Transcription
data sheetFireEye Network SecurityEffective protection against cyber breachesfor midsize to large organizationsOverviewFireEye Network Security is an effective cyber threat protection solution thathelps organizations minimize the risk of costly breaches by accurately detectingand immediately stopping advanced, targeted and other evasive attackshiding in Internet traffic. It facilitates efficient resolution of detected securityincidents in minutes with concrete evidence, actionable intelligence andresponse workflow integration. With FireEye Network Security, organizationsare effectively protected against today’s threats whether they exploit MicrosoftWindows, Apple OS X operating systems, or application vulnerabilities; aredirected at the headquarters or branch offices; or are hidden in a large volumeof inbound Internet traffic that has to be inspected in real time.Figure 1. Typical configuration —Network Security solutions.UsersAt the core of FireEye Network Security are the Multi-Vector Virtual Execution (MVX) and dynamic machine learning and artificial intelligence (AI) technologies.MVX is a signature-less, dynamic analysis engine that inspects suspiciousnetwork traffic to identify attacks that evade traditional signature- and policybased defenses. Multiple machine learning, AI and correlation engines representa collection of contextual, dynamic rules engines that detects and blocksmalicious activity in real-time and retroactively, based on the latest machine-,attacker- and victim- intelligence. FireEye Network Security also includesintrusion prevention system (IPS) technology to detect common attacks usingconventional signature matching.FireEye Network Security is available in a variety of form factors, deploymentand performance options. It is typically placed in the path of Internet trafficbehind traditional network security appliances such as next-generation firewalls,IPS and secure web gateways (SWG). FireEye Network Security supplementsthese solutions by rapidly detecting both known and unknown attacks withhigh accuracy and few false positives, while facilitating an efficient response foreach alert.FireEye Network SecurityFirewall, IPS, SWGInternet
DATA SHEET FIREEYE NETWORK SECURITYCapabilitiesBenefitsDetectionAccurate detection of advanced,targeted and other evasivecyber attacksMinimizes risk of costly cyberbreachesModular and scalable securityarchitectureProvides investment protectionand supports business growth.Consistent level of protection formulti-OS environments and allInternet access pointsCreates a strong defense acrossthe entire organization for alltypes of devicesIntegrated, distributed, physical,virtual, on-premise and clouddeployment optionsOffers flexibility to align withorganizational preferencesand resourcesMulti-vector correlation withEmail and Content SecurityProvides visibility across widerattack surface2Technical AdvantagesAccurate and Actionable Threat Detectionand InsightsFireEye Network Security uses multiple analysistechniques to detect attacks with high accuracy and a lowrate of false alerts: Multi-Vector Virtual Execution (MVX) enginedetects zero-day, multi-flow and other evasive attackswith dynamic, signature-less analysis in a safe, virtualenvironment. It stops infection and compromisephases of the cyber-attack kill chain by identifyingnever-before-seen exploits and malware. Multiple, dynamic machine learning, AI and correlationPreventionImmediate blocking of attacksat line rates from 250 Mbps to10 GbpsGives real-time protection againstevasive attacksVisibility into encrypted trafficBuilt-in TLS 1.3 decryptionsupport available on applianceswithout an additional license feeResponseLow rate of false alerts, riskwarecategorization and mapping toMITRE ATT&CK frameworkReduces operationalcost of triagingunreliable alertsPivot to investigation and alertvalidation, endpoint containmentand incident responseAutomates and simplifiessecurity workflowsExecution evidence andactionable threat intelligenceAccelerates prioritization andresolution of detected securityincidentsengines detect and block obfuscated, targeted andother customized attacks with contextual, rule-basedanalysis from real-time insights gathered on the frontlines from thousands of hours of incident responseexperience. It stops infection, compromise and intrusionphases of the cyber attack kill chain by identifyingmalicious exploits, malware, phishing attacks andcommand and control (CnC) callbacks. It also extractsand submits suspicious network traffic to the MVXengine for a definitive verdict analysis.In addition to client-side protection, engines supportserver side detections, lateral movement detection anddetection on post-exploitation traffic. Alerts generated by FireEye Network Security includeconcrete real-time evidence to quickly respond to,prioritize and contain targeted and newly discoveredattacks. Detected threats can also be mapped to theMITRE ATT&CK framework for contextual evidence.Immediate and Resilient ProtectionFireEye Network Security offers flexible deploymentmodes including: Out-of-band monitoring via a TAP/SPAN, inlinemonitoring or inline active blocking. Inline blockingmode automatically blocks inbound exploits andmalware and outbound multi-protocol callbacks. Ininline monitoring mode, alerts are generated andorganizations decide how to respond to them. In out-ofband prevention mode, FireEye Network Security issuesTCP resets for out-of-band blocking of TCP or HTTPconnections. Selected models offer an active high availability (HA)option to provide resilience in case of network ordevice failures.
