Introduction to FireEye Endpoint Security

Reading Time: 2 minutes

As the internet world is growing, the security of user data has become a questionable topic. We continuously hear about new cyber attacks, vulnerabilities, or ransomware targets. FireEye Endpoint Security protects your endpoints with multi-engine protection in a single modular agent.

Endpoint Agents let you monitor the use, connectivity, and performance of VPN gateways and end-to-end network connections. Due to this, the remote employee can consume business-critical internal and SaaS apps with zero impact on user experience.

We know that it is really hectic for the security team to check all these threats for the company. They are burdened with too many tools that may or may not work together. Resulting in the creation of unnecessary noise rather than valuable signals. The systems which are present do not always provide adequate detection and might respond to the advanced threats.

fireEye Agent

So FireEye Endpoint protects the system against the latest cyberattacks by magnifying the major parts of legacy security products with FireEye technology. It basically

  • With the help of a signature-based engine stops the common malware
  • Using the machine learning engine, MalwareGuard, block advanced threats
  • Stops application exploits with the behavior analysis engine, ExploitGuard
  • Defend from new threat vectors with Endpoint Security Modules

Moreover, FireEye continuously generates modules to detect attack techniques and stimulate responses to arriving threats.

FireEye Endpoint Security is a level up to the present endpoint protection. It helps to detect what anti-virus can detect, but also what it is unable to detect. Its exhaustive endpoint visibility and threat intelligence enable analysts to tailor their defense. FireEye Endpoint Security enhances overall threat protection by integrating key security mechanisms within a single agent and threat management workflow system.

Ansible playbook for deploying FireEye Endpoint Security Agent

Role to run the playbook

- name: Run fireeye-agent role
  hosts: <hostname>
  become: true
  become_method: sudo
  roles:
    - fireeye-agent

Tasks we need to run the agent

---

- name: create fireeye directory
  file:
    path: <path_where_you_want_the_directory>
    state: directory

- name: 'Get XAGT package file 
  get_url:
    url: "{{ artifactory_url_xagt }}"
    dest: "<path_you_Want_to_download_the_package_file>"
    force: yes

- name: 'Get JSON FireEye config file from Artifactory'
  get_url:
    url: "{{ artifactory_url_xagt }}/xagt_agent_config.json"
    dest: "<path_you_Want_to_download_the_json_file>"
    force: yes

- name: 'Install FireEye Agent on Ubuntu servers'
  apt:
    deb: "<path>/{{ package_file_xagt }}"
    state: present
    update_cache: true
  register: result_xagt1

- name: 'Import FireEye agent settings from agent_config.json file'
  shell: |
    /opt/fireeye/bin/xagt -i <path>/fireeye_agent_config.json
  args:
    executable: /bin/bash

- name: 'Enable and start FireEye Agent service'
  service:
    name: xagt
    enabled: yes
    state: started

It takes time between agent installation and the moment when the agent gets its working configuration. Therefore, it is recommended to check agent working configuration after at least 1 hour of the installation.

Reference

https://www.fireeye.com/products/endpoint-security/endpoint-protection-platform.html

https://www.threatprotectworks.com/FireEye-HX-Series.asp

Written by 

Shivani Sarthi is a Software Consultant at Knoldus Software. She has completed her MCA from BCIIT and Bachelors in Electronic Science from Delhi University. She has a keen interest toward learning new technologies. Her practice area is Devops. When not working, you will find her watching anime or with a book.

Leave a Reply