Enterprise Forensics

Enterprise forensics and investigation analysis minimize impact of network attacks

To reduce the impact of a security incident, organizations should focus on early detection and swift investigation. Enterprise forensics makes this possible. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and re-secure their network.

The FireEye Network Forensics Platform (PX series) and the Investigation Analysis system (IA series) are a powerful combination, pairing the industry's fastest lossless network data capture and retrieval solution with centralized analysis and visualization. Enterprise forensics combines high performance lossless packet capture with analysis tools to aid investigation efforts. The PX Series and IA Series accelerate the network forensics process with a single workbench that simplifies investigations and reduces risk with expanded visibility into lateral spread.

"Within weeks of deploying the FireEye Network Forensics Platform, the agency discovered a brute force login attempt."

 

3 Steps to Creating an Investigation-Ready Organization

Get recommendations to help you quickly identify and remediate a security incident and minimize its impact on your organization.

Download White Paper 

Four Things to Consider When Building a Network Forensics Storage Architecture

Learn why it's important to build and maintain a storage solution so network forensics data is readily available when needed.

Download White Paper 

Benefits of Enterprise Forensics

Investigate and respond immediately

  • Enable packet search and retrieval in seconds, not hours, due to a patent-pending real-time indexing method
  • Ultrafast analysis of massive data sets, with drill-down web UI to search and inspect packets, connections, and decode sessions
  • Pivot on a single-click from a FireEye Network Security or security information and event management (SIEM) alert to related packet details
  • Receive high-value alerts in a single workbench from the FireEye Global Threat Management Platform
  • Capture packets continuously, without loss
  • Timestamp in nanoseconds at recording speeds up to 20 Gbps 

Analyze attacker tactics and assess impact

  • Decode web, email, FTP, DNS, RDP, chat and SSL connection details and file attachments to assess entry points, lateral spread and supporting utilities 
  • Search packet payloads and reconstruct file attachments to identify data stolen

Centralized visibility across the network

  • Display network metadata and activity through custom dashboards that are easy to create and share
  • Provide fast answers through centralized application-level wildcard queries and investigation across packet capture nodes
  • Index metadata from protocols such as HTTP, SMTP, POP3, IMAP, SSL, TLS, FTP, and SMB 
  • Optimize workflow and collaboration through PCAP file sharing and integrated case management