DATA SHEET FIREEYE NETWORK SECURITY3Wide Attack Surface CoverageFireEye Network Security delivers a consistent level ofprotection for today’s diverse network environments:Flexible Deployment OptionsFireEye Network Security offers various deploymentoptions to match an organization’s needs and budget: Support for most common Microsoft Windows and Integrated Network Security: standalone, all-in-oneApple Mac OS X operating systems. Analysis of over 160 different file types, includingportable executables (PEs), active web content,archives, images, Java, Microsoft and Adobe applicationsand multimedia. Execution of suspicious network trafficagainst thousands of operating system,service pack, IoT application type and applicationversion combinations. Protection against advanced attacks and malware typesthat are difficult to detect via signatures: web shelluploads, existing web shells, ransomware, cryptominers.Validated and Prioritized AlertsIn addition to detecting genuine attacks, FireEye MVXtechnology is also used to validate alerts detected byconventional signature-matching methods and to identifyand prioritize critical threats: Intrusion prevention system (IPS) with MVX enginevalidation reduces the time required to triage signaturebased detection that is traditionally prone to false alerts Riskware categorization separates genuine breachattempts from undesirable, but less malicious activity(such as adware and spyware) to prioritize alertresponseResponse Workflow IntegrationFireEye Network Security can be augmented in severalways to automate alert response workflows: FireEye Central Management correlates alerts from bothFireEye Network Security and FireEye Email Securityfor a broader view of an attack and to set blocking rulesthat prevent the attack from spreading further FireEye Network Forensics integrates with FireEyeNetwork Security to provide detailed packet capturesassociated with an alert and enable in-depthinvestigations FireEye Endpoint Security identifies, validates andcontains compromises detected by FireEye NetworkSecurity to simplify containment and remediation ofaffected endpointshardware appliance with integrated MVX service to securean Internet access point at a single site. FireEye NetworkSecurity is an easy-to-manage, clientless platform thatdeploys quickly without requiring rules, policies or tuning. Distributed Network Security: extensible appliances withcentrally shared MVX service to secure Internet accesspoints within organizations– Network Smart Node: physical or virtual appliancesthat analyze Internet traffic to detect and blockmalicious traffic and submit suspicious activity overan encrypted connection to the MVX service fordefinitive verdict analysis– MVX Smart Grid: on-premise, centrally located, elasticMVX service that offers transparent scalability, built-inN 1 fault tolerance and automated load balancing– FireEye Cloud MVX: FireEye-hosted MVX servicesubscription that ensures privacy by analyzingtraffic on the Network Smart Node. Only suspiciousobjects are sent over an encrypted connection to theMVX service, where objects revealed as benign arediscarded.– Protection on-premise or in the cloud: In additionto stand-alone and virtual appliances, FireEye offersNetwork Security in the Public Cloud with availabilityin both Amazon and Azure.Figure 2. Examples of Integrated Network Security include NX2550, NX 3500, NX 5500, NX 10550.
