Network Forensics Platform Datasheet

Accelerate Actionable Intelligence and Facilitate Rapid Incident Response

Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensic capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.

The FireEye Network Forensics Platform allows you to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With the Network Forensics Platform, you can detect a broad array of security incidents, improve the quality of your response and precisely quantify the impact of each incident.

The Network Forensics Platform provides a powerful complement to the FireEye comprehensive threat prevention capabilities. In addition to receiving precise alerts and correlated threat information, analysts can also get a fine-grained view of the specific packets and sessions before, during and after the attack to confirm what may have triggered a malware download or callback, respond rapidly and effectively, and apply this information to enhancing future protective strategies.

Highlights

  • Continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps
  • Real-time indexing of all captured packets using time stamp and connection attributes and export of flow index in NetFlow versions 5 and 9 and Internet Protocol Flow Information Export (IPFIX) for use with other flow analysis tools 
  • Ultrafast search and retrieval of target connections and packets using patent-pending indexing architecture
  • Web-based, drill-down GUI for search and inspection of packets, connections and sessions

 

  • Session decoder support for viewing and searching web, email, FTP, DNS, chat, SSL connection details and file attachments
  • Packet payload search using regular expressions
  • Industry-standard data storage and export in packet-capture (PCAP) format, which can be stored with flexible storage options: on the appliance, SAS-attached or SAN-attached 
  • Acceleration of the investigative process via event-based capture to identify suspicious sessions that should be the focus for deeper investigations

Accelerate kill chain reconstruction and impact quantification

By allowing FireEye users to quickly locate and decode traffic and sessions before, during, and after a security event, the Network Forensics Platform provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.

Ultrafast access to historical network data is a necessity for security personnel in reducing mean time to resolution, as well as answering the key questions: how long has the breach been present, what data may have already left the network, and how many other hosts may already have been compromised?

Ultrafast packet capture, indexing, and search

The Network Forensics Platform ensures continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps. Realtime indexing of all captured packets with nanosecond time stamps and connection attributes provides data for immediate forensics.

Industry-standard data storage and export

All packets are stored in standard PCAP format to enable flexibility to an analytics platform of choice.

Integrated workflow with FireEye Threat Prevention Platform

The integration with the FireEye platforms provides deeper insight into network traffic and activities through simple drill-down access to captured, indexed, and stored connection and packet information on the largest and busiest 10 Gbps networks. By allowing FireEye users to quickly locate and decode traffic and sessions before, during, and after a security event, the Network Forensics Platform provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.

Highlight suspicious sessions

Accelerate the investigative process and correlate events that have occurred over time by creating customizable rules to flag suspicious session data, enabling a starting point for deeper investigations and to ensure longstanding retention. Investigations tied to a given event can be managed as a single case.

Technical Specifications

Capture Port Configuration Management Ports Max Record Speed Total Onboard Storage Dimensions Power Supply / Typical Operating Load
PX 004S PX 004S 4 x 1 Gbps SFP4 x 1 Gbps SFP 2 x 10/100/1000 BASE-T2 x 10/100/1000 BASE-T 500Mbps500Mbps 2TB2TB 1.7" x 16.8" x 14" (4.3 x 42.67 x 35.56 cm) | 11 lbs (5 kg)1.7" x 16.8" x 14" (4.3 x 42.67 x 35.56 cm) | 11 lbs (5 kg) 200W Low Noise AC power 100-240V, 60-50 Hz auto-ranging200W Low Noise AC power 100-240V, 60-50 Hz auto-ranging
PX 1004ESS-16PX 1004ESS-16 4 x 1 Gbps, 10/100/1000BaseT, SFP 4 x 1 Gbps, 10/100/1000BaseT, SFP 2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
1.5 Gbps 1.5 Gbps 16 TB, expandable SAS attached storage 16 TB, expandable SAS attached storage 1U Rack-Mount | 1.7" x 17.2" x 25.6"(4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical
PX 1020ESS-16 PX 1020ESS-16 2 x 10 Gbps, SFP+ 2 x 10 Gbps, SFP+ 2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/10G BASE-T
1.5 Gbps 1.5 Gbps 16 TB, expandable SAS attached storage 16 TB, expandable SAS attached storage 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical
PX 2004ESS-48PX 2004ESS-48 4 x 1 Gbps, 10/100/1000BaseT, SFP4 x 1 Gbps, 10/100/1000BaseT, SFP 2 x 10/100/1000/ 10G BASE-T2 x 10/100/1000/ 10G BASE-T 4 Gbps4 Gbps 48 TB, expandable SAS attached storage48 TB, expandable SAS attached storage 2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) | 52 lbs (23.6 Kg)2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) | 52 lbs (23.6 Kg) 1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging
PX 2020ESS-48PX 2020ESS-48 2 x 10 Gbps, SFP+2 x 10 Gbps, SFP+ 2 x 10/100/1000/ 10G BASE-T2 x 10/100/1000/ 10G BASE-T 5 Gbps, upgradeable to 20 Gbps5 Gbps, upgradeable to 20 Gbps 48 TB, expandable SAS attached storage48 TB, expandable SAS attached storage
PX 2040ESS-48PX 2040ESS-48 4 x 1/10Gbps SFP/SFP+4 x 1/10Gbps SFP/SFP+ 2 x 10/100/1000/ 10G BASE-T2 x 10/100/1000/ 10G BASE-T 5 Gbps, upgradeable to 20 Gbps5 Gbps, upgradeable to 20 Gbps 48 TB, expandable SAS attached storage48 TB, expandable SAS attached storage
PX 1004EXT-4G PX 1004EXT-4G 4 x 1 Gbps, 10/100/1000BaseT, SFP4 x 1 Gbps, 10/100/1000BaseT, SFP 2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
4 Gbps4 Gbps No onboard storage. Fiber HBA to external SAN/NAS storageNo onboard storage. Fiber HBA to external SAN/NAS storage 1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg)1U Rack-Mount | 1.7" x 17.2" x 25.6" (4.3 x 43.7 x 65.0 cm) | 46 lbs (20.9 Kg) 650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical
PX 1040EXT-20GPX 1040EXT-20G 4 x 10 Gbps, SFP+4 x 10 Gbps, SFP+ 2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
2 x 10/100/1000 BASE-T
2 x 10/100/1000/ 10G BASE-T
20 Gbps20 Gbps
PX 2000SX-24PX 2000SX-24 n/an/a n/an/a n/an/a 24 TB storage shelf expansion for ESS models24 TB storage shelf expansion for ESS models 2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) 52 lbs | (23.6 Kg)2U Rack-Mount | 3.5" x 17.2" x 25.5" (8.9 x 43.7 x 64.8 cm) 52 lbs | (23.6 Kg) 500W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging500W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging
PX 2000SX-48PX 2000SX-48 n/an/a n/an/a n/an/a 48 TB storage shelf expansion for ESS models48 TB storage shelf expansion for ESS models
PX 2000SX-264PX 2000SX-264 n/an/a n/an/a n/an/a 264 TB storage shelf expansion for ESS models264 TB storage shelf expansion for ESS models 4U Rack-Mount | 7" x 17.2" x 27.5" (17.8 x 43.7 x 64.8 cm) | 75 lbs (34 Kg4U Rack-Mount | 7" x 17.2" x 27.5" (17.8 x 43.7 x 64.8 cm) | 75 lbs (34 Kg 1280W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging1280W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 877-347-3393