Transcription
FIREEYE NETWORKSECURITYNETWORK SECURITY THAT COMBATS WEB-BASED CYBER ATTACKSHIGHLIGHTS Detects advanced and zero-day attacks witha patented, signature-less MVX engine Prevents future attacks by applyingmachine learning, and retrospective andweak-signal analysis Identifies common and known attacks withtraditional, signature-based IPS technology Fights blended attacks across web and emailthreat vectors Facilitates quick containment of advancedNX 2400, NX 4420, NX 7420, NX 10000 (not pictured: NX 1400, NX 4400, NX 7400, NX 10550)threats with actionable, contextual intelligence Improves operational effectiveness with a low,false-positive rate and alert categorization Configures for high availability andOV E R V I E Wautomatic failover ensuring continuousthreat prevention and detectionThe FireEye Network Security identifies and blocks zero-day exploits,droppers (binaries), and multi-protocol callbacks to help organizationsscale their advanced threat defenses across a range of deployments,from the multi-gigabit headquarters down to remote, branch and homeoffices. FireEye Network Security with FireEye Intrusion PreventionSystem (IPS) technology further optimizes spend, substantially reducesfalse positives and enables compliance while driving security acrossknown and unknown threats.Cyber criminals use the Web as a primary threat vector to deliver zeroday exploits and malicious URLs contained in email and to exfiltratedata. Network Security is designed to stop drive-by downloads andblended Web and email attacks. In addition, Network Security offers adefense against infections that take place outside the network.DATA S H E E T Protects entire organization by supportingmixed environments with Windows andOS X users Disrupts attacks in real time with in-lineblocking at up to 4 Gbps throughput for upto 40,000 users Simplifies management with low-touchdeployment and a high degree of automation
Real-time threat prevention blocksWeb-based attacksNetwork Security can be deployedin-line at Internet egress points toblock Web exploits and outboundmulti-protocol callbacks. Utilizing theFireEye Multi-vector Virtual Execution (MVX) engine, Network Securityconfirms zero-day attacks, createsreal-time threat intelligence, andcaptures dynamic callback destinations.In monitor mode, it signals incidentresponse mechanisms. In out-ofband prevention mode, NetworkSecurity issues TCP resets for out-ofband blocking of TCP, UDP or HTTPconnections.callback channels, dynamically createsblocking rules and transmits thisinformation back to Network Security.YARA-based rules enablecustomizationWith support for custom YARA rules,security analysts can specify which Webobjects should be analyzed for threats.Streamlined incident prioritizationWith the FireEye Antivirus-Suite,each malicious object can be furtheranalyzed to determine whetherantivirus-generated alerts are reliable.This enables customers to moreefficiently prioritize incident response.Fights blended attacks across Weband email threat vectorsThe FireEye Platform protects againstblended, advanced attacks that useWeb, spear-phishing emails and zeroday exploits. With FireEye NetworkSecurity, Email Security and CentralManagement, customers get real-timeprotection against malicious URLs andthe