In the pilot episode of the Apple TV+ show Ted Lasso, an American college football coach with zero experience is hired to coach AFC Richmond, a Premier League football club. As Ted leaves the club office in the late evening after his first day, his boss comments, "Already burning the midnight oil, I see, Ted." He replies, "The harder you work, the luckier you get."
Ted isn’t the only one working hard. Our FireEye engineering team has also been burning the midnight oil to help ensure our products have the latest and greatest features to protect against the ever-evolving threat landscape. The 9.1 release of FireEye Network Security is the biggest to date, with over 90 features and enhancements. Let’s take a look at some of them.
We pioneered the advanced threat detection market with the introduction of our Multi-Vector Execution (MVX) engine for our FireEye Network Security products. Since then, we have continuously advanced our detection and prevention technologies through machine learning and advanced analytics. Our recent detection enhancements include optimized support for YARA and STIX, WebSocket traffic inspection and expanded MITRE ATT&CK framework mapping for JSON/XML alert format.
Event-based packet captures are now available for base events that lead to SmartVision alerts on Network Security appliances (Figure 1). In addition, users can now generate SmartVision alert reports in both CSV format and PDF format with a single click. And we’ve made SmartVision even easier to deploy! SmartVision mode can now be enabled on a classic-mode Network Security appliance without an additional license.
Figure 1: SmartVision enabled on a Network Security appliance
Enhanced Cloud Protection
We continue to forge ahead to extend our advanced network detection and response solution to the cloud to provide protection and visibility into known and unknown threats targeting workloads in private, public and hybrid cloud environments.
Our two new virtual models deliver performance up to 5 Gbps for VMware ESXi deployments:
- NX 7500V supports up to 2 Gbps
- NX 8500V supports up to 5 Gbps
Support for KVM and Hyper-V is currently scheduled for a future maintenance release.
Platform Vector Visibility
We are constantly adding to our extensive API library. With this recent release, some of the new APIs include Network Security Management Interface, Network Security Inline Operational Modes and Port Mirroring endpoints, to name a few.
We’ve also enabled application visibility for network traffic seen by a FireEye Network Security appliance (Figure 2). Applications can be identified and tracked, and usage can be viewed on the dashboard by top applications used and amount of bandwidth consumed.
Figure 2: Application visibility dashboard view of top applications seen on the network
In addition, users can now get deeper insights and visualization on asymmetric traffic, traffic pattern changes and inactivity with our Asymmetric Flow APIs. Users can look at the asymmetric traffic rate over time, as well as the top asymmetric flows and the specific host IPs in the network generating asymmetric traffic.
Enhanced UI, Management and Reporting
We’ve made several improvements to our UI, management and reporting capabilities. Recent Alerts, Runtime Submission Stats and Submission Rate widgets have been added to the UI dashboard, and customers can customize and schedule dashboard reports that include all widgets of a dashboard for a given timeframe.
We’ve improved our network activity UI to provide customers with context data in a user-friendly format. Other improvements include enhanced appliance health reporting and support for generating and downloading riskware alert reports. In addition, we’ve made it easier to provision and configure Network Security High Availability (HA) pairs and enabled routing protocol whitelisting to reduce latency and improve performance.
FireEye Network Security: The ”NDR” in FireEye XDR
All of the 9.1 Network Security release enhancements and features feed into our FireEye XDR platform. FireEye XDR connects expertise with detection and response capabilities across endpoint, network, cloud, email, and third-party sources to give our customers a single, unified platform to improve their security posture against the most sophisticated threats.
As part of the FireEye XDR platform, FireEye Network Security delivers the network detection and response (NDR) component that can analyze all network traffic to detect threats and respond to alerts that matter.
Learn more about FireEye Network Security.