Jump to content

Enterprise Forensics


As recent cyber security breach headlines reveal, the key to minimizing the impact of a security incident is early detection and swift investigation, which requires powerful forensics capabilities. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and re-secure their network.

The FireEye Network Forensics Platform and the Investigation Analysis System are a powerful combination, pairing the industry's fastest, lossless network data capture and retrieval solution with centralized analysis and visualization. High performance packet capture with analysis tools to aid investigation efforts complement other FireEye threat prevention and detection capabilities.

Network Forensics Platform

The FireEye Network Forensics Platform enables organizations to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With a packet indexing speed of up to 30 million packets per second it significantly reduces incident response times even in the face of large-scale searches. The integration with the FireEye Threat Prevention platforms provides deeper insight into the scope and impact of potential breaches through simple drill-down access to captured, indexed, and stored connection and packet information on the largest and busiest 10 Gbps networks.

Highlights of the Network Forensics Platform

  • Continuous, lossless packet capture with nanosecond time-stamping at recording speeds up to 20 Gbps
  • Real-time indexing of all captured packets using time-stamp and connection attributes. Export of flow index in NetFlow v5, v9 and IPFIX formats for use with other flow analysis tools
  • Session decoder for viewing and searching web, email, FTP, DNS, chat, SSL connection details, and file attachments
  • Industry-standard data storage and export in PCAP format, which can be stored with flexible storage options: on the appliance, SAS-attached, or SAN-attached storage

Investigation Analysis System

The FireEye Investigation Analysis System provides a centralized, easy-to-use analytical interface for the FireEye Network Forensics Platform. It aggregates metadata across the packet captures of the Network Forensics Platform and displays insights in a centralized dashboard, eliminating blind spots and creating an end-to-end view of the kill chain. This holistic view provides context and enables you to develop a comprehensive, optimal response.

Highlights of the Investigation Analysis System

  • Visualization: view and share network metadata and activity through easy-to-create custom dashboards.
  • Fast Answers: centralized application-level wildcard queries and investigation across packet capture nodes
  • Powerful Search: indexed metadata from protocols such as HTTP, SMTP, POP3, IMAP, SSL, TLS, FTP, and SMB
  • Workflow Efficiency: archive and share PCAP files with other analysts during an investigation through integrated case management.