The FireEye File Malware Protection System (MPS) analyzes network file shares to detect and quarantine malware brought into the network through the Web, email, or other manual means, such as online file sharing. This halts the lateral spread of advanced malware that traditional and next-generation firewalls, IPS, AV, and gateways miss. Advanced targeted attacks use sophisticated malware and APT tactics, not only to penetrate defenses, but also to spread laterally and establish a long-term foothold in the network.
FireEye File MPS security appliances analyze file shares using the patented FireEye Multi-Vector Virtual Execution (MVX) engine that detects zero-day malicious code embedded in common file types. The File MPS performs recursive, scheduled, and on-demand scanning of accessible network file shares to identify and quarantine resident malware without impact to corporate productivity. This halts a key stage of the advanced attack lifecycle.
- Protects file shares from hosting advanced malware – Appliance deploys in active quarantine (protection-mode) or analysis only (monitor-mode)
- Supports multiple scan modes – Scans can be recursive, scheduled, and on-demand for CIFS-compatible file shares
- Supports wide range of file types – Using the MVX engine, it detects and stops advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze objects for threats specific to the organization
- Supports third party anti-virus and AV-Suite integration – Malicious objects that anti-virus can also identify can be linked to the deeper forensic information provided in the File MPS for more efficient incident response prioritization
- Integrates with Web MPS, Email MPS, and MAS via CMS – All new malicious content uncovered using the File MPS can be pushed to the other MPS and MAS appliances for real-time protection against emerging attacks