Rob Ayoub, Sr. Product Marketing Manager, FireEye; Alex Lanstein, Product Manager, Detection on Demand, FireEye
One of the foremost challenges for security operations center (SOC) analysts is evaluating alerts from the wide variety of tools operating in the SOC. For every alert, SOC analysts must perform a detailed triage in order to determine the extent of an alert and whether an alert is actually a threat or a false positive. It can be difficult for a SOC analyst to easily determine whether a file or hash is malicious or benign and the whole process can take hours of valuable time.
Enter FireEye Detection on Demand! Delivered as an API, this threat detection service provides easy integration into the SOC workflow, SIEM analytics, data repositories, and more. Detection On Demand delivers flexible file and content analysis capabilities to identify malicious behavior wherever the enterprise needs it.
Verdicts are delivered almost instantly and allow applications to quickly process without the latency of other competitors. If more in-depth analysis is needed, users can log into the Detection On Demand web portal which provides reports, memory dumps, pcaps, and access to MITRE ATT&CK mappings.
Detection On Demand integrates natively with FireEye Security Orchestrator and with numerous other SaaS and Security products, providing for rapid integration with the existing infrastructure. Many application integrations are already in place with the likes of Splunk Phantom, Polarity, Siemplify, Palo Alto Network XSOAR, and D3 Security, with more being added every month.
In this webinar, you will learn:
•How Detection On Demand works
•How to best integrate Detection On Demand to improve the efficiency of your SOC
•Other ways you can leverage Detection on Demand
At the end of the webinar, you will be able to test drive Detection On Demand for yourself.