DATA SHEET FIREEYE NETWORK SECURITY4Network Smart NodeNetwork Smart NodePhysical ApplianceCloud - AWS AzureFigure 3.Distributeddeploymentmodels forNetwork Security.Central SiteNetwork Smart NodeMVX Smart GridPhysical ApplianceFireEyeCloud MVXRemote siteNetwork Smart NodeVirtual ApplianceRemote siteFigure 4.Modularcomponents ofFireEye NetworkSecurity.MVXSignature-lessdynamic analysisengineFireEye AnalysisEnginesIPS cedriven,rule-basedanalysis enginesSignature-basedand non-criticalmalware enginesCorrelationwith FireEyeand third partythreat dataAdvancedengines thatdetect lateralattacker trafficHigh Performance and ScalabilityFireEye Network Security protects Internet access pointsat line rate with performance options for a wide variety ofbranch and central office sizes:The MVX Smart Grid and FireEye Cloud MVX scalablearchitecture allows the MVX service to support oneNetwork Smart Node to thousands and scale seamlesslyas needed.Form FactorPerformanceIntegrated Network Security50 Mbps to 5 GbpsPhysical Network Smart Node50 Mbps to 10 GbpsVirtual and Public CloudNetwork Smart Node50 Mbps to 8 Gbps Stops attacks and contains intrusions faster withconcrete evidence, actionable intelligence, inlineblocking and response workflow automation Eliminates weak points from an organization’s cyberdefenses with consistent protection for variousoperating systems, application types, branches andcentral sitesShort Payback PeriodAccording to a Forrester Consulting study1, FireEyeNetwork Security customers can expect a 152% ROIsavings over three years and payback on their initialinvestment in just 9.7 months. FireEye Network Security: Focuses security team resources on real attacks toreduce operational expenses Optimizes capital spend with a shared MVX serviceBusiness BenefitsDesigned to meet the needs of single-site and distributedmulti-site organizations, FireEye Network Security deliversseveral benefits:Minimizes Risk of Cyber BreachesFireEye Network Security is a highly effective cyberdefense solution that: Prevents intruders from breaking into an organizationto steal valuable assets or disrupt business by stoppingadvanced, targeted and other evasive attacks1Forrester (May 2016). The Total Economic Impact of FireEye.and a large variety of performance points to rightsizedeployment to meet requirements Future-proofs security investment by scaling smoothlywhen the number of branches or the amount of Internettraffic grows Protects existing investments by allowing cost-free migration from an integrated to a distributeddeployment Reduces future capital outlay with modular andextensible architecture
DATA SHEET FIREEYE NETWORK SECURITY5Awards and CertificationsThe FireEye Network Security product portfolio has been awarded a number of industry and government awardsand certifications: In 2020, FireEye won first place in the Naval Information Warfare SystemsCommand (NAVWAR) Artificial Intelligence Cybersecurity Challenge2 In 2020, KuppingerCole awarded FireEye the Leadership Compass forNetwork Detection and Response3 In 2020, Forrester recognized FireEye as a large vendor for Network Analysisand Visibility4 In 2018, Frost & Sullivan recognized FireEye as the undisputed market leaderwith 46% market share, more than the next ten competitors combined5 FireEye Network Security holds certifications including Common Criteria,FIPS 140-2 and SOC 2 FireEye Network Security has been a recipient of numerous awards fromSANS Institute, SC Magazine, CRN and others FireEye Network Security was the first security solution on the market toreceive the US Department of Homeland Security SAFETY Act Certification2345FireEye (January 6, 2021). Naval Information Warfare Systems Command (NAVWAR) Awards FireEye First Place in Network Threat Detection Challenge.KuppingerCole (June 10, 2020). Leadership Compass Network Detection and Response.Forrester (June 23, 2020) Now Tech: Network Analysis and Visibility, Q2 2020.Frost & Sullivan (July 5, 2018) Advanced Malware Sandbox (AMS) Solutions Market, Global, Forecast to 2022.FireEye Network Security is part of FireEye XDRLearn more at www.FireEye.com/XDRFireEye, Inc.About FireEye601 McCarthy Blvd. Milpitas, CA 95035408.321.6300/877.FIREEYE (347.3393)[email protected] is the intelligence-led security company. Workingas a seamless, scalable extension of customer securityoperations, FireEye offers a single platform that blendsinnovative security technologies, nation-state grade threatintelligence, and world-renowned Mandiant consulting.With this approach, FireEye eliminates the complexity andburden of cyber security for organizations struggling toprepare for, prevent and respond to cyber attacks. 2021 FireEye, Inc. All rights reserved.FireEye and Mandiant are registered trademarksof FireEye, Inc. All other brands, products,or service names are or may be trademarks orservice marks of their respective owners.NS-EXT-DS-US-EN-000048-13
N 1 fault tolerance and automated load balancing – FireEye Cloud MVX: FireEye-hosted MVX service subscription that ensures privacy by analyzing traffic on the Network Smart Node. Only suspicious objects are sent over an encrypted connection to the MVX
