FireEye Stories

Tackling the Cyber Security Need for Speed with Network Forensics

With so much attention being paid to protection and detection technologies, very little thought is given to response-related technologies such as network forensics, which play a critical role in any enterprise security architecture.

Knowing that network forensics plays a critical role in an advanced threat defense posture, FireEye is pleased to unveil new high-performance network forensics solutions to quickly detect and help remediate malicious traffic within a network.

The new FireEye Network Forensics solution includes intelligent, high-speed packet capture (PX) and advanced investigation analysis (IA) appliances. With the FireEye Network Forensics solution, security operations professionals gain in-depth and immediate visibility into their network, allowing for quick incident response and forensics capabilities.

FireEye Network Forensics allows security analysts to identify and resolve incidents faster by capturing and indexing full packets at 20 Gbps speeds. With Network Forensics, analysts can detect a broad array of security incidents, improve the quality of responses, and quantify the impact of each incident.

Next-Generation Packet Capture with FireEye PX

Like a high-performance DVR, FireEye PX records network traffic in an extremely efficient manner. Continuous, lossless packet capture with recording speeds up to 20 Gbps and real-time indexing of all captured packets and connection attributes allows analysts to pinpoint and pivot to suspect data in seconds.

By allowing analysts to quickly locate and decode traffic and sessions before, during and after a security event, FireEye Network Forensics provides greater visibility into activity around an event, further enhancing visibility that can be crucial for rapid incident response investigations.

In addition to having fast, lossless packet capture capabilities, the new PX appliances sport new voluminous storage shelves – of 440 terabytes each. Storage can be scaled to over 1 petabyte per appliance. The new intelligent capture functionality also provides unique ways to maximize storage and retention time by eliminating or truncating streaming video, large file backups, and encrypted payloads.

Unparalleled Forensic Analysis with FireEye IA

Complementing FireEye PX solutions are new FireEye Investigation Analysis (IA) solutions that reveal hidden threats and accelerate incident response by adding a centralized workbench with an easy-to-use analytical interface. The Investigation Analysis solutions can integrate metadata and alerts from PX, FireEye Network Security and SmartVision appliances, as well as alert from FireEye Endpoint Security and FireEye Email Security, allowing immediate visibility and correlation of all traffic surrounding an event.

Analysts can view and share network metadata and activity through easy-to-create custom dashboards while conducting centralized application-level keyword, regex and wildcard queries across all alerts, captured flow and metadata.

Retrospective threat hunting allows for “back-in-time” indicator of compromise (IOC) threat analysis via integration of iSIGHT, STIX and OpenIOC feeds with automated search functionality. This allows analysts to be automatically alerted to IOCs present in network days or weeks beforehand.

One-click file reconstruction enables analysts to reconstruct suspect files, web pages and emails quickly and safely for further analysis. One-click integrations with FireEye tools such as the AX advanced malware analysis console provide in-depth reports on any extracted object. This unique combination of high-performance packet capture and in-depth analytics helps analysts to quickly recognize and monitor every element of an attack.

Complements the FireEye Helix Platform

FireEye Network Forensics products closely integrate with the FireEye Helix™ security operations platform. The platform integrates security tools and applies threat intelligence, automation and case management to help organizations take control of incidents from alert to fix. FireEye Network Forensics allows an analyst to easily configure forensics appliances to forward logs, as well as send generated metadata to the platform. Connecting these data sources with other security solutions gives the analyst enhanced context, applied threat intelligence, and the ability to automate tasks in order to effectively respond to even the most critical security incidents.

Learn more about increasing visibility and reducing risk with FireEye Network Forensics.