FireEye Endpoint Security FireEye Endpoint Security Tour

Endpoint Security

Begin Self-Guided Tour

Detect across all endpoints

Respond at scale

Endpoint protection with a single multi-engine agent

Why Fireeye Endpoint Security?

Continue

Why Fireeye endpoint Security?

Protect

Detect

Respond

Continue

To continue the Endpoint Security Solution Tour please fill out the following information

FireProof Demo Center

Dashboard

The Dashboard page of the Endpoint Security interface provides a high-level view of the threat intelligence gathered by the solution. Within many panels on the Dashboard, you can click blue buttons and text links to drill down to critical threat information affecting your organization. Protect against common and advanced threats using a a single agent with four detection engines. Detect threats that bypass protection and try to hide. Respond to the threats quickly, completely, and at scale

EXPLORE KEY FEATURES

Endpoint Security Web UI Tabs

Alerts

Recent File Acquisitions and Contained Hosts

EXPLORE ON YOUR OWN

Respond

Detect

Navigation Tour

The Alerts section is the top section of the Dashboard and displays information about alerts triggered on your network. We will be taking a look at one of these alerts later in the walkthrough.

The My Recent File Acquisitions section provides information about recent file acquisitions, including the number of acquisition requests in progress and the number of failed acquisition requests.

The Contained Hosts section shows the number of contained hosts, including the numberof requests for containment and the number of failed containment requests.

Investigating a Host

To see FireEye Endpoint Security in action and how it can help you Protect, Detect, and Respond please continue our navigational experience. You're also welcome to explore on your own at any time by closing the window or selecting EXPLORE ON YOUR OWN.

The Hosts page allows you to see all of the endpoint hosts monitored by the Endpoint Security server and to quickly identify any hosts with alerts. From the Hosts page, you can quickly drill down to obtain more information about a host endpoint and any of its alerts. Use this page as the central point of your host-based workflow.

The Web Interface provides the following menu tabs. Hover over the tab names for more information. Select Next once ready to proceed.

The Alerts page offers a way for you to see all alerts for your Endpoint Security environment in one place. Unlike the Hosts with Alerts page, these alerts span all hosts in your environment. You can filter and sort alerts in the grid to narrow your visible results.You can also delete alerts or mark an alert false positive from the Options menu.

To rapidly review and respond to potential compromises, you can directly acquire files and triage collections from hosts. The Acquisition page allows you to view the details ofeach acquisition.

The Rules page lists FireEye indicator of compromise (IOC) and false positive rules that might be triggered on your network. The list includes any custom indicator rules you have created for your environment, even if those indicator rules are not triggered. You can also use the Rules page to create and delete custom indicator rules.

The Enterprise Search page lets you search for threats or threat indicator rules on your host endpoints if they are running currently supported FireEye Endpoint Security Agent versions. The functionality shown in your environment might vary, based on the role assigned to your user account and based on the FireEye licenses you have installed.

The Admin Menu is used to configure your Endpoint Security server and deploy and manage the agents. Note, the functionality shown in your environment might vary, based on the role assigned to your user account and based on the FireEye licenses installed.

Protect

EXPLORE ON YOUR OWN

Protect

FireEye Endpoint Security provides protection at the endpoint with a four engine agent that includes signature-based, machine learning, behavioral based engines, and intelligence-based IOCs. This approach to targeting engines to specific threats, protects data, customer information and intellectual property stored on endpoints.

User Notification Experience

Learn More

Detections can trigger an alert to the end user that malicious or unwanted software or behavior has been detected. End user notifications can optionally be disabled.

Protect

Navigation Tour

Detect

Respond

FireProof Demo Center

EXPLORE ON YOUR OWN

Protect

Navigation Tour

Detect

Respond

FireProof Demo Center

Detect

In this scenario we will investigate an alert and search across the enterprise for addition sign of suspicious activity. The FireEye Endpoint security dashboard provides the most relevant alerts to your organization to allow analysts to focus on answers not alerts.

Relevant Alerts

The FireEye Endpoint security dashboard provides the most relevant alerts to your organization to allow analysts to focus on answers not alerts. Let’s review one of these alerts.

Isolating Infected Hosts

The unique combination of tooling and intelligence FireEye Endpoint Security allows you to clearly identify which endpoints need containment to prevent further compromise, determine whether an attack occurred and persists on a specific endpoint, and where it spread.

Investigating an Alert

FireEye Endpoint Security defends the endpoint with a multi-level defense that protects endpoints against cyber-attacks in an enviroment. On this specific host we see five alerts. Let's look a little deeper into the second alert on this host.

Alert Information

The alert details provide:

Event and Scan Details

Malware Details

File Details

We're going to focus on the MD5 hash provided and hunt for any other endpoints that may have the matching MD5 present. This could be a sign of additional impact.

Enterprise Search

Enterprise search enables you to conduct complex searches of all endpoints to find known and unknown threats, isolate compromised devices for added analysis with a single click, and deploy a fix across all agents. This capability improves productivity and efficiency by uncovering threats rather than chasing endless alerts, and can be used to establish a timeline and duration of endpoint compromises and follow an incident.

Searchable Fields

Over 80 searchable fields are available to zone in on a threat across the endpoints within an organization reducing the incident response time.

Enterprise Search Results

In this scenario we found four additional endpoints that have the suspect file present, based MD5 hash and to be further analyzed by an Analyst.

Results

In summary, the enterprise search capability within FireEye Endpoint Security allows you to find and illuminate suspicious activity and threats, with an easy-to-understand interface for fast interpretation and response to any suspicious endpoint activity.

EXPLORE ON YOUR OWN

Protect

Navigation Tour

Detect

Respond

FireProof Demo Center

Respond

SOC analysts can directly contain compromised endpoints from any and all network connections (with exceptions for whitelisted connections). Let's focus on the "victim-PC3" host.

Request Containment

Endpoint containment can occur as easy as the click of the containment button and can optionally be separated into a two part process, one to request containment and a second to have an administrator approve the request.

Host Details

The Host Details page provides:

Visibility into the events that triggered the alert(s)

Ability to contain the host with the click of a button while providing options for administrator approval

Contextual intelligence around the indicator that generated the alert

Containment Request Confirmed

When a host containment request has been made, you will receive confirmation in the form of a green message immediately after. Please hover over the Request Containment button for an example.

User Notice for Containment

There are customizable containment settings, including the type of message your users will receive if their system is being contained.

Containment Settings

From the Admin Menu you can locate the containment settings. These allow you to turn the containment feature on or off, identify host sets that should be excluded from containment, and allows creation of a IP addresses whitelist to which contained hosts can still communicate.

FireEye Endpoint Security

Detect and block breaches that occur to reduce the impact of a breach Prevent the majority of cyber attacks against the endpoints of an environment Improve productivity and efficiency by uncovering threats rather than chasing alerts

Learn More

Explore How FireEye Endpoint Security Can Work For You

START TOUR AGAIN

FIreProof Demo Center