FireEye EX Series
Threat Prevention Platforms that Combat Advanced Email-based Cyber Attacks
EX 5400 and EX 8420 (not pictured EX 3400, EX 8400)
The FireEye EX series is a group of threat prevention platforms that protects against spear- phishing email attacks that bypass anti-spam and reputation-based technologies. Spear- phishing attacks have soared in popularity with the availability of user-specific information on social networks and other Internet resources. With all of the personal information available online, a criminal can socially engineer almost any user into clicking a URL, or opening an attachment with a zero-day exploit, and the cybercriminal quickly gets control of a privileged system and user accounts.
To quarantine the spear-phishing emails used in advanced targeted attacks, the EX analyzes every attachment using a signature-less, Multi-Vector Virtual Execution (MVX) engine that can safely and accurately identify zero-day attacks. It goes beyond signature and reputation-based systems by detonating each attachment against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. Administrators can quarantine emails with malicious content for further analysis or deletion.
Because advanced attacks often use spear phishing as the opening salvo of a multi-vector attack strategy, the EX is often deployed along with the NX and the CM. In this manner, organizations not only get real-time protection against malicious URLs, but also the ability to connect the dots of a blended attack. For instance, identifying other targeted individuals who were sent spear-phishing emails containing the same malicious URLs is the type of actionable intelligence necessary to protect organizations against advanced targeted attacks.
- Installs in under 60 minutes – Deploys as an MTA, SPAN device, or BCC destination, in-line (block/monitor-mode) or out-of-band (monitor-only)
- Real-time quarantine of zero-day email attacks – Using the FireEye MVX engine, identifies and blocks advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
- Integrates with the NX to stop blended attacks – Quarantines emails with malicious URLs and traces Web-based attacks back to the original spear-phishing email
- Enhances existing email control infrastructure – Layers dynamic malware and attachment analysis behind the static signature-based detections of anti-spam and anti-virus gateways
- Dynamically generates threat intelligence – Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the DTI cloud
- Supports YARA-based rules – Enables information security analysts to specify byte-level rules and quickly analyze email objects for threats specific to the organization
- Supports AV-Suite integration – Malicious objects identified by anti-virus software can be linked to the deeper forensic information provided by the EX for more efficient incident response prioritization
Features and Benefits:
Real-time quarantine of malicious emails
To block spear-phishing emails, the FireEye EX series analyzes every attachment using the purpose-built FireEye Multi-Vector Virtual Execution™ (MVX) engine that accurately identifies today’s advanced attacks. The FireEye MVX engine detonates email attachments against a cross-matrix of operating systems and applications, including multiple Web browsers and plug-ins like Adobe Reader and Flash. If an attack is confirmed, the EX platform quarantines the malicious emails for further analysis or deletion.
Fights blended attacks across Web and email threat vectors
Advanced attacks use spear phishing as the opening salvo of a multivector attack strategy. In order to reveal the entire attack life cycle, the EX series is often deployed along with the FIreEye NX and CM series to correlate malicious URLs with the originating emails and the intended targets. The CM then locally distributes new malware intelligence to the entire FireEye deployment in real time.
Dynamic analysis of zero-day email attacks
The EX series uses the signature-less FireEye MVX engine which stops advanced attacks exploiting unknown OS, browser, and application vulnerabilities as well as malicious code embedded in common file and multimedia content. The FireEye MVX engine reports forensic details of the threat, such as the vulnerability exploited in a buffer overflow and callback coordinates used to exfiltrate data.
Threat intelligence sharing across the enterprise
The resulting dynamically generated, real-time threat intelligence can help all FireEye products protect the local network through integration with the FireEye CM platform. This intelligence can be shared globally through the FireEye Dynamic Threat Intelligence™ (DTI) cloud to notify all subscribers of emerging threats.
YARA-based rules enables customization
The EX series supports importing custom YARA rules to enable security analysts to specify rules to analyze email attachments for threats specific to the organization.
Streamlined email threat management
With the FireEye AV-Suite, each malicious object is analyzed to determine if anti-virus vendors were able to detect the malware stopped by the FireEye EX platform. This enables customers to gain deeper forensic information about the attack and standardize naming terminology for more efficient incident response prioritization.
The FireEye EX series requires no tuning and can be setup as an MTA, SPAN device, or transparent BCC destination. FireEye supports remote third-party AAA network service access in addition to local authentication.
|EX 3400||EX 5400||EX 8400||EX 8420|
|Form Factor||1U Rack-Mount||1U Rack-Mount||2U Rack-Mount||1U Rack-Mount|
|Weight||17 lbs (7.7Kg)||22 lbs (9.9Kg)||22 lbs (9.9 Kg)||30 lbs (13.6 Kg)|
|17.2" x 25.6" x 1.7" (43.7 x 65.0 x 4.3 cm)||17.2" x 25.6" x 1.7" (43.7 x 65.0 x 4.3 cm)||17.2" x 27.9" x 3.5"(43.7 x 70.9 x 8.9 cm)||17.2" x 27.9" x 3.5"(43.7 x 70.9 x 8.9 cm)|
|Enclosure||Fits 19-Inch Rack||Fits 19-Inch Rack||Fits 19-Inch Rack||Fits 19-Inch Rack|
|Management Ports||(2) 10/100/1000 BASE-T Ports||(2) 10/100/1000 BASE-T Ports||(2) 10/100/1000 BASE-T Ports||(2) 10/100/1000 BASE-T Ports|
|Monitoring Ports||(2) 10/100/1000 BASE-T Ports||(2) 10/100/1000 BASE-T Ports||(2) 10/100/1000 BASE-T Ports||(2) 1000 BASE-SX Fiber Optic Ports (LC Multimode)|
|Performance||Up to 150,000 Emails Per Day||Up to 300,000 Emails Per Day||Up to 750,000 Emails Per Day||Up to 750,000 Emails Per Day|
|Performance with TLS||Up to 100,000 Emails Per Day||Up to 200,000 Emails Per Day||Up to 500,000 Emails Per Day||Up to 500,000 Emails Per Day|
|AC Input Voltage||Auto-switching, 100 ~ 240 VAC, Full Range|
|AC Input Current||8.5–6.0 A||8.5–6.0 A||9.5–7.2 A||9.5–7.2 A|
|Power Supply/RAID||Dual 700W / 2 SAS HDD in HW RAID1||Dual 700W / 2 SAS HDD in HW RAID1||Dual 1400W / 2 SAS HDD in HW RAID1||Dual 1400W / 2 SAS HDD in HW RAID1|
|Power Consumption (Max)||887 BTU/hr||1501 BTU/hr||1603 BTU/hr||1603 BTU/hr|
|Frequency||50-60 Hz||50-60 Hz||50-60 Hz||50-60 Hz|
|Operating Temp||10° C to 35° C||10° C to 35° C||10° C to 35° C||10° C to 35° C|
Note: All performance values vary depending on the system configuration and traffic profile being processed.
Download the FireEye EX Series Datasheet (PDF).
- Pricing and product availability subject to change without notice.