The FireEye NX series is a group of threat prevention platforms that stop Web-based attacks that traditional and next-generation firewalls (NGFW), IPS, AV, and Web gateways miss. The NX protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe. Advanced targeted attacks use the Web as a primary threat vector to compromise key systems, perform reconnaissance on existing defenses, establish long-term control and access to networked systems, and exfiltrate data.
FireEye NX platforms are a turnkey system that can be deployed in-line at Internet egress points to block inbound Web exploits and outbound multi-protocol callbacks. They employ the purpose-built Multi-Vector Virtual Execution (MVX) engine to accurately confirm zero-day attacks, create real-time protections, and capture dynamic callback destinations. Dynamic analysis of zero-day attacks within a full-featured virtual analysis environment yields real-time threat intelligence to protect the local network and share with subscribers of the FireEye Dynamic Threat Intelligence (DTI) cloud. In addition, the FireEye NX can signal into incident response mechanisms, such as SIEM, and also offers TCP resets for out-of-band blocking of TCP, UDP, or HTTP connections.
As part of the FireEye Threat Prevention Platform, the NX works with other FireEye platforms to protect against blended, advanced targeted attacks that use Web-based attacks, spear phishing, and zero-day exploits. When the NX is deployed along with the EX and CM, customers not only get real-time protection against malicious URLs, but also the ability to connect the dots of a blended attack, for instance identifying other targeted individuals who received the same malicious URL in spear-phishing emails. This is the actionable intelligence necessary to protect organizations against advanced targeted attacks.
In addition, with the MVX-IPS add-on license, the FireEye NX series can consolidate threat protection for unknown zero-day and targeted threats as well as known threats across multiple protocols, increasing the overall efficacy of threat protection while optimizing the time and resource investments needed to identify, validate, and resolve these threats.
- Installs in under 60 minutes – Deploys in-line (block/monitor-mode) or out-of-band (monitor-only) behind traditional gateway defenses to catch what they miss
- Protects against zero-day, advanced targeted attacks – Using the MVX engine, detects and stops advanced targeted attacks that use malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Cuts off outbound malware transmissions across multiple protocols – Whether deployed in-line or out-of-band, thwarts data exfiltration, botnet activities, and advanced persistent threats communicating across HTTP, FTP, IRC, and many other protocols
- Integrates with EX to stop blended attacks – Shuts down communications with malicious URLs used in targeted attacks
- Dynamically generates threat intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
- Offers NX 10000 as a high performance option – Supports multi-gigabit throughput to protect at scale as well as enables consolidation of IT resources, lowering the total cost of threat prevention
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze Web objects for threats specific to the organization
- Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the NX for more efficient incident response prioritization
- Ends time-wasting false positive analysis – Directs administrators to the confirmed infections and compromised hosts that need remediation
- Consolidates known and unknown threat prevention – with the MVX-IPS add-on license the NX series can reduce operational expenses and accelerate incident response