Jump to content

Network Forensics Platform

The FireEye Network Forensics Platform allows you to identify and resolve security incidents faster. With the Network Forensics Platform, organizations can detect a broad array of security incidents, improve the quality of your response, and precisely quantify the impact of each incident. With a packet indexing speed of up to 30 million packets per second it significantly reduces incident response times even in the face of large-scale searches. The integration with the FireEye Threat Prevention platforms provides deeper insight into the scope and impact of potential breaches through simple drill-down access to captured, indexed, and stored connection and packet information on the largest and busiest 10 Gbps networks. By allowing FireEye users to quickly locate and decode traffic and sessions before, during, and after a security event, the Network Forensics Platform provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.

Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.

By capturing and indexing full packets reliably at extremely rapid speeds, the Network Forensics Platform complements the FireEye comprehensive threat prevention capabilities. In addition to receiving precise alerts and correlated threat information from FireEye, analysts also get a fine-grained view of the specific packets and sessions before, during, and after the attack to confirm what may have triggered a malware download or callback and respond effectively.

Highlights

  • Continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps
  • Real-time indexing of all captured packets using time stamp and connection attributes
  • Export of flow index in NetFlow v5, v9, and IPFIX formats for use with other flow analysis tools
  • Ultrafast search and retrieval of target connections and packets using patent-pending multi-tiered indexing architecture
  • Web-based, drill-down GUI for search and inspection of packets, connections, and sessions
  • Session decoder support for viewing and searching Web, email, FTP, DNS, chat, SSL connection details, and file attachments
  • Packet payload search using regular expressions (regex)
  • Industry-standard data storage and export in PCAP format, which can be stored with flexible storage options: on the appliance, SAS-attached, or SAN-attached storage
  • Seamless integration through RESTful API with customer utilities and other monitoring/security appliances