FireEye Network Forensics Platform - PX Series
Accelerate actionable intelligence and facilitate rapid incident response
Overview:
Accelerate actionable intelligence and facilitate rapid incident response
Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
The FireEye Network Forensics Platform allows you to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With the Network Forensics Platform, you can detect a broad array of security incidents, improve the quality of your response, and precisely quantify the impact of each incident.
The Network Forensics Platform provides a powerful complement to the FireEye comprehensive threat prevention capabilities. In addition to receiving precise alerts and correlated threat information, analysts can also get a fine-grained view of the specific packets and sessions before, during, and after the attack to confirm what may have triggered a malware download or callback, to respond rapidly and effectively, and to apply this information to enhancing future protective strategies.
Highlights:
- Continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps
- Real-time indexing of all captured packets using time stamp and connection attributes. Export of flow index in NetFlow v5, v9, and IPFIX formats for use with other flow analysis tools
- Ultrafast search and retrieval of target connections and packets using patentpending indexing architecture
- Web-based, drill-down GUI for search and inspection of packets, connections, and sessions
- Session decoder support for viewing and searching Web, email, FTP, DNS, chat, SSL connection details, and file attachments
- Packet payload search using regular expressions
- Industry-standard data storage and export in PCAP format, which can be stored with flexible storage options: on the appliance, SAS-attached, or SAN-attached storage
- Accelerate the investigative process by using Event Based Capture to identify suspicious sessions that should be the focus for deeper investigations.
Accelerate kill chain reconstruction and impact quantification
By allowing FireEye users to quickly locate and decode traffic and sessions before, during, and after a security event, the Network Forensics Platform provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.
Ultrafast access to historical network data is a necessity for security personnel in reducing mean time to resolution, as well as answering the key questions: how long has the breach been present, what data may have already left the network, and how many other hosts may already have been compromised?
Ultrafast packet capture, indexing, and search
The Network Forensics Platform ensures continuous, lossless packet capture with nanosecond time stamping at recording speeds up to 20 Gbps. Real-time indexing of all captured packets with nanosecond time stamps and connection attributes provides data for immediate forensics.
Industry-standard data storage and export
All packets are stored in standard PCAP format to enable flexibility to an analytics platform of choice.
Integrated workflow with Fireeye threat prevention platform
he integration with the FireEye platforms provides deeper insight into network traffic and activities through simple drill-down access to captured, indexed, and stored connection and packet information on the largest and busiest networks. By allowing FireEye users to quickly locate and decode traffic and sessions before, during, and after a security event, the Network Forensics Platform provides greater visibility into activity around the event, further enhancing visibility that can be crucial for rapid incident response investigations.
Highlight suspicious sessions
Accelerate the investigative process and correlate events that have occurred over time by creating customizable rules to flag suspicious session data, enabling a starting point for deeper investigations and to ensure longstanding retention. Investigations tied to a given event can be managed as a single case.
Benefits:
High-speed capture and querying
Pinpoint the data you need fast enough to make a difference.
- Achieve continuous, lossless packet capture at up to 20 Gbps
- Search for and retrieve packets in seconds with patent-pending indexing architecture
Easy integration with FireEye ecosystem
Work within a single system to collect and analyze system-wide data.
- Centralize alerts from multiple FireEye products into a single dashboard
- Accelerate investigations with integrated FireEye iSIGHT Intelligence and analytics modules derived from frontline Mandiant experience
Expanded visibility and knowledge
Share detailed information across multiple systems for flexible analysis.
- Get threat severity, type and context based on high-fidelity intelligence
- Use open standards for maximum flexibility (RESTful API, PCAP, Netflow v9, IPFIX)
Features:
Fast, detailed investigations for informed threat response
Capture lossless data timestamped in nanoseconds at up to 20Gbps.
View data from multiple FireEye solutions on a single screen.
Store PCAPs on the appliance, SAS-attached or SAN-attached storage.
Build custom dashboards and take advantage of PCAP files for case management.
Search and inspect massive amounts of packet, connection and decoded session data in seconds.
