Enterprise ForensicsPX and IA series

Enterprise forensics and investigation analysis minimize impact of network attacks

To reduce the impact of a security incident, organizations should focus on early detection and swift investigation. Enterprise forensics makes this possible. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and re-secure their network.

The FireEye Network Forensics Platform (PX series) and the Investigation Analysis system (IA series) are a powerful combination, pairing the industry's fastest lossless network data capture and retrieval solution with centralized analysis and visualization. Enterprise forensics combines high performance packet capture with analysis tools to aid investigation efforts. It complements several other FireEye threat prevention and detection capabilities.

Benefits of Enterprise Forensics

Investigate and respond immediately

  • Enable packet search and retrieval in minutes, not hours, due to patent-pending real-time indexing method
  • Ultrafast analysis of massive data sets, with drill-down web UI to search and inspect packets, connections, and sessions
  • Pivot on a single-click from a FireEye Network Security or security information and event management (SIEM) alert to related packet details
  • Capture packets continuously, without loss
  • Timestamp in nanoseconds at recording speeds up to 20 Gbps 

Analyze attacker tactics and assess impact

  • Decode web, email, FTP, DNS, chat and SSL connection details and file attachments to assess entry points, lateral spread and supporting utilities 
  • Search packet payloads and file attachments to identify data stolen

Centralized visibility across the network

  • Display network metadata and activity through custom dashboards that are easy to create and share
  • Provide fast answers through centralized application-level wildcard queries and investigation across packet capture nodes
  • Index metadata from protocols such as HTTP, SMTP, POP3, IMAP, SSL, TLS, FTP, and SMB 
  • Optimize workflow and collaboration through PCAP file sharing and integrated case management

Four Things to Consider When Building a Network Forensics Storage Architecture

Learn why it's important to build and maintain a storage solution so network forensics data is readily available when needed.

Download White Paper 

Adaptive Defense

The FireEye Adaptive Defense approach to cyber security delivers technology, expertise, and intelligence in a unified, nimble framework. Adapt your security architecture to prevent today’s cyber attacks and avert their worst effects.


"Within weeks of deploying the FireEye Network Forensics Platform, the agency discovered a brute force login attempt."