The FireEye Malware Protection System features dynamic, real-time analysis for advanced malware using our patent-pending, multi-flow Multi-Vector Virtual Execution (MVX) engine. The MVX engine captures and confirms zero-day, and targeted APT attacks by detonating suspicious files, Web objects, and email attachments within instrumented virtual machine environments.
The MVX engine performs multi-flow analysis to understand the full context of an advanced targeted attack. Stateful attack analysis is critical to trigger analysis of the entire attack lifecycle, from initial exploit to data exfiltration. This is why point products that focus on a single attack object (e.g., malware executable (EXE), dynamic linked library (DLL), or portable document format (PDF) file types) will miss the vast majority of advanced attacks as they are blind to the full attack lifecycle.
KEY TECHNOLOGY FEATURES:
- Actively analyzes unknown code and suspicious Web objects – Objects are executed against a range of browsers, plug-ins, applications, and operating environments. The signature-less MVX engine identifies the use of zero-day exploits, confirms a Web attack is underway, and blocks callbacks and subsequent malware downloads over multiple protocols.
- Detonates all email attachments within virtual environments – All attachments can be safely and accurately analyzed to identify zero-day exploits. Beyond signature- and reputation-based systems, the MVX engine can detect if previously legitimate files have been weaponized and sent via spear phishing email to penetrate enterprise defenses.
- Analyzes for weaponized files on network file shares – The MVX engine can be used to scan CIFS-compatible file shares to detect and stop advanced targeted attacks embedded within weaponized Microsoft Office files, images, PDFs, Flash, or ZIP/RAR/TNEF archives.
- Proprietary virtualization technology – The MVX engine analyzes and confirms true, zero-day malware, such as Trojans, targeted attacks, bots, VM-aware malware, and advanced persistent threats.
- Multi-stage inspection and blocking engine – Stops known and zero-day attacks while simultaneously eliminating false positives. The multi-stage inspection process unifies virtualization and network security to accurately block advanced malware that are used to penetrate networks and steal resources and sensitive data.
Newly discovered malware is installed and executed to completion within the FireEye MVX engine so that malware file locations, new registry keys, corrupted DLLs, etc. are all tracked in addition to outbound callback destinations. Now, analysis of polymorphic malware can be reliably automated to create dynamic blocking of inbound zero-day attacks and its outbound transmissions. Local zero-day malware intelligence is dynamically-generated by each MVX engine to provide real-time malware forensics used to protect the local network. This analysis can be shared globally through the Dynamic Threat Intelligence (DTI) cloud for use by all subscribers to stop inbound attacks and outbound data and resource thefts.