FireEye AX Series
Forensic Analysis Platforms that Provide a Full 360-degree View of a Cyber Attack
The FireEye AX series is a group of forensic analysis platforms that gives security analysts hands-on control over powerful, auto-configured test environments where they can safely execute and inspect advanced malware, zero-day, and targeted advanced persistent threat (APT) attacks embedded in common file formats, email attachments, and Web objects. With advanced instrumentation, the FireEye Multi-Vector Virtual Execution (MVX) engine provides forensic details on the exploit, such as the vulnerability exploited to create a buffer overflow condition, attempts to escalate privileges within Windows, and the callback coordinates used to exfiltrate data.
When security analysts need a secure environment to test, replay, characterize, and document advanced malicious activities, they can simply load a suspicious file or set of files into the FireEye AX platform's MVX engine. As it analyzes files such as suspicious email attachments, PDF documents, or Web objects via a URL, the AX platform reports a full 360-degree view of the attack, from the initial exploit and malware execution path to the callback destinations and follow-on binary download attempts.
- Provides pre-configured sandbox or live-mode analysis for unknown code and suspicious Web objects – Supports single and batch testing with a range of browsers, plug-ins, applications, and Windows operating environments, looking for signs of unusual activity and any attempt to exploit a vulnerability
- Automated or batched analysis of zero-day attacks – Detects and blocks advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Identifies outbound malware transmissions across multiple protocols – Shows how malicious code plans to steal data, control bot activities or communicate multi-stage operations using HTTP, FTP, or IRC, revealing the intent of the malicious software
- Dynamically generates malware intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
- Integrates with NX, EX, and FX platforms – Malicious content uncovered using the AX platform can be pushed to the NX, EX, and FX platforms for real-time protection against emerging attacks
- Streamlines analysis – Enables analysts to drill into samples to confirm attacks and understand the intent and targets of the cybercriminals, without the overhead of creating and maintaining test configurations
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze objects for threats specific to the organization
- Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the AX for more efficient incident response prioritization
Features and Benefits:
Assess OS, browser, and application attacks
The FireEye AX series utilizes the FireEye Multi-Vector Virtual Execution™ (MVX) engine to provide in-house analysts with a full 360-degree view of an attack, from the initial exploit to callback destinations, and followon binary download attempts. Through a pre-configured, instrumented Windows virtual analysis environment, the FireEye MVX engine fully executes suspicious code to allow deep inspection of common Web objects, email attachments, and files. The FireEye AX platform uses the FireEye MVX engine to inspect single files or batches of files for malware and tracks outbound connection attempts across multiple protocols.
Spend time analyzing, not administering
The FireEye AX series frees administrators from time-consuming setup, baselining, and restoration of the virtual machine environments used in manual malware analysis. With built-in customization and granular control over payload detonations, the FireEye AX series enables forensic analysts to arrive at a comprehensive understanding of the attack that is suited to the needs of the enterprise.
Choose live analysis or sandbox modes
The FireEye AX series has the ability to provide users two analysis modes—live and sandbox. Malware analysts use the live, on-network mode for full malware life cycle analysis, allowing external connectivity. This gives the FireEye AX series the ability to track advanced attacks across multiple stages and different vectors. In sandbox mode, the execution path of particular malware samples is fully contained and visible in the virtual environment.
In both modes, users are able to generate a dynamic and anonymized profile of the attack that can be shared through the FireEye CM platform to other FireEye products. The malware attack profiles generated by the FireEye AX platforms include identifiers of malware code, exploit URLs, and other sources of infections and attacks. Also, malware communication protocol characteristics are shared to provide dynamic blocking of data exfiltration attempts across the organization’s entire FireEye deployment via the FireEye Dynamic Threat Intelligence™ (DTI) enterprise.
YARA-based rules enables customization
The FireEye AX series supports custom YARA rules importation to specify byte-level rules and quickly analyze suspicious objects for threats specific to the organization.
Global malware protection network
The FireEye AX series is designed for easy integration with the entire FireEye threat prevention portfolio. The FireEye AX series can automatically share malware forensics data with other FireEye platforms via the FireEye CM, block outbound data exfiltration attempts, and stop inbound known attacks. The FireEye AX series threat data can also be shared via the FireEye DTI cloud to protect against new emerging attacks. With pre-configured FireEye MVX engines eliminating the need for tuning heuristics, the FireEye AX series saves administrators setup time and configuration issues. In addition, the FireEye AX series helps threat researchers analyze advanced targeted attacks without adding network and security management overhead.
|AX 5400||AX 8400|
|Form Factor||1U Rack-Mount||2U Rack-Mount|
|Weight||30 lbs (13.6 Kg)||50 lbs (22.7 Kg)|
|Dimensions (WxDxH)||17.2" x 25.6" x 1.7" (43.7 x 65.0 x 4.3 cm)||17.2" x 27.9" x 3.5"(43.7 x 70.9 x 8.9 cm)|
|Enclosure||Fits 19-Inch Rack||Fits 19-Inch Rack|
|Management Ports||(2) 10/100/1000 BASE-T Ports||(2) 10/100/1000 BASE-T Ports|
|Performance||Up to 70,000 Files Per Day||Up to 120,000 Files Per Day|
|AC Input Voltage||Auto-switching 100 ~ 240 VAC Full Range|
|AC Input Current||8.5–6.0 A||9.5–7.2 A|
|Power Supply/RAID||Dual 700W / 2 SAS HDD in HW RAID1||Dual 1400W / 2 SAS HDD in HW RAID1|
|Power Consumption (Max)||1484 BTU/hr||1586 BTU/hr|
|Frequency||50-60 Hz||50-60 Hz|
|Operating Temp||10° C to 35° C||Up to 40° C|
Note: All performance values vary depending on the system configuration and traffic profile being processed.
Download the FireEye AX Series Datasheet (PDF).
- Pricing and product availability subject to change without notice.