Risk
2/26/2013
10:43 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

FireEye And Guidance Software Partner To Deliver Integrated Cyber Attack Detection And Incident Response Solution

FireEye-EnCase Cybersecurity joint solution designed to automate the incident response workflow

MILPITAS, Calif. & PASADENA, Calif.--(BUSINESS WIRE)--Guidance Software (NASDAQ: GUID) – FireEye®, Inc., the leader in stopping today's new breed of cyber attacks, and Guidance Software Inc. (NASDAQ:GUID), the World Leader in Digital Investigations&trade, today announced the integration of the companies' two security solutions to more effectively detect, validate, and remediate today's new breed of cyber attacks.

The integration between Guidance Software's EnCase® Cybersecurity and the FireEye threat protection platform is designed to automate the incident response workflow so that companies can start triaging an advanced cyber attack immediately following detection, within minutes instead of weeks. The combined solution uses the FireEye platform to detect malware on the network, and then immediately shares threat intelligence discovered by the FireEye platform with EnCase Cybersecurity. The FireEye alert triggers an automated assessment of the endpoints by EnCase Cybersecurity which determines their risk profiles, prioritizes the responses, and finally remediates any harm.

The FireEye-EnCase Cybersecurity joint solution provides a complete workflow against today's new breed of cyber attacks. Features include the following:

Signature-less detection ensures ability to detect advanced threats including targeted zero-day attacks and advanced persistent threats (APTs)

Automated endpoint validation to ensure high-risk devices get the immediate attention they deserve

A snapshot of the affected endpoints the moment an attack is detected to provide the information needed for comprehensive scope assessment and dramatic reduction in time to recovery

Remediation capabilities to block command and control traffic, kill malicious processes, and wipe offending files

"As a value added reseller, our mission is to solve pervasive information security problems with the right technology--and there is no one vendor with a single solution," said Brandy Peterson, chief technology officer, FishNet Security. "There's simply too much at stake for our customers, and the integration between FireEye and EnCase Cybersecurity will help them quickly detect and more fully respond to cyber attacks."

"Traditional security technology is ill-equipped to handle the barrage of cyber attacks perpetuated by today's cybercriminals," said David DeWalt, FireEye chairman and CEO. "FireEye has a unique threat protection platform to protect against today's attacks, which is extended by the ability of EnCase Cybersecurity to provide rapid incident response."

"The headlines prove that even the most secure organizations will inevitably face a data breach and need to respond swiftly when that happens," said Victor Limongelli, Guidance Software president and chief executive officer. "Our customers acknowledge this and have actively worked with us and FireEye to take the evolutionary next step in information security, fully automating critical response activities that mitigate the threat of today's cyber attacks."

Additional benefits of the joint solution include:

Lower Total Cost of Ownership – Organizations can decrease their security spend by reducing detection time and improving digital forensics, improving malware incident response from weeks to minutes.

Advanced Threat Protection – Network traffic analysis identifies and stops targeted, zero-day attacks and audits endpoints to detect additional risk.

Real-time Detection and Response – IT departments can identify and prevent outbound callback communication to eliminate compromised systems from being exploited by external command and control servers to contain threats.

Deep Forensic Analysis – The FireEye-EnCase cybersecurity solution is designed to provide total visibility into potentially compromised endpoints the moment an alert is generated to accurately determine the source and scope of an attack.

The joint solution is available today from VARs worldwide.

About FireEye, Inc.

FireEye® has pioneered the next generation of threat protection to help organizations protect themselves from being compromised. Cyber attacks have become much more sophisticated and are now easily bypassing traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways, compromising the majority of enterprise networks. The FireEye platform supplements these legacy defenses with a new model of security to protect against the new breed of cyber attacks. The unique FireEye platform provides the industry's leading cross-enterprise threat protection fabric to dynamically identify and block cyber attacks in real time. The core of the FireEye platform is a signature-less, virtualized detection engine and a cloud-based threat intelligence network, which help organizations protect their assets across all major threat vectors, including Web, email, mobile, and file-based cyber attacks. The FireEye platform is deployed in over 40 countries and more than 1,000 customers and partners, including over 25% of the Fortune 100.

About Guidance Software, Inc.

Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase® Enterprise platform is used by numerous government agencies, more than 65% of the Fortune 100, and more than 40% of the Fortune 500, to conduct digital investigations of servers, laptops, desktops, and mobile devices. Built on the EnCase Enterprise platform are market-leading electronic discovery and cyber security solutions, EnCase® eDiscovery and EnCase® Cybersecurity, which enable organizations to respond to litigation discovery requests, proactively perform data discovery for compliance purposes, and conduct speedy and thorough security incident response. For more information about Guidance Software, visit www.guidancesoftware.com.

EnCase®, EnScript®, FastBloc®, EnCE®, EnCEP®, CaseCentral®, CaseCentral eDiscovery Cloud®, Guidance Software&trade and Tableau&trade are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other trademarks and copyrights referenced in this press release are the property of their respective owners.

- See more at: http://www.rsaconference.com/events/2013/usa/for-media/sponsor-news.htm#sthash.1yFzc4k7.dpuf

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web