Microsoft and FireEye collaborate to up the cyber security ante on Windows 10 devices
Microsoft and FireEye collaborate to up the cyber security ante on Windows 10 devices |
FireEye to gain access to telemetry data from every Windows 10 device
FireEye has recently struck a deal with Microsoft, which gives FireEye access to all Windows 10 telemetry data, according to a report by Australian news magazine ARN. This means FireEye in return will place the security vendor’s iSIGHT Intelligence software into Windows Defender, an inbuilt Windows security offering.
“FireEye iSIGHT Intelligence is a proactive, forward-006Cooking means of qualifying threats poised to disrupt business based on the intents, tools and tactics of the attacker.”
The Windows Defender service can be used by the users in a free trial before purchasing a subscription to Windows Defender Advanced Threat Protection (WDATP).
The partnership with a well-known cyber security vendor such as FireEye benefits Microsoft, and specifically the reputation and credibility of the commercial version of Windows Defender.
Additionally, it also pits the software giant against the incumbent players in the already highly competitive endpoint security market.
WDATP customers have access to intelligence technical indicators that are provided by the software. These include the main motivation of the attacker, related tools, information about target sectors and geographies, and a description of the actor and operation.
According to the report on ARN, security teams may also be able to access the telemetry via a subscription billing model.
“FireEye has invested in nation-state grade intelligence and we are strategically partnering with industry leaders to operationalise this high-quality intel,” said FireEye senior vice president of corporate development, Ken Gonzalez.
FireEye is now able to offer “differentiated intelligence” within WDATP by working with Microsoft, Gonzalez said and together help make organisations more secure.
“With the Windows 10 Anniversary Update, we added this new layer of defence with WDATP – a new built-in OS sensor combined with powerful cloud-powered behavioural detection analytics – in order to help enterprises, detect, investigate and respond to targeted attacks and data breaches on their endpoints quicker and easier,” added, Windows Cyber Defence, general manager, Moti Gindi.
“As two security leaders working together, the combined Microsoft and FireEye adversary-based security intelligence ensures WDATP detections can provide the right context needed to prepare for and simplify response to attacks.”
James Turner, IBRS security analyst, told ARN that the deal brings extensive benefits to both vendors.
“There are benefits here for both Microsoft and FireEye,” he said.
“Microsoft are seen to be playing with a big brand name in the security space and FireEye potentially get access to a much broader distribution of endpoints than it would otherwise have.”
Access to telemetry alone will not essentially give the vendor an edge over its rivals, warned Turner as the partnership may only be seen as a boon for FireEye, covering the vendors threat detection network to contest with major endpoint players such as Kaspersky Lab and Symantec.
“It’s a classic case of FOMO [fear of missing out],” he explained. “Everyone thinks that everyone else has got better intelligence than they do so everyone has a fear of missing out.
“So everyone talks about intelligence sharing but the most valuable threat intelligence is that which is made directly applicable to you and can take action on.
“When you start looking at this particular offering, it has to be fairly generic because there is no customisation – as far as I can tell – around this. It is literally going to be a case of seeing something out there and identifying it as bad.
“It is going to be very hard for this to be customised to any specific client.”
Adding further, Turner said that there could be exemptions to this rule including searching for pre-defined keywords. However, it is going to be determined by the actual mechanism around it.
“If it is a way of helping to commoditise more advanced, threat centric security for the endpoint, then that is a plus,” he said “But ultimately, I think anybody who is expecting a silver bullet will be disappointed.
“Obviously we need to see the proof of the pudding in the eating, but there is a definite potential here to help do a capable shift in the way things are going.”
Comments
Post a Comment