ability to connect the dots of ablended attack.To maintain strong security and keeporganizations running smoothlywithout interruption or lag, NetworkSecurity supports integration with theFireEye Active Fail Open (AFO) switchto ensure no link downtime. It alsodrives continued availability for in-linehardware deployments in the face ofpower or link failures. In addition, highavailability provides redundancy andan automatic failover for deploymentsin either in-line active or monitoring(passive) mode. This ensures thecontinuity of threat prevention anddetection if a hardware or softwarefailure occurs.IPS supportDynamic threat intelligence sharingThe resulting dynamically generated,real-time threat intelligence producedby Network Security helps all FireEyeproducts protect the local network.This intelligence includes callbackcoordinates and communicationcharacteristics which can be sharedglobally through the FireEye DynamicThreat Intelligence cloud to notify allsubscribers of new threats.Protects against unknown, zero-dayattacksNetwork Security uses the signatureless MVX engine which executessuspicious binaries and Web objectsagainst a range of browsers, plugins, applications and operatingenvironments that track vulnerabilityexploitation, memory corruption andother malicious actions. As the attackplays out, the MVX engine capturesComprehensive and real-timeprotectionNo rules tuning and near-zero falsepositivesNetwork Security with IPS consolidatesadvanced threat prevention withtraditional security to optimizespend. It automates alert validation,leveraging the power of MVX toreduce false alerts and illuminatesattacks hidden within the noise todrive down operational expenditureand reduce the business exposure ofmissed incidents. Network Securitycomplements the signature-lesssecurity provided by MVX with thesignature based security of thetraditional IPS technology to augmentsecurity and enable compliance.Network Security is an easy-tomanage, clientless platform thatdeploys in under 60 minutes andrequires absolutely no tuning. It offersflexible deployment modes includingout-of-band via a TAP/SPAN, in-linemonitoring or in-line active blocking.DATA S H E E T / F I R E E Y E N E T W O R K S E C U R I T Y2
T E C H N I C A L S P E C I F I C AT I O N SNX 900NX 1400NX 2400NX 4400/4420NX 7400/7420NX 7500NX 9450NX 10000NX 10450NX10550User Count501005001,000 or 2,50010,00010,00020,00040,00040,00040,000OS dowsWindowsWindowsWindowsWindowsWindowsMac OS XWindowsWindowsWindowsWindowsMac OS XPerformance *Up to 10 MbpsUp to 20 MbpsUp to 50 Mbps100 Mbps or 250MbpsUp to 1 GbpsUp to 1 GbpsUp to 2 GbpsUp to 4 GbpsUp to 4 GbpsUp to 4GbpsNetworkMonitoring Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports4x 10/100/1000BASE- T Ports4400: 4x 10/100/1000 BASE- TPorts4420: 4x 1000BASE-SX FiberOptic Ports (LCMultimode)7400: 4x 10/100/1000 BASE- TPorts7420: 4x 1000BASE-SX FiberOptic Ports (LCMultimode)4x 10/100/1000BASE- T Ports4x SFP ,4xSFP ports,1000baseSX(LC MMF),1000baseLX (LC,SMF), 1000baseT(RJ45, UTP5)2x 10GBASE SR/SW 850nmFixed interfaces:10GbaseSX(LC MMF)8 x SFP (4 x1000base and4 x 10Gbase),1000baseSX/10GbaseSR(LC, MMF),1000baseLX/10GbaseLR (LCSMF), 1000baseT(RJ45, UTP5),10GbaseCu (5mdirect-attachedcable)8 x SFP (4 x1000base and 4 