In this installment of the Tips and Insights series, Jim Coyle demonstrates how to enhance your security operations by enabling FireEye’s Advanced URL Defense feature.
Hi I’m Jim Coyle. I’m a Channel Engineer here at FireEye. In this video I’d like to share a tip on how to enhance your security operations by enabling FireEye’s advanced URL defense feature to increase the ability to find evil with FireEye’s email security. FireEye’s advanced URL defense feature allows you to identify evil URLs that are embedded in an email message and can prevent a user from accessing these evil URLs. This features disabled by default and many customers do not have this enabled reducing detection rates. A U.S. government agency recently enabled this feature and gained a 40 percent increase in alerts due to the increased detection. Before we get started there’s some basic requirements of enabling advanced URL defense. First you will need to have an active two way sharing content update license. And second you’ll also need to have access to an account with either the administrator or the operator role assigned. To enable this feature log onto the email security console.
If email security is being managed by configuration management appliance then you should enable it from the configuration manager. From the menu at the top select settings. Then from the left hand column select advanced URL defense. Check the box to enable advanced URL defense. Then select apply.
Now when FireEye’s Email Security identifies the suspicious URL it redirects the URL to our dynamic threat intelligence cloud for complete analysis.
The suspicious URLs then rewritten to redirect to a page based on the final analysis. If the URL is found to be evil the rewritten link will lead the user to a blocked page such as this. If for any reason that link is found to be suspicious but the ultimate evil flag is not able to be raised the URL will be rewritten to raise awareness that evil may be lurking beyond. When FireEye provides default web pages for both malicious and suspicious URL rewrites you can also contact FireEye support to assist you with customizing these web pages to add your own content.
Stay tuned for more tips and insights from FireEye.Stay tuned for more tips and insights from FireEye.