Transcription
data sheetNetwork ForensicsMinimize impact of network attacks with high-performancepacket capture and investigation analysisOrganizations need early detection and swift investigationof incidents to determine scope and impact, effectivelycontain threats and re-secure their network.The FireEye Network Forensics solution pairs the industry’sfastest lossless network data capture and retrieval solutionwith centralized analysis and visualization. It acceleratesthe network forensics process with a single workbenchthat simplifies investigations and reduces risk.into attacker activity by decoding protocols typically usedto laterally spread attacks in a network.This unique combination of high-performance packetcapture and in-depth analytics helps quickly recognize andmonitor every element of an attack.FireEye Network Forensics allows you to identify andresolve security incidents faster by capturing and indexingfull packets at extremely rapid speeds. With NetworkForensics, you can detect a broad array of securityincidents, improve the quality of your response andprecisely quantify the impact of each incident.As part of the FireEye Network Forensics solution,investigation analysis appliances reveal hidden threatsand accelerate incident response by adding a centralizedworkbench with an easy-to-use analytical interface.Analysts can review specific network packets and sessionsbefore, during and after an attack. Being able to reconstructand visualize the events triggering malware download orcallback enables your security team to respond effectivelyand swiftly to prevent recurrence. They can expand visibilityFigure 1. FireEye Network Forensics appliances for packetcapture and analysis.
DATA SHEET NETWORK FORENSICSPacket Capture Highlights High-Performance: Continuous, lossless packet capture with timestamping at recording speeds up to 20 Gbps High-Fidelity: Real-time indexing of all captured packets usingtime stamp and connection attributes. Export of flow indexand connection metadata in JSON format. Flow index can beconverted to NetFlow v9, IPFIX and Silk Tools data formats Fast Results: Ultrafast search and retrieval of targetconnections and packets using patented indexing architecture Rich Context: Web-based, drill-down GUI for search andinspection of packets, connections and sessions Extensive Visibility: Session decoder support to view andsearch web, email, FTP, DNS, chat, SSL connection details andfile attachments Intelligent Capture: Selective filtering of captured trafficto eliminate streaming video, large file transfers, encryptedpayloads, etc. Improved Efficiencies: Automated processes to identify datatheft, using proprietary algorithms to diagnose potentiallyanomalous network behaviorTable 1. Available Packet Capture Appliances.ModelCapture PortConfigurationManagementPortsMax RecordSpeedTotal OnboardStorageDimensionsPower Supply /Typical Operating LoadPX 1004S-64 x 1GE1 x 1GbE500 Mbps6 TB1U17.2” (437mm) x 19.7”(500mm) x1.7” (44mm)18 lbs (8.2 kg)AC, Fixed AC 100–240 V@ 50–60 Hz, IEC60320-C14inletPX 2060ESS-964 x 10GE SFP 2 x 1GbE2 Gbps96 TB,expandable SASattached storage2U17.24” (438mm) x24.41” (620mm) x3.48” (88.4mm) x57.3 lbs (26.0 kg)Redundant (1 1) 800 watt,100–240 VAC10.5–4.0A, 50–60 HzIEC60320-C14 inlet, FRUPX 2060ESS-1204 x 10GE SFP 2 x 1GbE7.5 Gbps120 TB,expandable SASattached storage2U17.24” (438mm) x24.41” (620mm) x3.48” (88.4mm) x57.3 lbs (26.0 kg)Redundant (1 1) 800 watt,100–240 VAC10.5–4.0A, 50–60 HzIEC60320-C14 inlet, FRUPX 2060EXT204 x 10GE SFP 2 x 1GE4 x 10GE SFP 20 GbpsNo onboardstorage. FiberHBA to externalSAN storage17.24 in (438 mm) x24.41 in (620 mm) x3.48 in (88.4 mm)39.1 lbs (17.7 kg)596 W (2,032 BTU/hr)PX 4000SX440n/an/an/a440 TB RawStorage shelf17.2” (437mm) x 27.5”(698mm) x7” (178mm)76 lbs (34 kg)1280W high-efficiency (1 1)redundant AC power100–240 VAC,60–50 Hz auto rangingNote: All performance values vary depending on the system configuration and traffic profile being processed.
