FireEye Endpoint Security uses machine learning and built-in detection and protection capabilities to defend against cyber-attacks and safeguard the information stored on endpoints. Too often, security teams face continuous attacks from multiple attackers. They then receive a string of alerts about such attacks, but lack the environmental visibility necessary to respond. FireEye reverses this trend, reducing alerts through enhanced visibility and protection while minimizing risk and costs at the same time.
This solution consists of four engines: antivirus, machine learning, exploit prevention and detection based on indicators of compromise (IoC). The antivirus engine drives malware protection to stop all known threats. MalwareGuard contains a large library of historical threat-based information and leverages the machine learning engine for automated responses that stop as many suspicious processes as possible. The behavior-based analytic engine supports ExploitGuard, a mechanism which assesses the maliciousness of any processes attempting to execute and then responds to them according to the threat level they pose. IoCs cover five core areas that astutely detect early signs of host-based compromise: registry keys, file writes, DNS lookups, network connections and associated processes, and image loads. IoCs give reasons for flagging an incident as suspicious and then correlate this data with other IoCs across an enterprise to discern whether a pattern emerges or whether it’s merely an isolated incident. The response component of FireEye enables auto-containment, a feature which sequesters a potentially compromised unit, whether on or off the network, to prevent further infection.
The product has a well-organized management interface and it’s intuitive to navigate. It contains valuable at-a-glance information offered throughout the platform and an ocular-friendly dark mode option. Users will find useful analytics and metrics throughout this solution. For example, Triage Package offers a snapshot view of the events that have occurred at any point in time. Analysts can then search for and delve into deleted files. These snapshots include rich data that facilitate investigations and readily answer all the questions an analyst aims to solve during breach investigations. However, we would like to see more easily digestible, plain English explanations added to event information.
Overall, security pros will find FireEye Endpoint Security a worthy contender in the endpoint security space. The seamless installation process lets FireEye coexist with other security products, offering the most value possible. Mandiant, FireEye’s threat intelligence component gathers intelligence from breach investigations, telemetry and customer data, allowing the platform to identify as many new methods and exploits as possible. The separate investigation engine tracks attacker information and combines this data with victim intelligence to solve problems that traditional vendors have sometimes struggled to address. FireEye Endpoint Security, backed by the up-to-date threat intelligence of Mandiant, protects data using breach detection and arms analysts with timely incident responses.
The product costs $33 per user, per year and includes 24/7 phone, email, and website support. Additional support options are available for a fee. Organizations have access to a knowledgebase, but the documentation does lack much of the sophistication we have seen with other solutions. The knowledgebase offers only a collection of unsearchable manuals with no mixed-media or advanced capabilities.
Written by Katelyn Dunn
Tested by Tom Weil