For systems at risk of a cybersecurity attack, the Information Security Office offers endpoint security monitoring through the threat detection and identification (TDI) tool FireEye HX. FireEye Endpoint Security software is designed to address sophisticated or advanced persistent threat (APT) attacks with features that go beyond the capabilities of traditional malware protection. The FireEye software is made available as part of a UC systemwide initiative to help manage and reduce cybersecurity risk. The software is simple to install if you have admin rights on the machine and does not require any ongoing administration.

FireEye HX is part of a comprehensive UCOP Threat Detection and Identification initiative that involves the UC System. This piece involves endpoint protection and utilizes their HX product, which is a small agent installed on each endpoint. 

If you are an end-user, please call your local computer support professional.

If you are a computer support professional:

  • Submit an email to security@ucsb.edu
  • If you need to uninstall the software your Unit UISL can provide an uninstall password 

Our goal is to respond to every request within 4 hours during business hours

Once installed, the software runs in the background while you do your normal work. What's unique about this software (from other malware or antivirus programs) is that it uses real-time intel in conjunction with machine learning to quickly detect threats and immediately act to mitigate any damage.

The FireEye agent detects and blocks attacks using several techniques including:

  • Signature-based engine to find and block known malware (akin to traditional anti-virus and anti-malware software)
  • MalwareGuard machine learning using threat intelligence
  • Behavior-based analytics engine to stop advanced threats
  • Real-time discovery of Indicators of Compromise (IOC) using frontline threat intelligence

Additionally, FireEye enables real-time investigation of ongoing security events, greatly expediting incident response and containment.


Security as a Service (SECaaS or SaaS) is a business model in which a service provider integrates their security services into a corporate infrastructure on a subscription basis more cost-effectively than most individuals or corporations can provide on their own when the total cost of ownership is considered.

Each unit’s management will be provided an uninstall password in case they need to uninstall the agent. This password will change on a regular basis and  will be relayed to the Unit UISL.

After an agent is uninstalled, feedback must be provided to the team on why it was uninstalled.  This allows for thorough troubleshooting if it is policy-related, or communication with FireEye if there is a technical issue/conflict that needs resolution.  The goal should be to re-install the agent ASAP. If additional troubleshooting is needed, the agent can be assigned a policy in detect-only mode, and then reinstate a policy in blocking mode when it is ruled out as the root cause of the issue.

Managed Defense is a 24/7 FireEye service that continuously monitors all of the UC system devices for anomalies in our environments. They will correlate this information with FireEye NX traffic and act as needed.

Managed Defense will contact the UCSB Security Operations Center (SOC) for additional support and guidance, as needed.

UCSB SOC will contact unit workforce members for assistance similar to the VM issue, as needed.

This is up to your specific unit.

The architecture does not allow RBAC, sites, or silos, and it was determined that there will be limited admins due to privacy concerns. 

Unit IT staff will install the agents utilizing a package provided by the UCSB SOC.

Our security policy IS-3 requires location units to install campus-based security agents as requested.