RSA 2014 starts today and we can expect there will be a number of new security announcements surrounding the San Francisco, CA event throughout the week.  One of the most watched companies in the industry, FireEye will feature their latest product development, building on the popular platform.  Threat analytics are being introduced and are expected to help organizations rapidly identify attacks and accelerate their incident response by correlating security event data and threat intelligence.  As discussed in a preview last week, threat intelligence is the product of the integration of Mandiant and this powerful alignment is designed to provide a real-time intelligence layer to data that is collected from throughout an environment.

In a briefing with Dave Merkle, CTO of Mandiant he shared the details of this new platform and also talked about some of the details on how they got here.   First off, the linking of technologies of these two companies is being navigated in such a way that the hardware tech will be stratified under the FireEye brand.  The Mandiant brand will apply to incident response and high-end security services, playing purely in the services space.  But it is a true marriage, not just a brand shift.  That’s clear in what they are introducing in their new platform.  FireEye’s coming platform will rely on Mandiant intelligence in order to produce a level of automated intelligence that is integrated in an analytic process.  The platform also incorporates intelligence exchange within the various system elements as well as from throughout a peer community.

Throughout the environment – from network equipment, from security systems, from databases and other endpoints, security information is gathered and rapidly analyzed and using the new Threat Analytics, the most critical threats are  delivered to security personnel to enable quick reactions and instant awareness of critical issues.

“Most security-conscious organizations spend significant resources on amassing log and event data to satisfy regulatory and compliance requirements. However, few are able to derive value from these data troves when it comes to detecting and responding to advanced attacks,” said Manish Gupta, senior vice president of products at FireEye. “FireEye Threat Analytics filters out the noise by comparing data generated by existing security technologies with FireEye real-time threat intelligence so security teams get the information needed to identify attacks at their earliest stages and respond aggressively.”

More importantly, this is a bold new move for FireEye, as they progress towards offering a single solution platform for customers to use across their environments.  Until now, the FireEye platform had been successfully implemented as a robust and powerful layer in security environments, popular for its enterprise features and long list of capabilities.  Now, people will have the opportunity to view the entire integrated platform at the RSA event, and it is likely that this new technology will see significant adoption as it emerges into the market.

FireEye Threat Analytics capabilities include:

·         Analyze Event Data to Detect Advanced Attackers. Performs correlation of event logs against the FireEye database of threat intelligence to identify when attackers are active in the environment.

·         Search for Attackers With Your Own Intelligence. Rapidly applies existing threat intelligence to security event data to find attackers that bypass other security measures and identify unusual activity that may indicate the beginning of an attack.

·         Accelerate Response to Suspected Incidents. Enables analysts to pivot on information within an alert to identify related users, endpoints, and attacker infrastructure so they can determine the initial scope of a suspected incident and accelerate incident response.

·         Manage and Track Incidents. Improves response efficiency by enabling analysts to manage investigative tasks related to each incident, track follow-up, and measure resolution time.

FireEye Threat Analytics is currently available in Beta and will be generally available February 24, 2014. Attendees at the 2014 RSA Conference in San Francisco will be able to view demonstrations at the FireEye booth on February 24 – 27, 2014.

photo credit: bmward_2000 via photopin cc