Enterprise ForensicsPX and IA series

Network forensics and investigation analysis at enterprise scale

As recent cyber security breach headlines reveal, the key to minimizing the impact of a security incident is early detection and swift investigation, which requires powerful forensics capabilities. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and re-secure their network.

The FireEye Network Forensics Platform (PX series) and the Investigation Analysis system (IA series) are a powerful combination, pairing the industry's fastest, lossless network data capture and retrieval solution with centralized analysis and visualization. High performance packet capture with analysis tools to aid investigation efforts complement other FireEye threat prevention and detection capabilities.

Adaptive Defense Portfolio (part 2)

Using an advanced attack scenario, FireEye CTO, David Merkel, explains how FireEye products help analyze and respond to attacks.

Benefits of Enterprise Forensics

Investigate and respond immediately

  • Enable packet search and retrieval in minutes, not hours, due to patent-pending real-time indexing method
  • Ultrafast analysis of massive data sets, with drill-down web UI to search and inspect packets, connections, and sessions
  • Pivot on a single-click from a FireEye Network Security or SIEM alert to related packet details
  • Capture packets continuously, without loss
  • Timestamp in nanoseconds at recording speeds up to 20 Gbps 

Analyze attacker tactics and assess impact

  • Decode web, email, FTP, DNS, chat, SSL connection details and file attachments to assess entry points, lateral spread, supporting utilities 
  • Search packet payloads and file attachments to identify data stolen

Centralized visibility across the network

  • Display network metadata and activity through custom dashboards that are easy to create and share
  • Provide fast answers through centralized application-level wildcard queries and investigation across packet capture nodes
  • Index metadata from protocols such as HTTP, SMTP, POP3, IMAP, SSL, TLS, FTP, and SMB 
  • Optimize workflow and collaboration through PCAP file sharing and integrated case management

Adaptive Defense

The FireEye Adaptive Defense approach to cyber security delivers technology, expertise, and intelligence in a unified, nimble framework. Adapt your security architecture to prevent today’s cyber attacks and avert their worst effects.

 

"Within weeks of deploying the FireEye Network Forensics Platform, the agency discovered a brute force login attempt."