Home  >  APT29  >  Results  >  FireEye  >  Configuration

FireEye Configuration

Product Versions

FireEye Endpoint Security with agent 31.28.1, and FireEye Managed Defense


FireEye Endpoint Security  combines the best of legacy security products with FireEye technology, expertise and intelligence, to defend against today’s cyber-attacks. FireEye uses four engines in Endpoint Security to prevent, detect and respond to threats, as well as providing extensive investigative and threat hunting capabilities. To prevent common malware, Endpoint Security uses a signature-based endpoint protection platform (EPP) engine. To find threats for which a signature does not yet exist, MalwareGuard uses machine learning seeded with knowledge from the frontlines of cyber-attacks. Exploit Guard, a behavior-based analytics engine, stops exploits and threats from common attacks like phishing. Endpoint detection and response (EDR) capabilities are enabled through a real-time events engine that uses current, frontline intelligence to identify advanced threats. This defense in depth strategy helps protect enterprises by both preventing and reducing detection time of attacks. Native forensic capabilities and the ability to rapidly search EDR data and operating system artifacts at enterprise scale empower analysts and investigators to efficiently search for compromise, determine the scope of attacks and resolve incidents.

FireEye Endpoint Security is augmented with the strength of  FireEye Managed Defense. FireEye Managed Defense is a managed detection and response (MDR) service that combines industry-recognized cyber security expertise, FireEye technology and unparalleled knowledge of attackers to help minimize the impact of a breach. Managed Defense is continuously fueled by the industry’s largest global cyber threat intelligence capability that harnesses machine, campaign, adversary and victim intelligence gained on the front lines of the world’s most consequential cyber attacks. This frontline intelligence and expertise drives detection and guides our analysts’ hunting and investigation activities to reveal even the most sophisticated attacker. Our battle-savvy security analysts provide a comprehensive assessment of attacker activity along with customized response recommendations, delivering the context needed to understand threats, assess risk and take definitive action. 

Even with the best protection, breaches are inevitable. To ensure a substantive response that minimizes business disruption, FireEye Endpoint Security provides tools to:  

  • Search for and investigate known and unknown threats on tens of thousands of endpoints in minutes  
  • Identify and detail vectors an attack used to infiltrate an endpoint  
  • Determine whether an attack occurred (and persists) on a specific endpoint and where it spread 
  • Establish timeline and duration of endpoint compromises and follow the incident 
  • Clearly identify which endpoints and systems need containment to prevent further compromise
Primary Features:
  • Single agent with four detection engines to minimize configuration and maximize detection and prevention 
  • Single integrated workflow to analyze and respond to threats within Endpoint Security  
  • Fully integrated endpoint protection with antivirus (AV) defenses, machine learning, behavior analysis, indicators of compromise (IOCs) and endpoint visibility 
  • Triage Summary and Audit Viewer for exhaustive inspection and analysis of threats
  • Enterprise Search to rapidly find and illuminate suspicious activity and threats

Product Configuration

Malware protection, MalwareGuard, Exploit Guard and Real-time Indicator Detection were enabled for the test. Process Tracker, Enricher, LogonTracker, UACProtect and Process Guard modules were also enabled. All engines were enabled in detection-only mode, per test requirements. 

FireEye Endpoint Security allows customers to create and upload their own security content (in addition to what we provide them). To showcase this capability, we used our production security content, as well as all ATT&CK specific security content. FireEye has released the ATT&CK security content to our customer Marketplace.