Jump to content

Email Security (FireEye EX Series)

The FireEye EX series is a group of threat prevention platforms that protects against spear- phishing email attacks that bypass anti-spam and reputation-based technologies. Spear- phishing attacks have soared in popularity with the availability of user-specific information on social networks and other Internet resources. With all of the personal information available online, a criminal can socially engineer almost any user into clicking a URL, or opening an attachment with a zero-day exploit, and the cybercriminal quickly gets control of a privileged system and user accounts.

To quarantine the spear-phishing emails used in advanced targeted attacks, the EX analyzes every attachment using a signature-less, Multi-Vector Virtual Execution (MVX) engine that can safely and accurately identify zero-day attacks. It goes beyond signature and reputation-based systems by detonating each attachment against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. Administrators can quarantine emails with malicious content for further analysis or deletion.

Because advanced attacks often use spear phishing as the opening salvo of a multi-vector attack strategy, the EX is often deployed along with the NX and the CM. In this manner, organizations not only get real-time protection against malicious URLs, but also the ability to connect the dots of a blended attack. For instance, identifying other targeted individuals who were sent spear-phishing emails containing the same malicious URLs is the type of actionable intelligence necessary to protect organizations against advanced targeted attacks.

Highlights

  • Installs in under 60 minutes – Deploys as an MTA, SPAN device, or BCC destination, in-line (block/monitor-mode) or out-of-band (monitor-only)
  • Real-time quarantine of zero-day email attacks – Using the FireEye MVX engine, identifies and blocks advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
  • Integrates with the NX to stop blended attacks – Quarantines emails with malicious URLs and traces Web-based attacks back to the original spear-phishing email
  • Enhances existing email control infrastructure – Layers dynamic malware and attachment analysis behind the static signature-based detections of anti-spam and anti-virus gateways
  • Dynamically generates threat intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
  • Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze email objects for threats specific to the organization
  • Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the EX for more efficient incident response prioritization