The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely execute and inspect advanced malware, zero-day, and targeted APT attacks embedded in common file formats, email attachments, and Web objects. With advanced instrumentation, the FireEye Multi-Vector Virtual Execution (MVX) environments provide forensic details on the exploit, such as the vulnerability exploited to create a buffer overflow condition, attempts to escalate privileges within Windows, and the callback coordinates used to exfiltrate data.
When threat analysts need a secure environment to test, replay, characterize, and document advanced malicious activities, they can simply load a suspicious file or set of files into the FireEye MAS' MVX engine. As it analyzes files such as suspicious email attachments, PDF documents, or Web objects via a URL, the MAS reports a full 360-degree view of the attack, from the initial exploit and malware execution path to the callback destinations and follow-on binary download attempts.
- Provides pre-configured sandbox or live-mode analysis for unknown code and suspicious Web objects – Supports single and batch testing with a range of browsers, plug-ins, applications and Windows operating environments, looking for any sign of unusual activity and any attempt to exploit a vulnerability
- Automated or batched analysis of zero-day attacks – Using the MVX engine, it detects and stops advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Identifies outbound malware transmissions across multiple protocols – Shows how malicious code plans to steal data, control bot activities or communicate multistage operations using HTTP, FTP, or IRC, revealing the intent of the malicious software
- Dynamically generates malware intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the cloud
- Integrates with Web, Email, and File MPS via CMS – All new malicious content uncovered using the MAS can be pushed to the Web, Email, and File MPS for real-time protection against emerging attacks
- Streamlines analysis – Lets analysts drill into samples to confirm attacks and understand the intent and targets of the criminals, without the overhead of creating and maintaining test configurations
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze objects for threats specific to the organization
- Supports third party anti-virus and AV-Suite integration – Malicious objects that anti-virus can also identify can be linked to the deeper forensic information provided in the MAS for more efficient incident response prioritization