Requirements
- A complementary solution for already used applications and systems, capable of delivering timely protection against advanced cyber threats.
Results
- By implementing the FireEye solution, BCR obtained a superior speed of detection and a better reaction time in detecting and resolving security incidents that can be punctually identified, which offers the possibility to take measures at the workstation level.
Solution
- FireEye Network Security (NX) security solution.
- Quick detection and addression of cyber attacks that exploit “0 Day” security holes type and “advanced malware” threats that cannot be detected in a timely manner.
- Uses conventional security tools based on signatures databases.
Overview of the situation
The solution and the implementation
partner
New cyber attacks types are mainly using Internet as a propagation environment and allow attackers to quickly detect and identify the protection systems of the targetorganizations, to compromise and take long-term control over key applications, for the purpose of data compromise and / or theft.
The main vectors of infection that may carry malicious programs (delivered as executable files, PDF documents, Java objects, archives, etc.) are: Web traffic, file sharing and mail traffic. New generation of exponents are advanced malware threats and multi-vector attacks having precise target, which cannot be effectively detected and blocked by traditional security solutions using identification technologies based on signature lists.
Advantages and benefits
The main benefit attested by BCR using FireEye Network Security solution, is that the bank is able to detect and block threats more quickly compared to using conventional solutions. It offers to BCR a superior detection speed and reaction time in resolving security incidents. In this implementation performed by BCR, the FireEye solution is exclusively designed to detect and stop Advanced Persistent Threats.
Another advantage of the FireEye Network Security solution is that the product is almost completely “plug-andplay”. This meant for BCR reduced effort of eployment and integration, ease of setup and use, and eliminating the risk of traffic disruption, if there is a malfunction in equipment.
At the operational level, an important gain is that BCR is able to identify the threats in detail and therefore, has the opportunity to take measures at the workstation level, reducing the effort of detecting and solving the issues.
By intercepting the Web traffic of the users, the FireEye equipment runs different file types on the integrated virtual machines, and based on the recorded behaviors, it sets a level of risk for each file. The simulation of a workstation on a virtual machine is performed using a proprietary hypervisor. This is very important as most current malware codes are able to detect whether they are running in a virtual environment and based on this detection they can set an idle status to avoid being detected. On the other hand, the software component of the FireEye Network Security solution doesn’t interact directly with the performed activities within the virtual machine. Practically, it works like an observer which launches alerts when it identifies a potential abnormal behavior that may represent a risk factor, and based on these alerts different decisions can be taken - investigating, blocking etc.