WhatWorks in Detecting and Blocking Advanced Threats at a Large Research Organization

  • Tuesday, 06 Aug 2013 1:00PM EDT (06 Aug 2013 17:00 UTC)
  • Speaker: John Pescatore

Learn how a leading national research lab ensures effective operations and cybersecurity capabilities, and how advanced threat protection from FireEye helps get the job done.

About the User

The user interviewed for this case study has requested anonymity to maintain confidentiality, but has allowed us to refer to him as a Cyber Security Analyst at a National Laboratory. The WhatWorks program can help more users make more informed decisions if we allow seasoned professionals from major user organizations to share their stories without revealing the name of the organization.

SANS Summary

A leading national research lab must allow users to collaborate online, manage their own IT environments, and rely on the Internet to perform their day to day activities - all high risk activities. The desire to take a more aggressive approach to detecting security incidents prompted them to look at new threat detection systems. The team found that FireEye performed as a proactive advanced threat protection platform that actively inspected traffic on their high speed networks and detected malicious events that were unseen by other installed network security systems. The FireEye solution installed easily, is monitored and maintained with very little personnel overhead, and has a very low rate of false positives.