x10Gbase),1000baseSX/10GbaseSR(LC, MMF),1000baseLX/10GbaseLR (LC,SMF), 1000baseT(RJ45, UTP5),10GbaseCu (5mdirect-attachedcable)High Availability(HA)Not AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableActive-Passive HANot AvailableActive-Passive HAActive-Passive HANetworkPorts Mode ofOperationIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HW BypassIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HW BypassIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HW BypassIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HW BypassIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HW BypassIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HWIn-line Monitor, orTap/SpanIn-line Monitor,Fail-Open, FailClose, or Tap/Span, HW BypassIn-line Monitor, orTap/SpanIn-line Monitor orTap/SpanHigh Availability(HA) Ports (rearpanel)Not AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot Available2x 100/1000/10GBase-T PortsNot Available2x 100/1000/10GBase-T Ports2x 100/1000/10GBase-T PortsManagementPorts (rear panel)2x 10/100/1000BASE-T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000BASE- T Ports2x 10/100/1000Base-T PortsIPMI Port dIncludedIncludedIncludedIncludedIncludedFront LCD &KeypadNot ncludedIncludedIncludedIncludedPS/2 Keyboard andMouse, DB15 VGAPorts (rear uded (no PS/2Keyboard andMouse)IncludedIncludedIncludedIncluded(no PS/2Keyboard andMouse)USB Ports (rearpanel)2x Type A USBPorts2x Type A USBPorts2x Type A USBPorts2x Type A USBPorts2x Type A USBPorts4x Type A USBPorts2x Type A USBPorts2x Type A USBPorts2x Type A USBPorts2x Type A USBPortsSerial Port (rearpanel)115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 Bits, 1Stop Bit115,200 bps, NoParity, 8 bits, 1Stop BitDrive CapacitySingle 500 GBHDD, Internal,fixedSingle 500 GBHDD, Internal,fixedSingle 500 GBHDD, Internal,fixed2x 600 GB HDD,RAID 1, 2.5 inch,FRU2x 600 GB HDD,RAID 1, 2.5 inch,FRU4x 900 GB HDD,RAID 10, 2.5 inch,FRU4x 900 GB HDD,RAID 10, 2.5 inch,FRU2x 800 GB SSD,RAID 1, 2.5 inch,FRU4x 800 GB SSD,RAID 10, 2.5 inch,FRU4 x 960GB SSD,RAID 10, 2.5 inch,FRUDATA S H E E T / F I R E E Y E N E T W O R K S E C U R I T Y3
T E C H N I C A L S P E C I F I C AT I O N SNX 900NX 1400NX 2400NX 4400/4420NX 7400/7420NX 7500NX 9450NX 10000NX 10450NX10550Enclosure1RU, Fits 19 inchRack1RU, Fits 19 inchRack1RU, Fits 19 inchRack1RU, Fits 19 inchRack2RU, Fits 19 inchRack2RU, Fits 19 inchRack2RU, Fits 19 inchRack2RU, Fits 19 inchRack2RU, Fits 19 inchRack2RU, Fits 19 inchRackChassis DimensionWxDxH16.8" x 14" x 1.7"(427 x 356 x 43mm)17.2" x 24.1" x1.70" (437 x 612 x43.2mm)17.2" x 24.1" x 1.70"(437 x 612 x 43.2mm)17.2" x 27.8" x1.70" (437 x 706 x43.2 mm)17.2" x 28.0" x3.41" (437 x 711 x86.5 mm)17.2" x 28" x3.41" (437 x 711 x86.6mm)17.2” x 27.9” x 3.5”(437 x 709 x 89mm)17.2” x 27.9” x 3.5”(437 x 709 x 89mm)17.2” x 27.9” x 3.5”(437 x 709 x 89mm)17.2”x33.5”x3.5”(437 x 851 x 89mm)DC Power SupplyNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableNot AvailableAC Power SupplyNon-redundant,non-FRU, internal200 watt, 100 - 240VAC3 – 1.5A, 50-60 HzEC60320-C14 InletNon-redundant,non-FRU, internal500 watt, 100 240 VAC 5 –2.5A, 50-60 HzIEC60320-C14inletNon-redundant,non-FRU, internal500 watt, 100 240 VAC 5 –2.5A, 50-60 HzIEC60320-C14inletRedundant (1 1)750 watt, 