Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network’s perimeter where you have deployed advanced threat defenses. These employees’ devices are only defended by traditional endpoint anti-malware, which relies on comparing data files to known threat samples to block malware. Yet advanced malware seldom, if ever, is blocked using this signature-based technique.
PTC, a joint FireEye customer, explains how Umbrella helps the team “defend forward.”
FireEye’s purpose-built, virtual machine-based technology detects advanced malware by examining network traffic in your corporate environment for unknown data files. Then, analyzing these files for malicious behaviors in real-time. Umbrella enforces network security policies across any device, anywhere, using our global network. We block malicious connections—over Web and non-Web traffic—at the Internet’s DNS layer. This stops an attack’s initial malware infection or its subsequent botnet callback. By integrating with FireEye’s real-time detection capabilities, Umbrella can automatically validate and globally enforce the local malware intelligence that FireEye gathers on-premises.
Together, Umbrella and FireEye give you the power to block advanced malware. In less than a minute, Umbrella reports which specific devices or employees were protected using both Umbrella’s global intelligence and FireEye’s local intelligence. Additional security insights and investigative features allow security practitioners to determine whether the attack was targeted and if it is related to other known or advanced threats.