FireEye Security Appliances

 

Protection against modern malware and targeted attacks

FireEye security appliances detect modern malware using real-time, multi-protocol content analysis within virtual machines. It analyzes both inbound and outbound traffic for an integrated defense to accurately identify targeted malware attacks. Sophisticated malware, like Web-based exploits and botnets, utilize obfuscation, social engineering, and client-initiated, outbound communications to bypass traditional security frameworks. The cyber criminal tool of choice is highly sophisticated, modern malware, sometimes called botnets, Trojans, worms, or even viruses.

The FireEye Analysis & Confirmation Technology (FACT) engine analyzes live network traffic for suspicious characteristics and then replays these network flows into victim virtual machines for confirmation of zero-day malware and botnets. Real-time detections from the virtual machine analysis are made without any new rules or post-mortem analysis to manually develop security content.

Previously infected systems are identified based on analysis of outbound traffic within the FACT engine. These infected PC's call back to criminal servers to upload stolen data and download malware payloads and further instructions. FireEye analyzes outbound network traffic for unauthorized data transfers destined for botnet command and control (C&C) servers.

Appliances are linked into the global FireEye Malware Analysis & Exchange (MAX) Network in which a positive feedback loop is created to share zero-day malware intelligence, call-back coordinates, and botnet C&C destinations. Participating FireEye appliances generate and share real-time malware intelligence to offer the fastest response time against known and unknown Web malware and botnets.

Key Features & Benefits

  • Zero-day, stealth malware detection protects data against theft, exploitation, and abuse
  • Extreme accuracy eliminates the high IT overhead associated with sifting through false positives
  • Inbound malware forensics are captured within the FACT engine to aid infection analysis & remediation
  • Outbound callback fingerprinting enables identification of previously infected PCs calling out to malicious parties
  • MAX Network ready delivering global malware intelligence for more efficient FACT analysis
  • Security management via Web or CLI gives efficient, flexible options for IT security admins
  • Security dashboard provides an at-a-glance overview of the network's security status with drill-down capabilities
  • Out-of-band, sideline deployment means no network latency impact and ease of ownership/maintenance

Resources

 


How FACT Works

Appliance Specifications

  • Form factor: 1U rackmount
  • Interfaces: Six 10/100/1000 BASE-T ports
  • Performance: 250 Mbps Web traffic
  • Enclosure: Fits 19-inch rack
  • Weight: Fits 19-inch rack
  • Dimensions: 17.25"W x 21.75"D x 1.72"H
  • AC Input Voltage: 100 ~ 240 VAC Full range
  • AC Input Current: 4.8 - 2.0 A