FireEye is an intelligence-led security company that helps organizations better prepare for, prevent, and respond to cyberattacks. FireEye serves more than 5,600 customers across 67 countries.
In just three years, FireEye’s threat intelligence team watched as their data volumes exploded—growing over 25 times. The team’s dynamic threat intelligence database, which combines malware information collected from FireEye customers with malware analytics, helps FireEye threat hunters identify zero-day attacks and stop advanced persistent threats before they can accomplish their mission.
As the amount of data grew, the team found its relational database could not easily scale, and response time to queries slowed. “Our threat intelligence data must be readily available,” said Alex Rivlin, software development manager, FireEye. “We came to the point where data access became a challenge using traditional technologies.”
FireEye worked with Cloudera to build an analytics platform to improve analysis required for faster detection of zero-day malware and advanced persistent threats. The platform supports terabytes of data collected from more than 16 million virtual analyses per hour.
FireEye threat hunters can also more easily apply machine learning to identify new attacks and campaigns. “Analytics and machine learning are core components of malware protection,” said Rivlin. “The Cloudera platform makes it easier to enable standard machine learning libraries and will free researchers from writing extractors and adapters to collect the data.”
With cybercriminals continually launching new attacks, FireEye wanted to move quickly in implementing its new platform. “Cloudera helped us meet a very aggressive timeline,” said Prabhu. “We could not have done that without their help.”
Because Apache Hadoop was new to the team, training was an important component of the company’s implementation plan. “Hadoop offered the best fit due to SQL access patterns and the ability to scale horizontally,” said Rivlin. “However, our team is skilled in relational database technologies and standard software application development. We needed to learn Hadoop tools and best practices. In four short days, Cloudera training gave us the jumpstart we needed and made our implementation easier than it would have been otherwise.”
The new platform improved productivity and visibility into available data, both key in the organization’s ability to detect zero-day attacks and stop advanced persistent threats earlier. For example, threat hunters obtain responses to queries magnitudes faster, and they can access a wider range of data that simply wasn’t accessible before.
“We are opening a new door for security research,” said Prabhu. “Before, researchers spent about 50 percent of their time collecting data. Now, more than 80 percent of their time is focused on research. Additionally, we can process two years of data and identify impacts that were practically not feasible with our legacy platform.”