The FireEye AX series is a group of forensic analysis platforms that gives security analysts hands-on control over powerful, auto-configured test environments where they can safely execute and inspect advanced malware, zero-day, and targeted advanced persistent threat (APT) attacks embedded in common file formats, email attachments, and Web objects. With advanced instrumentation, the FireEye Multi-Vector Virtual Execution (MVX) engine provides forensic details on the exploit, such as the vulnerability exploited to create a buffer overflow condition, attempts to escalate privileges within Windows, and the callback coordinates used to exfiltrate data.
When security analysts need a secure environment to test, replay, characterize, and document advanced malicious activities, they can simply load a suspicious file or set of files into the FireEye AX platform's MVX engine. As it analyzes files such as suspicious email attachments, PDF documents, or Web objects via a URL, the AX platform reports a full 360-degree view of the attack, from the initial exploit and malware execution path to the callback destinations and follow-on binary download attempts.
- Provides pre-configured sandbox or live-mode analysis for unknown code and suspicious Web objects – Supports single and batch testing with a range of browsers, plug-ins, applications, and Windows operating environments, looking for signs of unusual activity and any attempt to exploit a vulnerability
- Automated or batched analysis of zero-day attacks – Detects and blocks advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Identifies outbound malware transmissions across multiple protocols – Shows how malicious code plans to steal data, control bot activities or communicate multi-stage operations using HTTP, FTP, or IRC, revealing the intent of the malicious software
- Dynamically generates malware intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
- Integrates with NX, EX, and FX platforms – Malicious content uncovered using the AX platform can be pushed to the NX, EX, and FX platforms for real-time protection against emerging attacks
- Streamlines analysis – Enables analysts to drill into samples to confirm attacks and understand the intent and targets of the cybercriminals, without the overhead of creating and maintaining test configurations
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze objects for threats specific to the organization
- Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the AX for more efficient incident response prioritization