Detect across all endpoints
Respond at scale
Endpoint protection with a single multi-engine agent
Why Fireeye Endpoint Security?
Why Fireeye endpoint Security?
FireProof Demo Center
The Dashboard page of the Endpoint Security interface provides a high-level view of the threat intelligence gathered by the solution. Within many panels on the Dashboard, you can click blue buttons and text links to drill down to critical threat information affecting your organization.
Protect against common and advanced threats using a a single agent with four detection engines.
Detect threats that bypass protection and try to hide.
Respond to the threats quickly, completely, and at scale
EXPLORE KEY FEATURES
Endpoint Security Web UI Tabs
Recent File Acquisitions and Contained Hosts
EXPLORE ON YOUR OWN
The Alerts section is the top section of the Dashboard and displays information about alerts triggered on your network. We will be taking a look at one of these alerts later in the walkthrough.
The My Recent File Acquisitions section provides information about recent file acquisitions, including the number of acquisition requests in progress and the number of failed acquisition requests.
The Contained Hosts section shows the number of contained hosts, including the numberof requests for containment and the number of failed containment requests.
Investigating a Host
To see FireEye Endpoint Security in action and how it can help you Protect, Detect, and Respond please continue our navigational experience. You're also welcome to explore on your own at any time by closing the window or selecting EXPLORE ON YOUR OWN.
The Hosts page allows you to see all of the endpoint hosts monitored by the Endpoint Security server and to quickly identify any hosts with alerts. From the Hosts page, you can quickly drill down to obtain more information about a host endpoint and any of its alerts. Use this page as the central point of your host-based workflow.
The Web Interface provides the following menu tabs. Hover over the tab names for more information. Select Next once ready to proceed.
The Alerts page offers a way for you to see all alerts for your Endpoint Security environment in one place. Unlike the Hosts with Alerts page, these alerts span all hosts in your environment. You can filter and sort alerts in the grid to narrow your visible results.You can also delete alerts or mark an alert false positive from the Options menu.
To rapidly review and respond to potential compromises, you can directly acquire files and triage collections from hosts. The Acquisition page allows you to view the details ofeach acquisition.
The Rules page lists FireEye indicator of compromise (IOC) and false positive rules that might be triggered on your network. The list includes any custom indicator rules you have created for your environment, even if those indicator rules are not triggered. You can also use the Rules page to create and delete custom indicator rules.
The Enterprise Search page lets you search for threats or threat indicator rules on your host endpoints if they are running currently supported FireEye Endpoint Security Agent versions. The functionality shown in your environment might vary, based on the role assigned to your user account and based on the FireEye licenses you have installed.
The Admin Menu is used to configure your Endpoint Security server and deploy and manage the agents. Note, the functionality shown in your environment might vary, based on the role assigned to your user account and based on the FireEye licenses installed.
EXPLORE ON YOUR OWN
FireProof Demo Center
SOC analysts can directly contain compromised endpoints from any and all network connections (with exceptions for whitelisted connections). Let's focus on the "victim-PC3" host.
Endpoint containment can occur as easy as the click of the containment button and can optionally be separated into a two part process, one to request containment and a second to have an administrator approve the request.
The Host Details page provides:
Visibility into the events that triggered the alert(s)
Ability to contain the host with the click of a button while providing options for administrator approval
Contextual intelligence around the indicator that generated the alert
Containment Request Confirmed
When a host containment request has been made, you will receive confirmation in the form of a green message immediately after. Please hover over the Request Containment button for an example.
User Notice for Containment
There are customizable containment settings, including the type of message your users will receive if their system is being contained.
From the Admin Menu you can locate the containment settings. These allow you to turn the containment feature on or off, identify host sets that should be excluded from containment, and allows creation of a IP addresses whitelist to which contained hosts can still communicate.
FireEye Endpoint Security
Can Work For You
START TOUR AGAIN
FIreProof Demo Center