Detect and stop cyberattacks with Vectra and FireEye

  • Reduce valuable time between detection and response
  • Reduce the time on investigating an alert.
  • Enable security teams to take manual or automated action before cyberattacks lead to data loss
  • Create an efficient security operations workflow that reduces response and investigation time
  • Quickly mitigate high-risk threats.

Why integrate FireEye with Vectra AI?

Today’s cyberattacks frequently evade preventative security defenses along the network perimeter and move laterally between cloud and hybrid environments with ease. Legacy security solutions are often ill equipped to handle this expanded perimeter and the modern attacks on it and cause an overload of inconclusive alerts and hamper investigations.

Once attackers gain access, they often go undetected for many months – which is plenty of time to steal key assets and cause irreparable damage and public embarrassment.

Vectra and FireEye integrate two authoritative views of a cyberattack – the network and the endpoint. Giving full visibility into modern hybrid cloud environments and the devices and accounts involved. Vectra Detect analyzes all network traffic and cloud logs to automatically detect attack behaviors and prioritizes each one based on the risk they pose to your organization. FireEye Endpoint Security protects both client and server endpoints with multi-engine defense and detects and enables response to affected endpoints.

In addition to putting network and cloud-based threat context at your fingertips, Vectra Detect conveniently allows security teams enrich detection with the deep endpoint context of FireEye provides to perform additional investigation and isolate the compromised host to stop an attack.

Multi-Engine protection with FireEye and Vectra AI detection and response

To protect against cyber threats and reduce risk, security teams need comprehensive endpoint defense for both common and advanced cyber-attacks.

While protection does not stop everything, a multi-engine, targeted defense does stop the majority of common and advanced attacks. In Endpoint Security, protection begins with filtering out the noise of common attacks
with our signature-based protection engine. For uncommon and advanced attacks, FireEye created a machine learning engine, call MalwareGuard, the uses the vast library of threats that FireEye Mandiant has responded to train the engine. Even with the best protection a user may inadvertently click on a link or download an infected document. To stop exploits in browsers and common business software, FireEye uses a heuristic behavior analysis engine, called ExploitGuard to stop an attacker from using exploits.

For attacks that bypass all the various protections, Endpoint Security detects advanced attacks and enables response with tools and techniques developed by the world’s leading frontline responders. The indicator of compromise engine in FireEye Endpoint Security detects the human attacker using built in windows tools, stolen credentials or legit applications to move around laterally providing early detection and remediation of an attack in near real time. These indicators can be passed to tools, such as Vectra Detect to analyze and pinpoint the threat.

In addition to reducing the time to investigate threats, Vectra AI and FireEye let security teams take swift, decisive action.

Easily integrate network and endpoint context

When a threat is detected, Vectra and FireEye provide security teams with instant access to additional information for verification and investigation. Host identifiers and other host device data from FireEye are shown automatically in the Vectra platform UI.

FireEye easily reveals traits and behaviors of a threat that are only visible inside the host device. This enables security teams to quickly and conclusively verify a cyberthreat while also learning more about how the threat behaves on the host device itself. Vectra and FireEye seamlessly integrate two authoritative views of a cyberattack – the network and the endpoint.

Vectra AI and FireEye create an efficient security operations workflow that reduces response and investigation time, enabling security teams to quickly mitigate high-risk threats.

Additional resources


Threat Detection and Response for Everywhere the Adversaries Go

We're excited to announce extended EDR native integration support in the Cognito platform! Find out how you can benefit from these simple, seamless integrations for comprehensive coverage across the enterprise, IoT devices, hybrid cloud, and cloud environments.

Read the blog

FireEye Breach: Attack Details & How FireEye Rapidly Responded

Discover new learnings from the FireEye breach, including the objectives of the stolen tools, how those tools would present on the network, and how behavior-based detection can identify their use in an attack.

Read the blog

Count Your 16,000 Most Critical Assets? Are You Nuts?

Asset management is one of the toughest challenges IT organizations can face. Discover why the ability to detect threats early on the network is better than ranking your critical systems.

Read the blog