DATA SHEET NETWORK FORENSICSTable 2. Available Next-Generation Packet Capture Appliances.ModelCapture PortConfigurationManagementPortsMax Record Speed*Total OnboardStorageDimensionsPower Supply/Typical Operating Load7600PX-HW2p*40G FPGAQSFP2p*10GT 2p*SFP10-20 Gbps192 TB RawStorage, 122 TB forPCAP Storage17.2” (437mm)x 25.5” (437mm)x 3.5” (89mm)81.2 lbs (36.8 kg)AC 1200W, TitaniumLevel, Redundancy,PMBUS 1.2, 12V/ 5Vsb,360x76x40 mm, HF,RoHS/REACHOptional 8x10Gfiber port7620PX-HW2p*40G FPGAQSFPExpandable SASattached storage2 x 1GbE14-20 GbpsNo onboardstorage. Fiber HBAto external SANstorage17.2” (437mm)x 25.5” (437mm)x 3.5” (89mm)63 lbs (28.6 kg)AC 1200W, TitaniumLevel, Redundancy,PMBUS 1.2, 12V/ 5Vsb,360x76x40 mm, HF,RoHS/REACH--704 TB RawStorage, 465 TBfor PCAP Storage17.2” (437mm)x 25.5” (437mm)x 3.5” (89mm)78 lbs (35.4 kg)AC 1200W, TitaniumLevel, Redundancy,PMBUS 1.2, 12V/ 5Vsb,360x76x40 mm, HF,RoHS/REACHOptional 8x10Gfiber port5000SX-HW-Note: All performance values vary depending on the system configuration and traffic profile being processed.*7600PX and 7620PX can support continuous packet capture rates up to 20 Gbps with no metadata analysis (with at least one storage array attached).*7600PX and 7620PX can support continuous packet capture rates up to 16 Gbps with metadata analysis (with at least one storage array attached).*7600PX and 7620PX can support continuous packet capture rates up to 14 Gbps with metadata analysis and with up to 10K Suricata rules loaded (withat least one storage array attached).*7600PX supports continuous packet capture rates up to 10 Gbps with metadata analysis (when no storage array attached).Table 3. Compliance for Available Next-Generation Packet Capture Appliances.ModelsRegulatory Compliance EMCRegulatory Compliance SafetyEnvironmental Compliance7600PX-HW7620PX-HWFCC Part 15 Class-A, CE (Class-A),CNS 13438, CISPR 32, VCCI-CISPR32,EN 55035, EN 55032, EN 61000,ICES-003, KN 32, KN 35CAN/CSA 22.2 No. 62368UL 62368IEC 62368 EN 62368BS EN 62368RoHSREACHConflict MineralsTable 4. Virtual Packet Capture Appliances (Supports Azure, ESX, KVM, and AMI).Virtual PX ApplianceSpecificationsMinimum RequirementsFireEye RecommendedRequirementsPerformance RequirementsCPU Cores4 CPU Cores8 CPU Cores16 CPU CoresMemory16 GB RAM32 GB RAM64 GB RAMNetwork InterfaceControllers (NIC)A dedicated NIC for managementA dedicated NIC for packet captureA dedicated NIC for managementA dedicated NIC for packet captureA dedicated NIC for managementA dedicated NIC for packet captureHard Drives80 GB hard drive for the Linux OS200 GB hard drive for captured data80 GB hard drive for the Linux OS200 GB hard drive for captured data80 GB hard drive for the Linux OS200 GB hard drive for captured dataApproximate Capturerates25 Mbps (with a limited number ofrules)100 Mbps (with standard devicelimitations)1000 Mbps (with standard devicelimitations)
DATA SHEET NETWORK FORENSICSFireEye investigation analysis appliances support several configurations for single node and distributed architectures tooptimize bandwidth and performance of metadata aggregation, queries and analytics.Investigation Analysis Highlights Visualization: View and share network metadata and activitythrough easy-to-create custom dashboards Fast Answers: Conduct centralized application-level keyword,regex, and wildcard queries across all alerts, captured flow andmetadata Agile Interface: Immediate