Server Edition Datasheet

Adaptive, intelligent, scalable defense against email borne threats

Email is the most vulnerable vector for cyber attacks because it’s the highest volume data ingress point. Organizations face an ever-increasing number of security challenges from email-based spam and viruses to advanced and targeted threats. The majority of threats arrive by email in the form of weaponized file attachments, malicious links and credential phishing. While anti-spam filters and antivirus software are good at catching traditional mass email phishing attacks with known malicious attachments, links and content, they cannot catch sophisticated and targeted spear-phishing attacks designed to bypass these legacy solutions. Email remains the primary method used to initiate an advanced attack or deliver ransomware because it can be highly targeted and customized to increase the odds of exploitation.

FireEye Email Security helps organizations minimize the risk of costly breaches. Email Security on-premises appliances, accurately detect and can immediately stop advanced and targeted attacks, including spear phishing and ransomware before they enter your environment. Email Security uses the signatureless Multi-Vector Virtual Execution™ (MVX) engine to analyze email attachments and URLs against a comprehensive cross-matrix of operating systems, applications and web browsers. Threats are identified with minimal noise, and false positives are nearly nonexistent.

FireEye collects extensive threat intelligence on adversaries, firsthand breach investigations and through millions of sensors. Email Security draws on this real evidence and contextual intelligence about attacks and attackers to prioritize alerts and block threats in real time.

Email Security integrates with FireEye Network Security and Endpoint Security for broader visibility to coordinate real-time protection against multi-vector, blended attacks.

EX 3500, EX 5500, EX 8500

FireEye EX 3500, EX 5500, EX 8500

Highlights

  • Offers comprehensive email security against spear phishing and other advanced, multi-stage and zero-day attacks
  • Bursting provides added detection analysis capacity during peak message throughput periods
  • Supports analysis against Microsoft Windows and Apple Mac OS X operating system images 
  • Analyzes email for threats hidden in files including password-protected and encrypted attachments and malicious URLs

 

  • Automatically detects and reduces or entirely prevents credential phishing
  • Provides contextual insights for alerts to prioritize and contain threats
  • Integrates with a variety of FireEye technologies
  • Deploys on-premises in active-protection or monitor-only mode
  • Provides visibility, tracking and management of messages and alerts

Effective threat detection

FireEye Email Security is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in email traffic.

At the core of Email Security is the Multi-Vector Virtual Execution™ (MVX) engine. MVX is a signatureless, dynamic analysis engine that inspects suspicious email traffic to identify attacks that evade traditional signature- and policy-based defenses. The MVX engine detects zero-day, multi-flow and other evasive attacks by using dynamic, signatureless analysis in a safe, virtual environment. It stops the infection and compromise phases of the cyber attack kill chain by identifying never-before-seen exploits and malware.

Bursting to a FireEye MVX Smart Grid provides added capacity for detecting and analyzing email-borne threats during peak message throughput periods.

Defense against email borne threats

With all the personal information available online, a cyber criminal can socially engineer almost any user into clicking a URL or opening an attachment.

Email Security provides real-time detection and prevention of spear-phishing, ransomware, and credential-phishing attacks that evade traditional defenses. It reduces credential phishing with detection of “like but not equal” domains (typosquatting).

If an attack is confirmed, Email Security quarantines the malicious email for further analysis across Microsoft Windows and Apple Mac OSX images, applications and web browsers or deletion. It conducts analyses for malware hidden in:

  • Attachment types including, but not limited to: EXE, DLL, PDF, SWF, DOC/ DOCX, XLS/XLSX, PPT/PPTX, JPG, PNG, MP3, MP4 and ZIP/RAR/TNEF archives
  • Password-protected and encrypted attachments
  • URLs embedded in emails, MS Office documents, PDF and archive files (ZIP, ALZip, JAR), and other file types (Uuencoded, HTML)
  • Files downloaded through URLs — and even FTP links
  • Obfuscated, spoofed, shortened and dynamically redirected URLs
  • Credential-phishing and typosquatting URLs
  • Unknown Microsoft Windows and Apple Mac OS X operating system image, browser and application vulnerabilities
  • Malicious code embedded in spear-phishing emails

While ransomware attacks start with an email, a call back to a command-and-control server is required to encrypt the data. Email Security identifies and stops these hard-to-detect multi-stage malware campaigns.

