FireEye today announced its release of FireEye XDR, an extended detection and response (XDR) platform with security protections for endpoint, network, email, and cloud, as well as a focus on helping enterprise and midmarket security operations teams detect and respond to incidents.
FireEye XDR, available today, will be the company's flagship offering following the sale of FireEye's products business to Symphony Technology Group for $1.2 billion earlier this year. The platform includes FireEye Helix, a software-as-a-service security operations platform with security information and event management (SIEM) capabilities, and any combination of FireEye products, including Endpoint, Network, Email, and Cloud tools.
XDR, an increasingly common term in the security space, takes a broader approach to endpoint detection and response (EDR) to provide visibility across an organization's endpoints, cloud workloads, and network. Unlike SIEM systems, XDR incorporates security capabilities such as firewall, antivirus, and EDR. Some businesses are wary to trust one vendor with so much; some view XDR as the advancement of EDR technology.
For FireEye, the decision to offer an XDR platform came from the growing proliferation of high-profile cyberattacks and the complexity in investigating and responding to these incidents.
"It's getting harder to stitch the pieces together," says Bryan Palma, senior vice president of products for FireEye, of cyberattacks' growing complexity. "How do you bring together the different pieces of the puzzle?" In the aftermath of an incident, security teams often struggle to collect the data they need and correlate it with the many disparate security tools they have.
Organizations struggle to optimize a growing number of security tools, especially those that are transitioning to cloud or hybrid architectures. "Both at the enterprise level and the midmarket, we're seeing them want to simplify their security stacks," Palma adds.
FireEye aims to offer that kind of simplification in its XDR platform, with its security tools brought together by its Helix tool for SIEM and security orchestration, automation, and response (SOAR). Helix is aligned with FireEye's own components but allows teams to use data from different vendors and sources, making it possible to use third-party security tools as well.
"Helix is an open platform; it ingests third-party data, but it's also aligned with our particular XDR components," Palma explains. Email, network, and cloud security are brought into the platform as modules. The goal is to improve response time and automate investigations so analysts can prioritize their time and focus on what's most important, he adds. In addition to the analytics capabilities for detecting attacks and lateral movement, FireEye XDR brings data from multiple technologies into one place so analysts can more easily derive insights from it.
"FireEye XDR provides guided investigation workflows, allowing organizations to reduce the impact of security incident workflows," Michelle Salvado — senior vice president and general manager for FireEye's endpoint, email, and Helix platform — writes in a blog post. "Ultimately, teams gain the ability to prioritize analyst time and mitigate risk by addressing what is critical to their security operations."
The platform encompasses threat intelligence from Mandiant, now a stand-alone organization. Palma says the relationship between the FireEye Products business and Mandiant will continue, and the latter will continue to use FireEye technology for managed defense. The two also have a data-sharing agreement: FireEye will still provide telemetry to Mandiant, and Mandiant will provide intel that goes into FireEye's tools.
In addition to addressing the problem of complexity, FireEye XDR aims to help businesses fill in the gaps where they lack sufficient security staff. "There continues to be a significant shortage on talent," says Palma. "We think this is a place where XDR can really jump in." This is especially relevant in places like the public sector and healthcare, which struggle with security staffing.
FireEye has historically done this with its managed service Mandiant Defense, he continues. While the company will still work closely with Mandiant, Palma says this is an opportunity to bring FireEye's products to managed security service providers (MSSPs), which organizations increasingly rely on for security functions.
Over the next few quarters, the FireEye Products business is planning to bring new features into FireEye XDR, including improved endpoint capabilities, upgraded dashboards and threat-graphing capabilities for Helix, additional support for third-party security tools, and continued integration with the Mandiant Advantage platform, which includes automated defense.