FireEye: Frequently Asked Questions (FAQs)


Table of contents

What is FireEye?

FireEye is a next generation endpoint detection and response (EDR) software. FireEye is replacing Window System Center Endpoint Protection and Avast Antivirus as the antivirus software on campus.

Top

Why is UMD changing its existing antivirus solutions to FireEye?

The Division of Information Technology (DIT) is requiring each University of Maryland (UMD) department to switch to FireEye to strengthen our ability to prevent, detect, manage and respond to cyber threats system wide. With malware, phishing and other malicious threats becoming increasingly sophisticated, DIT has searched for the best tools at a competitive price to protect our networks and the sensitive data of our employees, students and patients. FireEye, chosen through a competitive request for proposal process, offers a multi-dimensional solution that helps the University more effectively manage its cyber risk profile. This improves the security of our entire campus population.

Top 

When is FireEye required?

Due to the continued risk of data breaches, attacks from advanced persistent threats and ransomware that is specifically targeting research and higher education institutions, we are mandating that FireEye be installed on all University-owned computers (that is, endpoints and servers).

If you use your directory login and passphrase to login to your laptop, you must work with your local IT department to install FireEye by March 31, 2021. Departmental IT will contact you if you have a Windows and/or MacOS computer used for UMD business that does not use your Directory login information, as those devices must have FireEye installed by June 30, 2021. A decision about the use of FireEye on Linux will be made in the future.  If you have questions about whether your computer is on the central Active Directory domain please contact your local departmental IT staff.

Top

Can I install FireEye on my personal computer?

No. At this time we are only licensed for University-owned computers.

Top

What will FireEye offer that the previous antivirus solutions did not? What makes FireEye better?

FireEye’s suite of tools, including its endpoint detection and response tools and advanced forensic tools, can provide the University with more detailed actionable information about detected security threats, including how the threat entered the network and why it succeeded. This will enable security professionals to respond faster and more effectively, and guard against future threats.

FireEye’s larger customer base equips the company with better intelligence on the types of threats that exist. FireEye possesses immense expertise with the threats that UMD routinely faces, as its customer base includes many universities, corporations, and research centers.

Top

What is an Endpoint Detection and Response tool?

An EDR tool helps manage and reduce cyber security risk using real-time intelligence about advanced malware and cyber attackers. EDR tools focus on threat identification and noticing signs that a system has been compromised.  This allows you to have the strongest protection whether working on campus or remotely.

Top

What cyber risks do EDR tools detect and how will it respond to them?

FireEye searches for the following:

Top

Will switching to FireEye change the way I access my computer, my files, the Internet or conduct my research?

No. You will experience no difference when accessing your computer and files, searching online or conducting your research.

Top

What kind of information does FireEye collect about my computer?

During install:

Upon alert of a malicious file or event the following is sent to the Division of IT Security Operations Center (SOC):

If departmental IT contacts have asked for malware alerts for their department the following information is sent to them:;

If the SOC needs more details around a suspected compromise or breach, FireEye can collect: 

Top

What are the SOC’s rules for taking a data acquisition with FireEye?

If DIT Security Operations Center (SOC) is performing any data acquisition with FireEye in relation to a potential IT security incident we make a best effort to notify the department ahead of time or as soon as possible about the data acquisition and will supply the following information:

This notification is dependent on departments providing DIT Security with an accurate list of their systems.  This can be a standard naming scheme for hosts in their department or a list of hostnames for their systems.

Top

How is this different from what DIT did previously?

FireEye allows us the ability to quickly gather information around a suspected IT security incident in an automated fashion allowing DIT to stop a compromise before it turns into a data breach or ransomware incident.  Previously much of this information was available to us but it would often involve working with the local IT department and the user of the system to gain physical access to the computer of interest for investigation which took considerable time and allowed attackers to spread further on our network.

Top

Will the University use FireEye to monitor my online activities, including which websites I visit and what transactions I make?

No. DIT respects the privacy of faculty, staff and students and does not use any tool to monitor employees or your online activity. FireEye is only used to detect and respond to cybersecurity threats based on the criteria described above. While FireEye, as a tool, is intended to be used for the purposes of incident response, the information to which it has access remains subject to federal and state law, as well as other legal obligations. Furthermore, your use of University information technology resources remains subject to the University of Maryland Policy on the Acceptable Use of Information Technology Resources. Therefore, the privacy of the information FireEye accesses is similarly subject to applicable federal and state law, including the Maryland Public Information Act, and the needs of the University to meet its administrative, business, and legal obligations.

Top

Will my private information, including my name and which websites I’ve visited, or any similar information be stored somewhere within FireEye?

Information about you and your device is generated when you install FireEye, and that information is stored in the FireEye Console to identify your device. As with all other information collected by FireEye, this information will be used for detection and response to cybersecurity threats. By default, FireEye does not store detailed information on your online activities. However, FireEye is used to gather and provide this information to the SOC when necessary for the purposes of incident response.

Top

What does the University do to protect the privacy of the data FireEye collects?

The University ensures that only individuals involved in the detection of and response to cybersecurity threats are granted access to information FireEye creates, gathers, or processes, and individuals are limited in the information they can access according to their roles. Only a subset of the DIT Security team can access the data FireEye collects. Most central DIT staff and all IT staff from departments and colleges are not provided access to the FireEye data or its collection system.  Detailed logs are kept of all information gathered by FireEye and who gathered it. Further, the University Privacy Office audits any investigations performed on a regular basis to ensure information is accessed and used appropriately.

Top

What principles does the University Privacy Office employ in evaluating the University’s collection and use of information?

The University Privacy Office considers the following principles: respect, equity, relevance,  accountability, and transparency. For example, Security Operations Center (SOC) members are required to consider and respect the rights, dignity, and expectations of the individuals their investigations may impact; SOC members are required to only access and use the information that is relevant to their investigations; SOC members’ are required to make the details of their investigations available to the Privacy Office; and SOC members are required to account for their access to and use of all information.

Top

What expectation of privacy do I have with regard to the information FireEye access, gathers, or processes?

Generally, the University recognizes a reasonable expectation of privacy of its employees, affiliates, and students. However, this expectation of privacy is not unlimited. In particular, that privacy is subject to applicable federal and state law, including the Maryland Public Information Act, and to the needs of the University to meet its administrative, business, and legal obligations. In order to detect and respond to cybersecurity threats to the University and its community, the University may access and use certain information, including the data points described above. While this information is not used for monitoring your activity, it can and will be accessed for the purposes described above; you should not expect it to be entirely private.

Top

I have questions about FireEye and its implementation. Where can I go to learn more?

You can reach DIT Security by emailing soc@umd.edu or by contacting the Service Desk.

Top

When does FireEye scan my machine?

FireEye does a quick scan (usually 2-3 minutes) of files recently touched when it receives a scan signature update, during the day, or at boot time. FireEye performs a scheduled weekly full scan at 7pm Sunday evenings.

Top