IBM Security Intelligence Platform Integration with FireEye MPS, eMPS and MA appliances The new threat landscape includes advanced malware, zero-day and targets Advanced Persistent Threats. FireEye’s Malware Protection System (MPS) offers next generation threat protection that fills the holes left by other solutions, such as firewalls, IPS, gateways and AV. FireEye is the leader in stopping the new breed of cyber attacks, such as such as advanced malware, that easily bypass traditional signature-based defenses and compromise the majority of enterprise networks. FireEye's next-generation threat protection complements these defenses with the world's only signature-less solution that protects across all major threat vectors. . QRadar SIEM provides • Integrated log, threat, compliance management • Asset profiling and flow analytics • Offense management and workflow QRadar SIEM allows single pane troubleshooting of issues to create a Security Operations Center. QRadar can leverage the value of best of breed products you have already invested in throughout your infrastructure and combine that to enable you to reach compliance and security goals. Here are some real world examples combining these products together: 1. FireEye is on the inside network, it has no idea who the outside IP address is. Just leveraving our data gathering ability QRadar SIEM will provide the real IP address of the threat, lookup the system domain and name, IPS and flow information can tell if that source is active in any other ways and XForce threat feed will tell if the source is a known threat. 2. When FireEye finds an attempt to attack a vulnerability, QRadar and QVM/QRM can immediately see what other critical systems are vulnerable to that active attack and prioritize the immediate patching or blocking to those systems. 3. FireEye File MPS analyzes a file share and detects weaponized office document and alerts. QRadar can create an offense and target the person who wrote that file and what activity they are doing now to determine the reaction. 4. QRadar can report on all threats found to critical servers including threats FireEye found, by threat level, server importance and over specified time periods 5. When we release support for FireEye JSON format, a more verbose format, QRadar can analyze across 10 malicious files sent in from different parts of the world and see the IBM Security Intelligence Platform Integration with FireEye MPS, eMPS and MA appliances Adobe overflow vector provided by FireEye is exactly the same across all 10 files indicating a coordinated attack by the same group or malware authors. These examples show how QRadar can leverage the value of best of breed products you have already invested in throughout your infrastructure and combine that to enable you to reach compliance and security goals. Integrating FireEye MPS with QRadar enables protection against next generation threats to be extended across the enterprise. QRadar benefits by getting a great source of data to better highlight issues and generate offenses.