Our client, a State Departmental Agency, was looking to refresh and modernize their security portfolio. They recently evaluated several products, weighed their individual strengths and weaknesses and identified gaps in their overall security operations. Their goal was to protect their internal network infrastructure and all assets connecting to it. Of particular concern was managing and securing a large base of remote endpoints spread throughout the State. Some of the requirements for the solution were ease of management and integration between solution components that complemented each other’s strengths and weaknesses. They were looking for a solution that would provide comprehensive protection against threats utilizing multiple complementary technologies.
FireEye was ultimately chosen for its diverse features and technologies that extend beyond the value of traditional SIEM (Security Information Event Management) solutions. Our client chose to implement network and endpoint solutions along with a central management component from the FireEye portfolio of security appliances. For network protection, the NX appliance scans network traffic and be deployed in either blocking or monitoring modes. For endpoint protection, the HX appliance monitors and allows management of endpoints both on and off the network. The CM appliance allows for communication between all appliances which centralizes management functions. Collier assisted the client in implementing the solution which went operational within a day.
A major differentiator for the client was the coordinated intelligence aspect of FireEye’s product line. The DTI cloud contains information such as IOCs and malicious behavior patterns that other customers around the world have encountered. This information is then shared with all other customers to benefit from tactical information on threats that exist and have been validated. As new threats are encountered, updated information is automatically pushed to the cloud and shared with the global FireEye community. Adding to the value of the DTI cloud are FireEye’s intelligence assets such as Mandiant who performs incident response services and share RCA (Root Cause Analysis) and iSight which provides intelligence on threat actors and their behaviors.
Our client had previously reviewed a solution based on Carbon Black however they found the information was more difficult to correlate and provide actionable intel. Initial testing demonstrated the FireEye solution found and blocked threats that evaded currently employed security defenses. The FireEye products demonstrated a very low rate of false positives which they anticipate will save significant resources. They found that the process of investigating potential threats was made easier by the presentation of relevant supporting data to decide whether or how to react. They also found that their FireEye solution allowed for a holistic view of threat analysis allowing them to correlate disparate threats in relation to each other.