Endpoint Security Datasheet

On-premise or remote endpoint defense against unknown threats and exploits

Today’s skilled attackers bypass traditional endpoint protection platforms (EPP) because those EPPs focus on single elements to identify threats. By integrating AV and anti-malware protection, threat intelligence, behavior analysis and endpoint detection and response (EDR) capabilities, FireEye Endpoint Security offers a far more robust EPP option to detect and prevent multiple threat characteristics. It enables more security automation while enabling active inspection and analysis to find and eliminate suspicious activity. Its capabilities include:

  • Triage Viewer and Audit Viewer to inspect and analyze threat indicators
  • Enterprise Security Search to rapidly search for, find and determine actions of
    suspicious activity and threats
  • Data Acquisition for in-depth endpoint inspection and analysis
  • Exploit Guard to detect, alert on and prevent attacks that try to exploit endpoints
    and applications

With FireEye Endpoint Security organizations can proactively detect, prevent, inspect, analyze and contain known and unknown threats on any endpoint.


  • Deploys as on-premise appliance, cloud or virtual systems with endpoint agents that detect and prevent threats, monitor remote, networked endpoint activities and enable rapid response to known and unknown threats.
  • Offers new AV (detection only until Q3) capability integrated with Advanced Threat Intelligence, endpoint behavioral analysis and inspection workflow in a single endpoint agent.
  • Helps conduct detailed endpoint investigation with cohesive activity timelines within a single workflow to identify and contain IOCs and other threats or suspicious activities.
  • Enables the ability to search for, identify and contain threats on tens of thousands of endpoints (connected or not) in minutes.
  • Allows analysts to easily assess all endpoint activities with Triage and Audit Viewer through a single interface. They can identify and analyze incidents, contain threats with a single click to eliminate further risk and determine best response.

Detect and prevent hidden endpoint exploit processes

When it comes to exploit detection, traditional EPP capabilities are limited because exploits don’t conform to a simple signature or pattern. FireEye Endpoint Security provides a flexible, data-driven exploit behavioral intelligence via a feature called Exploit Guard. This feature also delivers EDR by gathering detailed information on areas traditional endpoint solutions miss. It uses detailed FireEye-exclusive intelligence to correlate multiple discrete activities and uncover exploits.

Extend threat intelligence to every endpoint

To be effective, threat intelligence must be present at the point of attack. The EDR capabilities offered by Endpoint Security seamlessly extend threat intelligence capabilities of other FireEye products to the endpoint. If a FireEye product detects an attack anywhere in the network, endpoints are automatically updated and analyst can quickly inspect and gather details with Triage and Audit Viewer on every endpoint for indicators of compromise (IOCs).

Attain enhanced endpoint visibility 

Complete endpoint visibility is critical to identifying the root cause of an alert and conducting deep analyses of a threat to determine its threat state. The lookback cache in Endpoint Security allows you to inspect and analyze present and past alerts at any endpoint for thorough forensic investigation and the best response.

Get complete endpoint coverage

Onsite and remote endpoints outside the corporate network can be more vulnerable to attack. Endpoint Security covers all endpoints, pushing intelligence to them regardless of their Internet connection type. This enables you to detect and prevent threats, as well as investigate and contain endpoints anywhere in the world without requiring additional VPN connections.

Contain compromised endpoints and prevent lateral spread

Attacks that start at an endpoint can spread quickly through your network. After you identify an attack, Endpoint Security lets you immediately isolate compromised devices with a single click to stop an attack and prevent it from spreading laterally or becoming a greater threat in some other way. You can then conduct a complete forensic investigation of the incident without risking further infection.

How Endpoint Security works

Endpoint Security can search for and investigate known and unknown threats on tens of thousands of endpoints in minutes. It uses FireEye Dynamic Threat Intelligence to correlate alerts generated by FireEye and network security products and security logs to validate a threat and determine:

  • Which vectors an attack used to infiltrate an endpoint
  • Whether an attack occurred (and persists) on a specific endpoint
  • If lateral spread occurred and to which endpoints
  • How long an endpoint(s) has been compromised
  • If intellectual property has been exfiltrated
  • Which endpoints and systems to contain to prevent further compromise

Endpoint Security requirements

NOTE: Endpoint Security requires a 1 Ghz or higher Pentium compatible processor and at least 300 MB of free disk space. It works with the following operating systems.