Reconstruct web pages, emails and suspect files with a single click for rapid analysis.
Technical Specifications:
| Capture Port Configuration | Management Ports | Max Record Speed | Total Onboard Storage | Dimensions | Power Supply / Typical Operating Load | |
|---|---|---|---|---|---|---|
| PX 004S | 4 x 1 Gbps SFP | 2 x 10/100/1000 BASE-T | 500Mbps | 2TB | 1.7” x 16.8” x 14” (4.3 x 42.67 x 35.56 cm) 11 lbs (5 kg) | 200W Low Noise AC power 100- 240V, 60-50 Hz auto-ranging |
| PX 1004ESS-16 | 4 x 1 Gbps, 10/100/1000 BaseT, SFP | 2 x 10/100/1000 BASE-T | 1.5 Gbps | 16 TB, expandable SAS attached storage | 1U Rack-Mount 1.7” x 17.2” x 25.6” (4.3 x 43.7 x 65.0 cm) 46 lbs (20.9 Kg) |
650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical |
| PX 1020ESS-16 | 2 x 10 Gbps, SFP+ | 2 x 10/100/1000/10G BASE-T | 1.5 Gbps | 16 TB, expandable SAS attached storage | 1U Rack-Mount 1.7” x 17.2” x 25.6” (4.3 x 43.7 x 65.0 cm) 46 lbs (20.9 Kg) |
650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical |
| PX 2004ESS-48 | 4 x 1 Gbps, 10/100/1000BaseT, SFP | 2 x 10/100/1000/ 10G BASE-T | 4 Gbps | 48 TB, expandable SAS attached storage | 2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg) |
1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging |
| PX 2020ESS-48 | 2 x 10 Gbps, SFP+ | 2 x 10/100/1000/ 10G BASE-T | 5 Gbps, upgradeable to 20 Gbps | 48 TB, expandable SAS attached storage | 2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg) |
1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging |
| PX 2040ESS-48 | 4 x 1/10Gbps SFP/SFP+ | 2 x 10/100/1000/ 10G BASE-T | 5 Gbps, upgradeable to 20 Gbps | 48 TB, expandable SAS attached storage | 2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg) |
1280W high efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging |
| PX 1004EXT-4G | 4 x 1 Gbps, 10/100/1000BaseT, SFP | 2 x 10/100/1000 BASE-T 2 x 10/100/1000/10G BASE-T | 4 Gbps | No onboard storage. Fiber HBA to external SAN storage | 1U Rack-Mount 1.7” x 17.2” x 25.6” (4.3 x 43.7 x 65.0 cm) 46 lbs (20.9 Kg) |
650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical |
| PX 1040EXT-20G | 4 x 1 Gbps | 2 x 10/100/1000 BASE-T 2 x 10/100/1000/10G BASE-T | 20 Gbps | No onboard storage. Fiber HBA to external SAN storage | 1U Rack-Mount 1.7” x 17.2” x 25.6” (4.3 x 43.7 x 65.0 cm) 46 lbs (20.9 Kg) |
650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical |
| PX 2000SX-24 | N/A | N/A | N/A | 24 TB storage shelf expansion for ESS models | 2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg) |
650W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto-ranging 230-280W typical |
| PX 2000SX-48 | N/A | N/A | N/A | 48 TB storage shelf expansion for ESS models | 2U Rack-Mount 3.5” x 17.2” x 25.5” (8.9 x 43.7 x 64.8 cm) 52 lbs (23.6 Kg) |
500W high-efficiency (1+1) redundant AC power 100- 240 VAC, 60-50 Hz auto ranging |
| PX 4000SX-264 | N/A | N/A | N/A | 264 TB storage shelf expansion for ESS models | 4U Rack-Mount 7” x 17.2” x 27.5” (17.8 x 43.7 x 64.8 cm) 75 lbs (34 Kg) |
1280W high-efficiency (1+1) redundant AC power 100-240 VAC, 60-50 Hz auto ranging |
Documentation:
Download the FireEye Network Forensics Platform - PX Series Datasheet (PDF).