FireEye Endpoint Security HX Series

Built by experts to protect endpoints from threats that matter

 FireEye is a publicly traded cybersecurity
company headquartered in Milpitas, California,
United States.

It provides hardware, software, and services to

investigate cybersecurity attacks, protect against
Introduction malicious software, and analyse IT security risks.

to FireEye FireEye was founded in 2004.

CEO : Kevin Mandia.

Products of FireEye
Helix - Security Operations Platform
Applies threat intelligence, automation, and case
management to FireEye and third-party solutions in a
unified security operations platform.

Endpoint Security
Provides comprehensive endpoint defence, protecting
users from common threats, detecting advanced attacks,
and empowering response.

Email Security Cloud Edition

Integrates seamlessly with cloud-based email systems to
stop targeted, advanced attacks faster and more
accurately than Exchange Online Protection alone.

Managed Defense
Applies frontline knowledge of the attacker and proven
hunting methodologies to detect and respond to covert
activity.
Products of FireEye
Network Security
Provides network visibility and protection against the
world's most sophisticated and damaging cyber attacks.

Email Security
Detects email-based cyber attacks and blocks the most
dangerous threats including malicious attachments,
phishing sites and impersonation attacks.

FireEye Threat Analytics

Defeat the threats that matter with next-generation
security information and event management.

Threat Intelligence
Empowers security teams with forward-looking, high
fidelity, adversary-focused intelligence and actionable
advice.
And many more solutions…..
FireEye Endpoint
Security
Specification
Deployment options
Endpoint Security can be deployed as an
on-premise hardware appliance that
protects up to 100,000 endpoints, a
virtual appliance, or through a cloud
instance.
The HX4502 physical appliance can be
used for either core or DMZ deployment
— the only difference is the license state
of each device; the hardware is identical.
FireEye
Endpoint
Security
Specification
at HDFCLIFE
 FireEye HX basically Detect and block
whatever AV technology catches – and what
it misses.
FireEye Endpoint Security improves security visibility and
the quality and relevance of your threat data to address
these gaps and give us:

Overview  Fully integrated malware protection (antivirus (AV) defences),

remediation, behaviour analysis, intelligence and endpoint
visibility
 Triage and Audit Viewer to conduct exhaustive inspection and
analysis of threat indicators with integrated
 Enterprise Security Search to rapidly find and illuminate
intention of suspicious activity or threat
 Data Acquisition to conduct detailed in-depth endpoint
inspection and analysis over specific time frame
 Exploit Guard to detect, alert, and prevent attacks attempting
to misuse or exploit applications
Benefits
Automatically detect and prevent malware, exploits or an attack process on any
endpoint
Assess and analyse endpoint behaviour to reveal and block application exploits from
executing with Exploit Guard.
 Investigate in-process exploit activity quickly and thoroughly to facilitate protection
 Thwart malware and other attacks traditional and NGAV endpoint solutions miss
 Detect and stop memory and application attacks such as macros

Instantly validate and contain endpoint attacks

Uncover, inspect and analyse any suspicious activities and endpoint incidents and stop
an in-progress attack that might include command and control, lateral spread or other
processes.
 Conduct complex searches of all endpoints to find known and unknown threats
 Isolate compromised devices for added analysis with a single click
Get enhanced endpoint visibility
Identify the root cause of alerts with enhanced visibility allowing analysts to conduct
deep analyses of threats on every endpoint with Data Acquisition lookback cache.
 Inspect and analyse past and present endpoint activity
 Get a complete view into activity timelines for forensic analysis
 Gather relevant details on any incident, including known stopped attacks to better
adapt defences to attacks in real-time
Features
Adaptive endpoint protection

Intelligence-led endpoint security

Extends advanced threat intelligence from the
core network to all endpoints.
End-to-end visibility
Lets you rapidly search for and identify threats and
discern threat level.
Detection and response capabilities
Allows instant detection, investigation and containment of
endpoints to expedite response.
Integrated workflow
Provide a single workflow to analyse and remediate
threats within endpoint security.
Single agent
Enables detailed endpoint detection, analysis and
response all from a single agent.
Easy-to-understand interface
Accelerates interpretation and response to any suspicious
endpoint activity.
Deployment
Endpoint Security can be deployed through the cloud or as a virtual or on-premise hardware appliance (listed
below) that protects up to 100,000 endpoints. The HX4502 can be used for either core or DMZ deployment — the
only difference is the license state of each device; the hardware is identical.
How it Works?
Endpoint Security can search for and investigate known and unknown threats on tens of
thousands of endpoints in minutes. It uses FireEye Dynamic Threat Intelligence to
correlate alerts generated by FireEye and network security products and security logs to
validate a threat:

 Identify and detail vectors an attack used to infiltrate an endpoint

 Determine whether an attack occurred (and persists) on a specific endpoint
 Ascertain whether lateral spread occurred and to which endpoints
 Establish time line and how long an endpoint(s) has been compromised
 Follow the incident to identify whether and what intellectual property may have
been exfiltrated
 Clearly identify which endpoints and systems need containment to prevent further
compromises form front-line analysts into investigators by making it simple and
straightforward to quickly interpret data and follow up appropriately
Endpoint Security Requirements
 Endpoint Security virtual appliances require the
following VMware resources:

 VMware ESXi host version 6.0 or later. Earlier ESXi

versions are not supported

Virtual 


VMware vSphere Client
VMware VCenter Server (recommended). When you

Appliance use vSphere Client to add virtual appliances to

vCenter Server, the Deploy OVG Template wizard
provides an easy way to enter your activation
Requirements code. Otherwise, you must type it in the virtual
appliance console, because you cannot paste into
this console.
 VMXNET 3 network drivers
 Standard virtual switch created for the monitoring
ports of the virtual appliances and attached to a
physical network adapter on the ESXi server.
Standard
Deployment
For on-premises deployment,
shown, the components of Endpoint
Security include the Endpoint
Security Server (HX), the DMZ Server
(HXD), along with the agent. Cloud
HX does not require a separate DMZ
Server.

HXD and HX communicate over

port 6800.
HX Operational
Overview
 Endpoint Security integrates with
FireEye Network Security, FireEye
Email Security, FireEye FX, or FireEye
AX. In this example, FireEye Network
Security detects malware on the wire.

 The alert is reported to Central

Management.

 Central Management converts the

threat information to Open IOC
format and sends the threat to
Endpoint Security.
HX Operational
Overview
 Endpoint Security integrates with
FireEye Network Security, FireEye
Email Security, FireEye FX, or FireEye
AX. In this example, FireEye Network
Security detects malware on the wire.

 The alert is reported to Central

Management.

 Central Management converts the

threat information to Open IOC
format and sends the threat to
Endpoint Security.
HX Operational
Overview
 The agent compares updated
indicators with significant activity
stored in the lookback cache.

 When the agent detects a match to an

indicator on a compromised system:
1. The agent generates an alert.
2. At the same time, the agent prepares
a triage package with system
information and the contents of the
lookback cache around the time of the
alert.