident Response event. No longer do organisations have to endure weeks of infected systems, and cyber espionage, prior to knowing that a system has been compromised. Businesses can now catch, and block, zero-day web-based malware and zero-day email-based malware when these attacks first touch the enterprise network.

Contact FireEye today for a briefing about implementing real-time protection and transforming your cyber tools and processes from reactive to proactive.

For more information
Tel: +44(0) 208 528 1067
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
www.FireEye.com