Detect suspicious lateral movements within an enterprise network
FireEye SmartVision Edition is a network traffic analysis (NTA) solution that detects suspicious lateral traffic within an enterprise network. Unlike other network security solutions that sit at the perimeter to thwart malicious incoming attacks, FireEye SmartVision Edition can be deployed throughout the network — at the core, across network segments and in front of key server assets — to detect malicious internal traffic.
With FireEye SmartVision Edition, security analysts and administrators gain new insight and visibility of suspicious lateral traffic that firewalls and other security gateways miss. By using easy to deploy, lightweight sensors working in conjunction with FireEye’s industry - leading Cloud MVX technology, customers can scale SmartVision Edition visibility across the entire network – from the data center to remote branch office locations.
At the heart of SmartVision Edition is advanced threat detection software, which includes an advanced correlation and analytics engine and a machine learning module to detect attempted data exfiltration, bolstered by 120+ intrusion detection rules that identify weak indicators of compromise.
- Detects formerly undetectable suspicious lateral traffic
- Decreases time to detect postbreach activities
- Provides flexibility to scale throughout the entire network
- Enables visibility into network segmentation initiatives
- Improves network forensics and incident response
- Reduces attacker dwell time
Components of Smartvision Edition
Three components are required to enable SmartVision Edition:
- A minimum of one or more SmartVision Sensors (hardware or virtual)
- Connection to a FireEye MVX engine (either onpremise, Smart Grid or via Cloud MVX*)
- FireEye OS release 8.1.2 or greater with SmartVision activated
Features and Benefits:
|Detects suspicious lateral network traffic||Combines advanced correlation and analytics engine with a machine learning module and 120+ unique rules to detect stealthy lateral (east-west) traffic|
|Detonates objects over SMB/SMB2 protocols||Uses FireEye MVX technology to detonate malware and ransomware such as WannaCry, as well as other suspicious files and objects moving internally via the SMB protocol|
|Visualizes alerts to quickly triage events||Provides 10 minutes (+/- 5 minutes) of L4 and L7 alert context to quickly investigate attacker activity and conduct forensics analysis|
|Supports extensive metadata protocols||Generates metadata for comprehensive analysis, including the following protocols: FTP, HTTP, IMAC, IRC, POP3, RDP, RTSP, SMB, SMB 2, SMTP, SSH, TLS|
|Complements existing FireEye Network Security deployments||FireEye customers with 4th and 5th generation Network Security appliances can easily integrate SmartVision Edition into their existing infrastructure, further increasing their return on investment|
|Integrates with FireEye Helix||Provides additional threat intelligence context and integrated alert triage for collaboration across teams|
FireEye SmartVision Edition identifies unique threat actions across the lateral attack cycle, further reducing post-breach dwell time and risk of loss.
|Sensor Mode Performance*||Up to 250 Mbps||Up to 5 Gbps|
|Integrated or Hybrid Mode Performance*||Up to 100 Mbps||Up to 2.5 Gbps|
|Network monitoring ports||4x 10/100/1000 BASE-T Ports||8x 10GigE SFP+ 4x 1Gig E Bypass|
|Management ports||2x 10/100/1000 Base-T Ports (in front panel)||2x 10/100/1000 Base-T Ports|
|Storage capacity||Single 1TB 3.5 inch, SATA HDD, internal, fixed||2 x 4TB HDD, 3.5”, SAS3, 7.2krpm, FRU, RAID1|
|Enclosure||1RU, Fits 19 inch Rack||2RU, Fits 19 inch Rack|
|Chassis dimension (WxDxH)||17.2in(437mm) x 19.7in(500mm) x 1.7in(43.2 mm)||17.24in (438mm) x 24.41in (620mm) x 3.48in (88.4mm)|
|AC power supply||Single 250 watt, 90-264 VAC, 3.5 - 1.5 A, 50-60 Hz, IEC60320-C14, inlet, Internal, Fixed||Redundant (1+1) 800 watt, 100 - 240 VAC 10.5 – 4.0A, 50-60 Hz IEC60320-C14 inlet, FRU|
|Power consumption maximum||85 watts||658 watts|
|Weight of appliance alone/as shipped in lbs (kg)||16.2 lbs (7.3kg)
28.2 lbs (2.95kg)
|42.7 lbs (19.2kg)
63.8 lbs (29.0kg)
|Operating temperature||0°~40°C (32°~104°F)||0~35°C (32~95°F)|
|Non-operating temperature||-20~80°C (-4~176°F)||-40~70°C (-40~158°F)|
|Supported metadata protocols||FTP, HTTP, IMAC, IRC, POP3, RDP, RTSP, SMB, SMB 2, SMTP, SSH, TLS||FTP, HTTP, IMAC, IRC, POP3, RDP, RTSP, SMB, SMB 2, SMTP, SSH, TLS|
* Performance numbers will vary based on individual network conditions.
Download the FireEye SmartVision Edition Datasheet (PDF).
- Pricing and product availability subject to change without notice.