Message queue and alert and quarantine management

Email Security provides a high degree of control over the email messages it scans. For active protection-mode deployments, messages can be tracked and managed as they move through the MTA queue. Email attributes can be used to search and verify that messages were received, analyzed and delivered to the next hop and trends over time can be monitored through an intuitive dashboard. Explicit allow and block lists provide custom control over email processing. Common alert attributes can be searched and selected. And bulk operations can be performed on alerts and quarantined messages.

Efficient response to alerts

Email Security analyzes every attachment and URL to accurately identify today’s advanced attacks. Real-time updates from the entire FireEye security ecosystem combined with attribution of alerts to known threat actors provide context for prioritizing and acting on critical alerts and blocking spear-phishing emails. Known, unknown and non-malware based threats are identified with minimal noise and false positives so that resources are focused on real attacks to reduce operational expenses. Riskware categorization separates genuine breach attempts from undesirable, but less malicious activity (such as adware and spyware) to prioritize alert response.

Rapid adaptation to the evolving threat landscape

Email Security helps your organization continually adapt your proactive defense against email-borne threats by using deep intelligence about threats and attackers. It combines adversarial, machine and victim intelligence to:

  • Deliver timely and broader visibility to threats
  • Identify specific capabilities and features of detected malware and malicious attachments
  • Provide contextual insights to prioritize and accelerate response
  • Determine the probable identity and motives of an attacker and track their activities within your organization
  • Retroactively identify spear-phishing attacks and prevent access to phishing sites by highlighting malicious URLs

Active-protection or monitor-only mode

Email Security can analyze emails and quarantine threats for active protection. Organizations simply update their MX records to route messages to FireEye. It then uses the signatureless detonation chamber, the MVX engine, to analyze every attachment and URL for threats and stop advanced attacks in real time.

For monitor-only deployments organizations set up a transparent BCC rule to send copies of emails to Email Security for analysis by the MVX engine.

Security operations control

Email Security works seamlessly with FireEye Helix and FireEye Central Management.

  • As a component of the security operations platform – FireEye Helix – it provides visibility across the entire infrastructure. FireEye Helix augments email and third-party alerts with intelligence, correlation to the endpoint, automation, and investigative tips. With these capabilities, FireEye Helix surfaces unseen threats and empowers expert decisions.
  • Central Management correlates alerts from both Email Security and FireEye Network Security for a broader view of an attack and to set blocking rules to prevent the attack from spreading.
  • Central Management supports role-based tagging to know who is being targeted.
  • Central Management supports alert response and remediation based on role-based criteria.

YARA-based rules enables customization

Email Security supports custom YARA rules to enable security analysts to specify and test rules for analyzing email attachments containing threats targeting their organization.

TESTIMONIAL

"With our industry under attack, my company and our stakeholders need the best protection available: With the FireEye EX series, this is exactly what we have."