Operating System Minimum System Memory (RAM)
Windows XP SP3 Windows XP SP3 512 MB 512 MB
Windows 2003 SP2 Windows 2003 SP2 512 MB 512 MB
Windows Vista SP1 or newer Windows Vista SP1 or newer 1 GB (32-bit), 2 GB (64-bit) 1 GB (32-bit), 2 GB (64-bit)
Windows 2008 (including R2) Windows 2008 (including R2) 2 GB (64-bit) 2 GB (64-bit)
Windows 7 Windows 7 1 GB (32-bit), 2 GB (64-bit) 1 GB (32-bit), 2 GB (64-bit)
Windows 2012 (including R2) Windows 2012 (including R2) 2 GB (64-bit) 2 GB (64-bit)
Windows 8 Windows 8 1 GB (32-bit), 2 GB (64-bit) 1 GB (32-bit), 2 GB (64-bit)
Windows 8.1 Windows 8.1 1 GB (32-bit), 2 GB (64-bit) 1 GB (32-bit), 2 GB (64-bit)
Windows 10 Windows 10 1 GB (32-bit), 2 GB (64-bit) 1 GB (32-bit), 2 GB (64-bit)
Windows Server 2008 to 2016 Windows Server 2016 2 GB 2 GB
Red Hat Enterprise Linux (RHEL) versions 6.8, 7.2, 7.3 Red Hat Enterprise Linux (RHEL) versions 6.8, 7.2, 7.3 2 GB 2 GB

Deployment Options

NOTE: Endpoint Security can be deployed via cloud or as a virtual or on-premise hardware appliance. A single appliance supports up to 100,000 endpoints.

Specification HX 4402 HX 4400D
Storage Capacity Storage Capacity 4x 1.8 TB HDD, RAID 10, 2.5 inch, FRU 4x 1.8 TB HDD, RAID 10, 2.5 inch, FRU 4x 600 GB, SAS, 2.5 inch, FRU 4x 600 GB, SAS, 2.5 inch, FRU
Enclosure Enclosure 1RU, Fits 19-inch Rack 1RU, Fits 19-inch Rack 1RU, Fits 19-inch Rack 1RU, Fits 19-inch Rack
Chassis Dimensions (WxDxH) Chassis Dimensions (WxDxH) 17.2" x 27.8" x 1.7"
(437 x 706 x 43.2 mm)
17.2" x 27.8" x 1.7"
(437 x 706 x 43.2 mm)
17.2" x 27.8" x 1.7"
(437 x 706 x 43.2 mm)
17.2" x 27.8" x 1.7"
(437 x 706 x 43.2 mm)
AC Power Supply AC Power Supply Redundant (1+1) 750 watt, 100-240 VAC Redundant (1+1) 750 watt, 100-240 VAC Redundant (1+1) 750 watt, 100-240 VAC Redundant (1+1) 750 watt, 100-240 VAC
Power Consumption Maximum (watts) Power Consumption Maximum (watts) 313 watts 313 watts 313 watts 313 watts
MTBF (h) MTBF (h) 35,200 h 35,200 h 35,200 h 35,200 h
Appliance Alone Appliance Alone 32 lb. (15 kg) 32 lb. (15 kg) 32 lb. (15 kg) 32 lb. (15 kg)

Endpoint Security virtual appliance

The features of Endpoint Security virtual appliances are detailed below.

CPU (Total Cores) CPU (Total Cores) 2x4 (8) 2x4 (8) 2x4 (8) 2x4 (8)
Memory Memory 64 GB 64 GB 64 GB 64 GB
Disk Disk 1200 GB 1200 GB 3600 GB 3600 GB
Virtual NICs Virtual NICs 2 2 2 2

Virtual appliance requirements

Endpoint Security virtual appliances require the following VMware resources:

  • VMware ESXi host version 6.0 or later. Earlier ESXi versions are not supported
  • VMware vSphere Client
  • VMware VCenter Server (recommended). When you use vSphere Client to add virtual appliances to vCenter Server, the Deploy OVG Template wizard provides an easy way to enter your activation code. Otherwise, you must type it in the virtual appliance console, because you cannot paste into this console.
  • VMXNET 3 network drivers
  • Standard virtual switch created for the monitoring ports of the virtual appliances, and attached to a physical network adapter on the ESXi server.

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 888-227-2721 +61 281034308 +1 877-347-3393 +358 942451151 +33 170612726 +49 35185034500 +852 69630370 +39 0294750535 +81 345888169 +03 77248276 +52 5585268207 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +028 7933558 +27873392 +44 2036087538 +842444581914