Jump to content

Email Security (FireEye EX Series)


The FireEye EX series is a group of threat prevention platforms that protects against advanced email attacks. Organizations have been facing threats from email-based spam and viruses for a long time. However, recently spear-phishing attacks have soared in popularity with the availability of user-specific information on social networks and other Internet resources. With all of the personal information available online, a criminal can socially engineer almost any user into clicking a URL or opening an attachment with a zero-day exploit, and the cybercriminal quickly gets control of a privileged system and user accounts.

To quarantine the spear-phishing emails used in advanced targeted attacks, the EX analyzes every attachment using a signature-less, Multi-vector Virtual Execution (MVX) engine that can safely and accurately identify zero-day attacks. It goes beyond signature and reputation-based systems by detonating each attachment against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. Administrators can quarantine emails with malicious content for further analysis or deletion.

Because advanced attacks often use spear phishing as the opening salvo of a multi-vector attack strategy, the EX is often deployed along with the NX and the CM. Organizations not only get real-time protection against malicious URLs, but also the ability to connect the dots of a blended attack. For instance, identifying other targeted individuals who were sent spear-phishing emails containing the same malicious URLs is the type of actionable intelligence necessary to protect organizations against advanced targeted attacks.

The capabilities of the EX series can be extended by the FireEye Threat Prevention Solution – a comprehensive offering comprised of on-premise EX and cloud anti-spam, and anti-virus protection to provide complete email security for your organization. The incoming emails are analyzed and quarantined by a cloud-based anti-spam and anti-virus engine before being sent to the EX for advanced threat analysis.


  • Installs in under 60 minutes – Deploys as an MTA, SPAN device, or BCC destination, in-line (block/monitor-mode) or out-of-band (monitor-only)
  • Real-time quarantine of zero-day email attacks – Using the FireEye MVX engine, identifies and blocks advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
  • Integrates with the NX to stop blended attacks – Quarantines emails with malicious URLs and traces Web-based attacks back to the original spear-phishing email
  • Unifies advanced threat protection with traditional email security – Integrates with the FireEye cloud-based anti-spam and anti-virus engine to block email-based spam and viruses that are attacking organizations
  • Enhances existing email control infrastructure – Layers dynamic malware and attachment analysis behind the static signature-based detections of anti-spam and anti-virus gateways
  • Dynamically generates threat intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
  • Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze email objects for threats specific to the organization
  • Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the EX for more efficient incident response prioritization