- Senior IT Security Manager, Insurance Industry Giant

Technical specifications

EX 3500 EX 5500 EX 8500
Performance* Performance* Up to 700 unique attachments/hUp to 700 unique attachments/h Up to 1,800 unique attachments/hUp to 1,800 unique attachments/h Up to 2,650 unique attachments/hUp to 2,650 unique attachments/h
Network Interface PortsNetwork Interface Ports 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT 4x SFP+ (supporting 10GigE Fiber, 10GigE Copper, 1GigE Copper), 2x 1GigE BaseT 4x SFP+ (supporting 10GigE Fiber, 10GigE Copper, 1GigE Copper), 2x 1GigE BaseT
Management Ports Management Ports 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT
IPMI MonitoringIPMI Monitoring (rear panel) SupportedSupported SupportedSupported SupportedSupported
VGA Port (rear panel)VGA Port (rear panel) IncludedIncluded IncludedIncluded IncludedIncluded
USB Ports (rear panel)USB Ports (rear panel) 4x USB Type A Rear4x USB Type A Rear 2x USB Type A Front, 2x USB Type A Rear2x USB Type A Front, 2x USB Type A Rear 2x USB Type A Front, 2x USB Type A Rear2x USB Type A Front, 2x USB Type A Rear
Serial Port (rear panel)Serial Port (rear panel) 115,200 bps, No Parity, 8 Bits, 1 Stop Bit115,200 bps, No Parity, 8 Bits, 1 Stop Bit 115,200 bps, No Parity, 8 Bits, 1 Stop Bit115,200 bps, No Parity, 8 Bits, 1 Stop Bit 115,200 bps, No Parity, 8 Bits, 1 Stop Bit115,200 bps, No Parity, 8 Bits, 1 Stop Bit
Storage CapacityStorage Capacity 4x 2TB, RAID 10, HDD 3.5 inch, FRU4x 2TB, RAID 10, HDD 3.5 inch, FRU 4x 2TB, RAID 10, HDD 3.5 inch, FRU4x 2TB, RAID 10, HDD 3.5 inch, FRU 4x 2TB, RAID 10, HDD 3.5 inch, FRU4x 2TB, RAID 10, HDD 3.5 inch, FRU
Enclosure Enclosure 1RU, Fits 19 inch Rack1RU, Fits 19 inch Rack 2RU, Fits 19 inch Rack2RU, Fits 19 inch Rack 2RU, Fits 19 inch Rack2RU, Fits 19 inch Rack
Chassis Dimensions (WxDxH)Chassis Dimensions (WxDxH) 17.20" x 25.60" x 1.70"
(437 x 650 x 43.2 mm)
17.20" x 25.60" x 1.70"
(437 x 650 x 43.2 mm)
17.24" x 24.41" x 3.48"
(438 x 620 x 88.4 mm)
17.24" x 24.41" x 3.48"
(438 x 620 x 88.4 mm)
17.24" x 24.41" x 3.48"
(438 x 620 x 88.4 mm)
17.24" x 24.41" x 3.48"
(438 x 620 x 88.4 mm)
AC Power SupplyAC Power Supply Redundant (1+1) 750 watt,100 - 240 VAC, 9 – 4.5A, 50-60 Hz, IEC60320-C14 inlet, FRURedundant (1+1) 750 watt,100 - 240 VAC, 9 – 4.5A, 50-60 Hz, IEC60320-C14 inlet, FRU Redundant (1+1) 800 watt,100 - 240 VAC, 9 – 4.5A, 50-60 Hz, IEC60320-C14 inlet, FRURedundant (1+1) 800 watt,100 - 240 VAC, 9 – 4.5A, 50-60 Hz, IEC60320-C14 inlet, FRU Redundant (1+1) 800 watt,100 - 240 VAC, 9 – 4.5A, 50-60 Hz, IEC60320-C14 inlet, FRURedundant (1+1) 800 watt,100 - 240 VAC, 9 – 4.5A, 50-60 Hz, IEC60320-C14 inlet, FRU
DC Power SupplyDC Power Supply Not AvailableNot Available Not AvailableNot Available Not AvailableNot Available
Thermal Maximum Power watts (Btu/h)Thermal Maximum Power watts (Btu/h) 245 watts (836 Btu/h)245 watts (836 Btu/h) 456 watts (1,556 Btu/h)456 watts (1,556 Btu/h) 530 watts (1,808 Btu/h)530 watts (1,808 Btu/h)
MTBF (h)MTBF (h) 54,20054,200 57,40157,401 53,74253,742
