FireEye has introduced a new Innovation Architecture behind FireEye Endpoint Security, including the availability of several new modules for protection, investigation and response.
According to FireEye, through this approach it seeks to enable organisations with an efficient way to deploy advanced features.
“The rate at which new threats emerge is outpacing response. And traditionally, the time that the industry took to respond with the creation, testing and deployment of new features has been too long,” said Michelle Salvado, vice president, Engineering and Endpoint GM. FireEye.
“Through our new framework, FireEye makes an important shift in feature deployment. Now we can create and deploy these custom protection, investigation and response modules in just days – versus several months – in response to changes in the threat landscape.”
Unlike traditional endpoint security vendors that provide one-size-fits-all solutions to every customer, FireEye Endpoint Security is designed to deliver comprehensive defense using fully customisable protection modules. The module creation is supported by the world’s leading frontline responders at Mandiant, to block malware and exploits, detect advanced attacks, and provide the response tools and techniques that fit an organisation’s unique risk profile and security posture.
FireEye highlighted that with the new modular approach, organisations no longer need to wait for the next upgrade to benefit from the roll-out of new features or threat responses. Further, it’s up to organisations which modules they want to deploy and for whom, tailoring the level of protection down to an individual level if they choose.
Available via the FireEye Market, new Endpoint Security modules fall under three general categories – Protection, Investigation & Response, and Enterprise Readiness – with several coming as a direct result of knowledge from the frontlines of cyber security from the efforts by Mandiant Solutions to address specific growing threats.
- Process Guard: Stops unauthorised processes from obtaining access to credential data on Windows, removing the need for an analyst to intervene to resolve the security issue.
Investigation and Response:
- Process Tracker: Collects metadata on Windows, Mac, and Linux endpoints and streams the data to the Endpoint Security console.
- Enrichment: Available in the coming months, this module adds FireEye Intelligence information to files to help determine when a file is malicious and aid in incident response investigations.
- Agent Status: Offers a user interface within the Endpoint Security console that displays system information and agent status, providing extended visibility to the IT admin.
- Agent Console: Creates a triage on events that send back triggers, offering visibility into what the agent is doing, including which files have been previously quarantined.
FireEye plans to continue to release modules on an ongoing basis to address threats and release new features; including automation of remediation, increased streaming for alerting and investigation and enhanced protection of Windows access controls.
Additionally, FireEye Endpoint Security now includes malware protection for macOS, support for IPv6 environments and updated Linux audit options.