29 Februar 2016 User Stories

TAP(ping) Out Security Threats at FireEye: An Elastic{ON} Reflection

Von Chris Rimondi

FireEye is a security company that provides real-time threat protection to enterprises and governments against cyber-attacks. Its real-time threat protection platform operates without the use of signatures to protect an organization across the primary threat vectors and across the various stages of an attack life cycle.

Elasticsearch has been a critical part of the Threat Analytics Platform (TAP) at FireEye for the past two years. Our engineering and operations teams had the opportunity of watching the maturity of Elasticsearch through multiple versions. The Elastic{ON} conferences have become mile markers in the product’s progress. FireEye sent attendees to the conference in 2015 and was privileged to have a speaking spot in 2016.

One of the most valuable aspects of the conference is that Elastic sent its entire company — including engineers, product managers, and executives — to the conference this year. They laid out the vision of aligning their products and how these improvements will impact features and versioning. As an organization that is looking to leverage different Elastic products within its development roadmap, it was valuable to get the insight directly from the source. Various product management from Elastic were there including Tanya Bragin. I shared some of FireEye’s objectives and queried Tanya about Elastic’s roadmap related to analytic capabilities.

FireEye shared its Threat Analytics Platform user story on Wednesday night. As a speaker, the best part of presenting was getting to talk to attendees afterwards about their use cases and compare war stories. I easily learned as much (and probably more) from chatting afterward with attendees as I did from other sessions. It was a healthy exchange of what worked and what didn’t when deploying Elasticsearch.

I hope you enjoy hearing how FireEye built a security analytics platform that indexes hundreds of thousands of events per second and allows its enterprise customers to find evil in their organizations across petabytes of data.  

elasticon-16-sf-fireeye.jpgTo watch the full FireEye presentation, click the image above or just follow this link

Chris Rimondi runs the Site Reliability Engineering team for the Cloud business unit at FireEye. He started at Mandiant, three years ago, prior to its acquisition by FireEye. Since then he is focused on building and supporting the next generation of FireEye applications in its public and private cloud infrastructure.