Appliance Alone / As Shipped WeightAppliance Alone / As Shipped Weight lb. (kg) 30.0 lbs (13.6 kg) / 41.0 lbs (18.6 kg)30.0 lbs (13.6 kg) / 41.0 lbs (18.6 kg) 44.1 lbs (20.0 kg) / 65.3 lbs (29.6 kg)44.1 lbs (20.0 kg) / 65.3 lbs (29.6 kg) 44.4 lbs (20.2 Kg) / 65.6 lbs (29.8 kg)44.4 lbs (20.2 Kg) / 65.6 lbs (29.8 kg)
Compliance SafetyCompliance Safety IEC 60950, EN 60950-1, UL 60950, CSA/CAN-C22.2IEC 60950, EN 60950-1, UL 60950, CSA/CAN-C22.2 IEC 60950, EN 60950-1, UL 60950, CSA/CAN-C22.2IEC 60950, EN 60950-1, UL 60950, CSA/CAN-C22.2 IEC 60950, EN 60950-1, UL 60950, CSA/CAN-C22.2IEC 60950, EN 60950-1, UL 60950, CSA/CAN-C22.2
Compliance EMCCompliance EMC FCC Part 15, ICES-003 Class A, AS/NZS CISPR 22, CISPR 32, EN 55032, EN 55024, IEC/EN 61000-3-2, IEC/EN 61000-3-3, IEC/EN 61000-4-2 V-2/2015 & V-3/2015FCC Part 15, ICES-003 Class A, AS/NZS CISPR 22, CISPR 32, EN 55032, EN 55024, IEC/EN 61000-3-2, IEC/EN 61000-3-3, IEC/EN 61000-4-2 V-2/2015 & V-3/2015 FCC Part 15, ICES-003 Class A, AS/NZS CISPR 22, CISPR 32, EN 55032, EN 55024, IEC/EN 61000-3-2, IEC/EN 61000-3-3, IEC/EN 61000-4-2 V-2/2015 & V-3/2015FCC Part 15, ICES-003 Class A, AS/NZS CISPR 22, CISPR 32, EN 55032, EN 55024, IEC/EN 61000-3-2, IEC/EN 61000-3-3, IEC/EN 61000-4-2 V-2/2015 & V-3/2015 FCC Part 15, ICES-003 Class A, AS/NZS CISPR 22, CISPR 32, EN 55032, EN 55024, IEC/EN 61000-3-2, IEC/EN 61000-3-3, IEC/EN 61000-4-2 V-2/2015 & V-3/2015FCC Part 15, ICES-003 Class A, AS/NZS CISPR 22, CISPR 32, EN 55032, EN 55024, IEC/EN 61000-3-2, IEC/EN 61000-3-3, IEC/EN 61000-4-2 V-2/2015 & V-3/2015
Security CertificationsSecurity Certifications FIPS 140-2, CC NDPP v1.1FIPS 140-2, CC NDPP v1.1 FIPS 140-2, CC NDPP v1.1FIPS 140-2, CC NDPP v1.1 FIPS 140-2, CC NDPP v1.1FIPS 140-2, CC NDPP v1.1
Environmental ComplianceEnvironmental Compliance RoHS Directive 2011/65/EU; REACH; WEEE Directive 2012/19/EURoHS Directive 2011/65/EU; REACH; WEEE Directive 2012/19/EU RoHS Directive 2011/65/EU; REACH; WEEE Directive 2012/19/EURoHS Directive 2011/65/EU; REACH; WEEE Directive 2012/19/EU RoHS Directive 2011/65/EU; REACH; WEEE Directive 2012/19/EURoHS Directive 2011/65/EU; REACH; WEEE Directive 2012/19/EU
Operating TemperatureOperating Temperature 0° to 35° C (32° to 95° F)0° to 35° C (32° to 95° F) 0° to 35° C (32° to 95° F)0° to 35° C (32° to 95° F) 0° to 35° C (32° to 95° F)0° to 35° C (32° to 95° F)
Operating Relative HumidityOperating Relative Humidity 10 ~ 95% @ 40° C, non-condensing10 ~ 95% @ 40° C, non-condensing 10 ~ 95% @ 40° C, non-condensing10 ~ 95% @ 40° C, non-condensing 10 ~ 95% @ 40° C, non-condensing10 ~ 95% @ 40° C, non-condensing
Operating AltitudeOperating Altitude 3,000 m / 9,842 ft3,000 m / 9,842 ft 3,000 m / 9,842 ft3,000 m / 9,842 ft 3,000 m / 9,842 ft3,000 m / 9,842 ft

* All performance values vary depending on the system configuration and email traffic profile being processed. Size appliance(s) based on unique attachments per hour.

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 888-227-2721 +61 281034308 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1241 +353 (0)216019160 +39 0294750535 +81 345888169 +03 77248276 +52 5585268207 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914