FireEye Network Forensics Platform

Accelerate actionable intelligence and facilitate rapid incident response

Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.

 

The FireEye Network Forensics Platform allows you to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With the Network Forensics Platform, you can detect a broad array of security incidents, improve the quality of your response, and precisely quantify the impact of each incident.The Network Forensics Platform provides a powerful complement to the FireEye comprehensive threat prevention capabilities. In addition to receiving precise alerts and correlated threat information, analysts can also get a fine-grained view of the specific packets and sessions before, during, and after the attack to confirm what may have triggered a malware download or callback, to respond rapidly and effectively, and to apply this information to enhancing future protective strategies.

 

HIGHLIGHTS

  • Continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps
  • Real-time indexing of all captured packets using time stamp and connection attributes. Export of flow index in NetFlow v5, v9, and IPFIX formats for use with other flow analysis tools
  • Ultrafast search and retrieval of target connections and packets using patent-pending indexing architecture
  • Web-based, drill-down GUI for search and inspection of packets, connections, and sessions
  • Session decoder support for viewing and searching Web, email, FTP, DNS, chat, SSL connection details, and file attachments
  • Packet payload search using regular expressions
  • Industry-standard data storage and export in PCAP format, which can be stored with flexible storage options: on the appliance, SASattached, or SAN-attached storage

 

Datasheet-network forensics platform px series