pivot and download of individual orbulk PCAP data for sessions of interest Powerful Search: Accelerate search with indexed metadatafrom protocols such as HTTP, SMTP, POP3, IMAP, SSL, TLS,DNS and FTP IOC Aggregation: Consolidate FireEye Network Security, EmailSecurity and Endpoint Security product alerts along with allnetwork metadata in a single workbench with immediate “oneclick” pivot to session data from alerts Retrospective Threat Hunting: “Back-in-time” IOC threatanalysis via integration of FireEye Threat Intelligence, STIX,and OpenIOC feeds with automated IA search function.Automatically be alerted to IOCs present in network days orweeks earlier One-Click File Reconstruction: Reconstruct suspect files, webpages and emails quickly and safely for further analysisTable 5. Available Investigation Analysis Appliances.ModelTotal Onboard StorageDimensionsPower Supply / Typical Operating LoadIA 1000 DIR6 TB17.2”(437mm) x 19.7”(500mm) x 1.7”(44mm)AC, Fixed AC 100 240 V @ 50 60 Hz,IEC60320-C14 inletIA 2100-4848 TB17.2”(437mm) x 19.7”(500mm) x 1.7”(44mm)Redundant (1 1) 800 watt, 100 - 240 VAC10.5 – 4.0A, 50-60 Hz IEC60320-C14 inlet, FRUTable 6. Available Next-Generation Investigation Analysis Appliances.ModelTotal Onboard StorageDimensionsPower Supply / Typical Operating Load2600IA-HW*120 TB, 82 TB formetadata storage17.2” (437mm) x 25.5” (437mm) x 3.5” (89mm)79.4 lbs (36 kg)AC 1200W, Titanium Level, Redundancy,PMBUS 1.2, 12V/ 5Vsb, 360x76x40 mm, HF,RoHS/REACHNote: Ingestion rate is 50K events/sec*Can be can be configured as a Director Node or as a Data NodeTable 7. Compliance for Available Next-Generation Investigation Analysis Appliances.ModelRegulatory Compliance EMCRegulatory Compliance SafetyEnvironmental Compliance2600IA-HWFCC Part 15 Class-A, CE (Class-A),CNS 13438, CISPR 32, VCCI-CISPR32,EN 55035, EN 55032, EN 61000,ICES-003, KN 32, KN 35CAN/CSA 22.2 No. 62368UL 62368IEC 62368 EN 62368BS EN 62368RoHSREACHConflict Minerals
DATA SHEET NETWORK FORENSICSTable 8. Virtual Investigation Analysis Appliances (Supports Azure, ESX, KVM, and AMI).Minimum RequirementsVirtual IA DirectorVirtual IA Data NodeCPU Cores161664Memory (RAM)32 GB64 GB256 GBNetwork InterfaceControllers (NICs)112 (For multibox clustering)Hard Drives2.5 TB (IO throughput 100 MB/s)1 TB48 TB (IO throughput) 1GB/secPerformance4-5k /secNA25-30k/sec (Single box cluster)Retention7 daysNA30 DaysTo learn more about FireEye, visit: www.FireEye.comFireEyeAbout FireEye408.321.6300/877.FIREEYE (347.3393)info@FireEye.comFireEye is the intelligence-led security company.Working as a seamless, scalable extension of customersecurity operations, FireEye offers a single platform thatblends innovative security technologies and nation-stategrade threat intelligence. With this approach, FireEyeeliminates the complexity and burden of cyber securityfor organizations struggling to prepare for, prevent andrespond to cyber attacks. 2021 FireEye, Inc. All rights reserved. FireEye isa registered trademark of FireEye, Inc. All otherbrands, products, or service names are or may betrademarks or service marks of their respectiveowners. N-EXT-DS-US-EN-000026-08
Network Forensics Minimize impact of network attacks with high-performance packet capture and investigation analysis data sheet Figure 1. FireEye Network Forensics appliances for packet capture and analysis. into attacker activity by decoding protocols typically used t
