Jump to content

FireEye Products and Solutions Overview

Shield

The FireEye Threat Prevention Platform combats today's advanced cyber attacks. The FireEye platform is designed from the ground up to stop advanced malware used by cybercriminals and advanced persistent threat (APT) actors. Each FireEye platform features the patented Multi-Vector Virtual Execution (MVX) engine that provides state-of-the-art, signature-less analysis along with proprietary virtual machines within its core to identify and block cyber attacks that may leverage one or more threat vectors to infect a client (e.g., targeted emails with embedded URLs or malicious documents).

The FireEye platform supplements traditional security defenses, such as traditional and next-generation firewalls, IPS, AV, and gateways, which can't stop advanced malware, thus leaving significant security holes in the majority of corporate networks.

FireEye Platform Supplements Traditional Security Defenses

FireEye Platform Supplements Traditional Security Defenses

The FireEye product portfolio is comprised of the FireEye NX series, FireEye EX series, FireEye FX series, FireEye AX series, and the FireEye CM series. Each FireEye platform can connect directly, or via a FireEye CM platform, into the FireEye Dynamic Threat Intelligence (DTI) cloud, which offers global threat intelligence sharing to stop advanced persistent threats and zero-day attacks.

The FireEye NX is designed to identify and block attacks delivered via the Web such as drive-by downloads. The FireEye EX protects against attacks delivered via emails such as malicious attachments. The FireEye FX extends the portfolio with detection and blocking of malware discovered in content, which can be obtained via the Web, email, or out-of-band methods. The FireEye AX is primarily used for deeper, hands-on analysis and investigation of today's advanced cyber attacks. It builds a 360-degree, stage-by-stage analysis of an advanced attack, from system exploitation to data exfiltration, in order to most effectively stop would be APT attackers.

The FireEye CM simplifies centralized management of all FireEye platforms enabling the aggregation and correlation of events by clearly identifying blended attacks. By correlating the multi-vector dynamic threat intelligence for a particular enterprise, organizations can block attacks, respond to validated infected systems, and automatically share the indicators of compromise throughout the entire FireEye deployment and partner ecosystem technologies.

The FireEye DTI cloud efficiently shares auto-generated threat intelligence, such as covert callback channels, as well as new threat findings from FireEye Labs. This technology uses the information from a confirmed attack observed locally, to generate dynamic and anonymized threat intelligence of the attack and distributes it through the cloud to other FireEye platforms. Unlike reputation and risk-based threat intelligence networks, which make assumptions about potentially risky code and broadcast signatures that may either falsely block or falsely allow traffic, FireEye confirms malicious activity.

Dynamic Threat Intelligence Sharing

Dynamic Threat Intelligence Sharing

This entire product portfolio fits seamlessly within an enterprise or a small to medium-sized customer premise. The figure below shows a high-level simplified deployment topology. In this topology the FireEye NX is configured to sit at the perimeter to protect the customer's network assets. The FireEye EX is placed in the organization's public network, i.e., DMZ, where the email servers most often reside. The FireEye FX is placed within the data center along with other internal application and file servers and the FireEye CM is also placed within this private domain. The FireEye AX is placed within the forensics department in the data center ideally isolated from the rest of the enterprise network for safe testing of suspected malware samples. In cases where a FireEye CM is deployed, it also acts as the primary channel of communication with the FireEye DTI cloud. Where a FireEye CM is not deployed, each FireEye platform has the ability to communicate with the FireEye DTI cloud.

FireEye Deployment Topology Example

Deployment Topology Example

The FireEye Threat Prevention Platform is used by leading enterprises, government agencies, and higher-education organizations around the world to stop today's advanced cyber attacks that breach traditional defenses, extract proprietary information, and damage corporate resources.