FireEye Status Report

When managing an organization’s risk, being able to evaluate security devices is an important first stage. Understanding if security devices are configured properly allows organizations to better manage potential threats. The FireEye Status Report allows organizations to audit FireEye Threat Management device configurations without the need for individual access.

The Chief Information Security Officer (CISO) often asks the operations team and security administrators these common questions:

• What systems need attention now?
• What systems can be safely ignored for the time being?

CISO’s are responsible for translating a mountain of security data to understand the risk exposure of the organization. This report displays the summary status of a FireEye device and includes indicators based on The FireEye audit findings. Organizations that utilize FireEye platforms to protect themselves against advanced cyber threats benefit from this dashboard.

This Report requires the following audit file : [TNS_BestPractice_FireEye.audit], and successful post scan audit file results.

This report uses FireEye audit checks to highlight the pass/fail results of the checks, allowing a security analyst to review the configuration and status of the device without requiring device management privileges.

The Vulnerabilities Chapter is arranged to provide visual severity summary results via both a pie chart and a table containing severity count indications from The FireEye compliance audit. These are specifically for checks within the following audit file subsections:

• AAA Checks
• IPMI Checks
• System Protection Checks
• Greylist Checks
• Security Audit Checks
• Identification and Authentication Checks
• SNMP Checks
• Encryption Checks
• Malware Detection Checks
• Web MPS Checks
• Security Management Checks

This information provides risk managers and system administrators with a list of items which require immediate attention and provides leadership with easy to understand pass/fail audit findings.

While assisting the CISO, the report is also beneficial to the security team and system administrators as it helps them to understand possible gaps in threat prevention which require additional attention. The security team can use this report to easily identify and focus on specific problem areas that have been identified as a failure, or require additional manual checks. System administrators can take the same information to help set the priority of corrective actions and mitigation strategies. Overall, this report is beneficial to several groups within the organization to better reduce cyber risk.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the SecurityCenter Feed under the Threat Detection & Vulnerability Assessments category. The report requirements are:

• SecurityCenter 4.8.2
• Nessus 6.11.2
• Audit File: TNS_BestPractice_FireEye.audit

This Report requires the following audit file, and successful post scan audit file results. [TNS_BestPractice_FireEye.audit]

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. SecurityCenter Continuous View® (SecurityCenter CV™) offers organizations a unique peace of mind by identifying their biggest threats and enable them to respond quickly. SecurityCenter CV™ provides a unique combination of detection, reporting, and pattern recognition utilizing industry recognized algorithms and models. SecurityCenter CV™ combines active scanning, log analysis, and deep packet inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities.

Chapters

Vulnerabilities - This chapter leverages the Tenable FireEye Best Practices Audit to provide security settings and other useful information on FireEye device