Eliminating malware resident on file shares

FireEye announced its File Malware Protection System (MPS) that detects and eliminates advanced malware found on file shares. The solution prevents the lateral spread of malicious code into central data stores and addresses the security weaknesses introduced by Web-based email, social networking, online file transfer tools, personal storage devices and other manual means that bring files into the network.

The File MPS extends the FireEye security platform to protect companies and federal agencies from another key stage of an advanced targeted attack.

The solution complements the Web MPS and Email MPS appliances, which protect against Web-based and email-based threat vectors, by addressing the malware resident on file shares used by cybercriminals to establish a long-term foothold in the network and to infect systems, even those without access to the external Internet. Now, enterprises can not only stop Web and email attacks, but can also detect and eliminate the malware resident on file shares that target sensitive information.

The File MPS security appliances analyze file shares using the patented FireEye Virtual Execution (VX) Engine that detects zero-day malicious code embedded in all common file types. The File MPS performs recursive, scheduled, and on-demand scanning of accessible network file shares to identify and quarantine resident malware without impact to corporate productivity. This halts a key stage of the advanced attack lifecycle.

The FireEye security platform addresses advanced targeted attacks that use sophisticated malware and APT tactics, not only to penetrate defenses, but also to spread laterally through file shares. Many corporate data centers remain vulnerable to advanced malware because of the ineffectiveness of traditional defenses like anti-virus. Criminals leverage this vulnerability in the current security architecture to spread into network file shares, embed malicious code in the vast data stores and become a persistent threat vector to infect and re-infect key systems even after IT remediates them.

FireEye is able to deal with the challenges of multi-vector, multi-stage attacks because the Malware Protection System shares malware threat data in real-time across all its appliances through the Central Management System and also through the global Malware Protection Cloud.

“Advanced targeted attacks are a real and present danger representing a serious threat to enterprises, particularly a higher potential for data loss and industrial espionage,” said Lawrence Orans, Research Director, Gartner, Inc. “Gartner believes that cybercriminals will continue to use all available techniques during an advanced targeted attack to successfully bypass traditional security.”




Share this