Network Forensics Platform Datasheet

Overview

Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.

FireEye Network Forensics allows you to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With Network Forensics, you can detect a broad array of security incidents, improve the quality of your response, and precisely quantify the impact of each incident.

Network Forensics provides a powerful complement to comprehensive FireEye threat prevention capabilities. In addition to receiving precise alerts and correlated threat information, analysts can also get a fine-grained view of the specific packets and sessions before, during and after an attack to confirm what may have triggered a malware download or callback, to respond rapidly and effectively and to apply this information to enhancing future protective strategies.

Highlights

  • Continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps
  • Real-time indexing of all captured packets using time stamp and connection attributes. Export of flow index and connection metadata in JSON format. Flow index can be converted to NetFlow v9, IPFIX, and Silk Tools data formats
  • Ultrafast search and retrieval of target connections and packets using patentpending indexing architecture
  • Web-based, drill-down GUI for search and inspection of packets, connections and sessions

 

  • Session decoder support for viewing and searching web, email, FTP, DNS, chat, SSL connection details and file attachments
  • Packet payload search using regular expressions
  • Industry-standard data storage with the capability to import and export in PCAP format for analysis
  • Rapid investigative process using event-based capture to identify suspicious sessions that should be the focus for deeper investigations
  • Automated processes to identify data theft, using proprietary algorithms to diagnose potentially anomalous network behavior

Accelerate kill chain reconstruction and impact quantification

By allowing users to quickly locate and decode traffic and sessions before, during, and after a security event, Network Forensics provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.

Ultrafast access to historical network data is necessary to reduce mean time to resolution, as well as answering the key questions: how long has the breach been present, what data may have already left the network, and how many other hosts may already have been compromised?

Ultrafast packet capture, indexing, and search

Network Forensics ensures continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps. Real-time indexing of all captured packets with nanosecond time stamps and connection attributes provides data for immediate forensics.

Industry-standard data storage and export

With various onboard storage configurations and SAS-attached or SAN-attached storage options, organizations have flexibility and room for growth. All packets are stored in standard PCAP format to enable flexibility to any capable analytics platform.

Real-time threat intelligence signature analysis

Network Forensics integrates with the FireEye iSIGHT Intelligence network and automates the process of downloading new threat signatures and providing real-time threat signature analysis. Should a threat be detected, Network Forensics will trigger an alert to enable analysts to rapidly investigate the threat.

Integrated workflow with FireEye Threat Prevention Platform

Full integration with FireEye solutions provides deeper simple drill-down insight into network traffic and activities through access to captured, indexed and stored connection and packet information on the largest and busiest networks. By allowing users to quickly locate and decode traffic and sessions before, during and after a security event, Network Forensics provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.

Highlight suspicious sessions

Users can accelerate the investigative process and correlate events that have occurred over time by creating customizable rules to flag suspicious session data. This enables a starting point for deeper investigations and to ensures long-term retention. Investigations tied to a given event can be managed as a single case.

Technical Specifications

Capture Port Configuration Management Ports Max Record Speed Total Onboard Storage Dimensions Power Supply / Typical Operating Load
PX 004S PX 004S 4 x 1 Gbps SFP4 x 1 Gbps SFP 2 x 10/100/1000 BASE-T2 x 10/100/1000 BASE-T 500Mbps500Mbps 6TB6TB 1.7" x 16.8" x 14" (4.3 x 42.67 x 35.56 cm) | 11 lbs (5 kg)1.7" x 16.8" x 14" (4.3 x 42.67 x 35.56 cm) | 11 lbs (5 kg) 200W Low Noise AC power 100-240V, 60-50 Hz auto-ranging200W Low Noise AC power 100-240V, 60-50 Hz auto-ranging
PX 1004ESS-16PX 1004ESS-16 4 x 1 Gbps, 10/100/1000BaseT, SFP 4 x 1 Gbps, 10/100/1000BaseT, SFP 2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
1.5 Gbps 1.5 Gbps 16 TB, expandable SAS attached storage 16 TB, expandable SAS attached storage 1U Rack-Mount | 1.7" x 17.2" x 25.6"(4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical
PX 1020ESS-16 PX 1020ESS-16 2 x 10 Gbps, SFP+ 2 x 10 Gbps, SFP+ 2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
1.5 Gbps 1.5 Gbps 16 TB, expandable SAS attached storage 16 TB, expandable SAS attached storage 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical
PX 2004ESS-48PX 2004ESS-48 4 x 1 Gbps, 10/100/1000BaseT, SFP4 x 1 Gbps, 10/100/1000BaseT, SFP 2 x 10/100/1000/ 10G BASE-T2 x 10/100/1000/ 10G BASE-T 4 Gbps4 Gbps 48 TB, expandable SAS attached storage48 TB, expandable SAS attached storage 2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) | 52 lbs (23.6 Kg)2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) | 52 lbs (23.6 Kg) 1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging
PX 2020ESS-48PX 2020ESS-48 2 x 10 Gbps, SFP+2 x 10 Gbps, SFP+ 2 x 10/100/1000/ 10G BASE-T2 x 10/100/1000/ 10G BASE-T 5 Gbps, upgradeable to 20 Gbps5 Gbps, upgradeable to 20 Gbps 48 TB, expandable SAS attached storage48 TB, expandable SAS attached storage
PX 2040ESS-48PX 2040ESS-48 4 x 1/10Gbps SFP/SFP+4 x 1/10Gbps SFP/SFP+ 2 x 10/100/1000/ 10G BASE-T2 x 10/100/1000/ 10G BASE-T 5 Gbps, upgradeable to 20 Gbps5 Gbps, upgradeable to 20 Gbps 48 TB, expandable SAS attached storage48 TB, expandable SAS attached storage
PX 1004EXT-4G PX 1004EXT-4G 4 x 1 Gbps, 10/100/1000BaseT, SFP4 x 1 Gbps, 10/100/1000BaseT, SFP 2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
4 Gbps4 Gbps No onboard storage. Fiber HBA to external SAN/NAS storageNo onboard storage. Fiber HBA to external SAN/NAS storage 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg)1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical
PX 1040EXT-20GPX 1040EXT-20G 4 x 10 Gbps, SFP+4 x 10 Gbps, SFP+ 2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
20 Gbps20 Gbps
PX 2000SX-24PX 2000SX-24 n/an/a n/an/a n/an/a 24 TB storage shelf expansion for ESS models24 TB storage shelf expansion for ESS models 2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) 52 lbs | (23.6 Kg)2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) 52 lbs | (23.6 Kg) 500W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging500W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging
PX 2000SX-48PX 2000SX-48 n/an/a n/an/a n/an/a 48 TB storage shelf expansion for ESS models48 TB storage shelf expansion for ESS models
PX 2000SX-264PX 2000SX-264 n/an/a n/an/a n/an/a 264 TB storage shelf expansion for ESS models264 TB storage shelf expansion for ESS models 4U Rack-Mount | 7" x 17.2" x 27.5" (17.8 x 43.7 x 64.8 cm) | 75 lbs (34 Kg4U Rack-Mount | 7" x 17.2" x 27.5" (17.8 x 43.7 x 64.8 cm) | 75 lbs (34 Kg 1280W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging1280W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 888-227-2721 +61 281034308 +1 877-347-3393 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1241 +39 0294750535 +81 345888169 +03 77248276 +52 5585268207 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914