Embed Size (px)
Citation preview
OCTOBER 1 – 4, 2018 | WASHINGTON, D.C.
FireEye Managed DefenseTracking the Threats that Matter
©2018 FireEye
Prevent Security IncidentsIdentifying threats early
Reduce the Impact of Security IncidentsBy disrupting the attack chain and acting quickly to mitigate damage
Improve ProductivityBy augmenting staff with Managed Defense analyst driven expertise
1
2
3
2
FireEye Managed Defense is a managed detection and response (MDR) service that combines industry recognized cyber security expertise, FireEye technology and unparalleled knowledge of attackers to identify threats early and reduce the consequences of a breach.
©2018 FireEye
Managed Defense EvolutionExperience-driven detection and response for threats that matter
2011 – Managed Defense established as part of Mandiant for customers emerging from Incident Response and needing ongoing assistance
2016 – Gartner publishes its first Market Guide to Managed Detection & Response
2018 – FireEye Managed Defense continues to drive innovation in the MDR market
3
©2018 FireEye
Proof Points: Attacker Lifecycle§ Managed Defense helps customer identify the most impactful threats that have
evaded technical controls
Initial Compromise
Establish Foothold
Escalate Privileges
InternalRecon
CompleteMission
43% 29% 9% 2% <1%High Severity Threats found by Managed Defense Analysts at Each Stage
Greatest impact - Hardest to detect
Advanced Practices: Adversary Pursuit
©2018 FireEye
Adversary Pursuit
6
Pursue Groups that Matter Across the FireEye Ecosystem
Pursue
A
Track and Map Our Adversaries
Enable
C
Advocate as Subject Matter
Experts
Pass
B
Transfer Knowledge at Speed & Scale
B
CA
©2018 FireEye
AP Strives for Complete Picture
7
Single Compromise
FIreEye observes single event in one business
unit one time
AP Workflows
• Other FE Victims• Attribution Surface• Technical Analysis• Malware Analysis• External Research• Analytical
Deconfliction
Institutional Knowledge
Entire company can gain knowledge at
scope & scale to use for their own purposes
©2018 FireEye
Problem Statement
8
16M+Endpoints
27M+Mailboxes
1.6T+TAP/HELIX Events
6300+Customers in 60+ Countries
309PB+Traffic Evaluated
Monthly
50K+Indicators
Published Monthly
5B+Emails Evaluated
Monthly
1MThreat Actor
Personas Tracked
©2018 FireEye
Applying the Definition (Groups)
9
100%
7%
60%
20%
1200+ Total Groups
600 with Mission
91 Meet AP Criteria
250 with Location in 2017
Combination of group skill, motivation, impact, attribution, and active intrusions accounts for seven percent of FireEye total
Represents 22 nation-state programs
91 Groups
©2018 FireEye
Applying the Definition (Techniques)
10
100%
.7%
15%
7%
1300+ Total Techniques
182 Medium Pri
11 AP Essential
104 AP Hi-Pri
Mix of impact, rarity, capability, and potential purpose used to establish priority
115 Techniques
Fireside Chat
©2018 FireEye
Key Benefits of Managed DefenseExperienceLeverage +100K hours of IR experience per year from the most impactful breaches
Adaptive DetectionIn-depth understanding of adversary TTPs to focus on detecting attacker methods and behaviors
IntelligenceAccess to nation-state grade intel collection supported by 150+ intel analysts
Campaign Visibility Visibility into and protection from campaigns across similar industries as they unfold
In-region Expertise7 global SOCs; In-region technical engagement managers 24x7x365
12
99.8%validated
compromises without requiring IR
700frontline cyber security experts
10Mthreat actor
personas tracked
4Mendpoints monitored
through managed defense
Proactive HuntingIntegrated hunting and investigation across network, logs and endpoint
OCTOBER 1 – 4, 2018 | WASHINGTON, D.C.
FireEye Managed DefenseTracking the Threats that Matter
