FireEye revamps its flagship anti-malware solution
Cybersecurity company FireEye has today introduced a new Innovation Architecture behind its Endpoint Security solution, including the availability of several new modules for protection, investigation and response.
FireEye Endpoint Security says it aims to buck the trend of ‘one-size-fits-all' solutions common for security vendors by delivering comprehensive defence using customisable protection modules.
The module creation blocks malware, detects advanced attacks, and provides the response tools and techniques that fit an organisation's unique risk profile and security posture, says FireEye.
“The rate at which new threats emerge is outpacing response,” says FireEye vicem president of engineering and general manager of Endpoint Michelle Salvado.
“And traditionally, the time that the industry took to respond with the creation, testing and deployment of new features has been too long.
“Through our new framework, FireEye makes an important shift in feature deployment. Now we can create and deploy these custom protection, investigation and response modules in just days – versus several months – in response to changes in the threat landscape.
Using this new modular approach, organisations need not wait for the next upgrade to benefit from the roll-out of new features or threat responses.
Organisations also have the autonomy to choose which modules they want to deploy, tailoring the level of protection down to an individual level if necessary.
New Endpoint Security modules fall under three general categories – protection, investigation - response, and enterprise readiness.
Endpoint Security stops unauthorised processes from obtaining access to credential data on Windows, removing the need for an analyst to intervene to resolve the security issue.
The solution collects metadata on Windows, Mac, and Linux endpoints and streams the data to the Endpoint Security console.
Released in the next few months, the enrichment module adds FireEye Intelligence information to files to help determine when a file is malicious, and aid in incident response investigations.
The solution offers a user interface within the Endpoint Security console that displays system information and agent status, providing extended visibility to the IT admin.
It also creates a triage on events that send back triggers, offering visibility into what the agent is doing, including which files have been previously quarantined.
FireEye says it plans to continue to release modules on an ongoing basis to address threats and release new features – including automation of remediation, increased streaming for alerting and investigation and enhanced protection of Windows access controls.
FireEye Endpoint Security also includes malware protection for macOS, support for IPv6 environments and updated Linux audit options.