100- 240 VAC 9 –4.5A, 50-60 HzIEC60320-C14inlet, FRURedundant (1 1)750 watt,100 - 240 VAC9 – 4.5A, 50-60Hz IEC60320-C14inlet, FRURedundant (1 1)750 watt,100 - 240 VAC9 – 4.5A, 50-60Hz IEC60320-C14inlet, FRURedundant (1 1)1200 watt, 100-140VAC, 14.7 - 10.5 A1400 watt, 180-240VAC, 9.5 - 7.2 A,50-60 Hz, FRUIEC60320-C14inlet, FRURedundant(1 1) 1200 watt,100-140 VAC,14.7 - 10.5 A 1400watt, 180-240VAC, 9.5 - 7.2 A,50-60 Hz, FRUIEC60320-C14inlet, FRURedundant(1 1) 1200 watt,100-140 VAC,14.7 - 10.5 A 1400watt, 180-240VAC, 9.5 - 7.2 A,50-60 Hz, FRUIEC60320-C14inlet, FRURedundant (1 1)800W: 100-127V,9.8A-7A 1000W:220-240V, 7-5A,50-60Hz, FRUIEC60320-C14inlet, FRUPowerConsumptionMaximum (watts)136 watts208 watts210 watts305 watts501 watts479 watts550 watts962 watts850 watts760 wattsThermalDissipationMaximum (BTU/h)464 BTU/h710 BTU/h717 BTU/h1041 BTU/h1709 BTU/h1634 BTU/h1881 BTU/h3282 BTU/h2908 BTU/h2594 BTU/hMTBF (h)94,700 h67,500 h55,200 h37,000 h58,900 h58,900 h52,469 h50,200 h40,275 h36,101 hAppliance Alone/ As ShippedWeight lb. (kg)11 lb. (5 kg) / 20 lb.(9 kg)24 lb. (11 kg) / 39lb. (18 kg)24 lb. (11 kg) / 39lb. (18 kg)31 lb. (14 kg) / 46lb. (21 kg)42 lb. (19 kg) /58 lb. (26 kg)43 lb. (19.5 kg) /59 lb. (27kg)51 lb. (23 kg) /66 lb. (30 kg)51 lb. (23 kg) / 66lb. (30 kg)51 lb. (23 kg) /66 lb. (30 kg)46 lb (21 kg) /90 lb (40.2 kg)RegulatoryComplianceSafetyIEC 60950 EN60950 CSA60950-00 CEMarkingIEC 60950 EN60950 CSA60950-00 CEMarkingIEC 60950 EN60950 CSA60950-00 CEMarkingIEC 60950 EN60950 CSA60950-00 CEMarkingIEC 60950 EN60950 CSA60950-00 CEMarkingIEC 60950 EN60950 CSA60950-00 CEMarkingIEC 60950-1 EN60950-1 CSA60950-1 CEMarkingIEC 60950-1 EN60950-1 CSA60950-1 CEMarkingIEC 60950-1EN 60950-1CSA 60950-1CE MarkingUL 60950-1, CAN/CSA C22.2 No.60950-1-07, IEC60950- 1:2005 A1:2009 A2:2013,AS/NSZ 60950.12011RegulatoryCompliance EMCFCC (Part 15Class-A),CE (Class-A),CNS, AS/NZS,VCCI(Class A)FCC (Part 15Class-A), CE(Class-A),CNS, AS/NZS,VCCI(Class A)FCC (Part 15Class-A), CE(Class-A), CNS,AS/NZS, VCCI(Class A)FCC (Part 15Class-A),CE (Class-A), CNS,AS/NZS, VCCI(Class A)FCC (Part 15Class-A), CE(Class-A), CNS,AS/NZS, VCCI(Class A)FCC (Part 15Class-A),CE (Class-A), CNS,AS/NZS, VCCI(Class A)FCC (Part 15Class-A), CE(Class-A),CNS, AS/NZS,VCCI(Class A)FCC (Part 15Class-A), CE(Class-A),CNS, AS/NZS,VCCI(Class A)FCC (Part 15Class-A),CE (Class-A), CNS,AS/NZS,VCCI(Class A)FCC Part 15SubPart B ClassA, ICES-003 ClassA, EN55022 ClassA, VCCI V-3 ClassA,EN 55024, EN61000-3-2 ClassA, EN 61000-3-3,CNS 13438 (2006)Class A, CISPR22Class A, AS/NZSCISPR 22 Class ADATA S H E E T / F I R E E Y E N E T W O R K S E C U R I T Y4
T E C H N I C A L S P E C I F I C AT I O N SSecurityCertificationsNX 900NX 1400NX 2400NX 4400/4420NX 7400/7420NX 7500NX 9450NX 10000NX 10450NX10550CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1CC NDPP v1.1UL 60950-1,CAN/CSA C22.2No. 60950-1-07,IEC60609501:2005 A1:2009 A2:2013, AS/NSZ60950.1-2011EnvironmentalComplianceRoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEERoHS, REACH,WEEEOperatingTemperature10 C to 35 CTested from0 C to 40 C foradditional margin10 C to 35 CTested from0 C to 40 C foradditional margin10 C to 35 CTested from0 C to 40 C foradditional margin10 C to 35 CTested from0 C to 40 C foradditional margin10 C to 35 CTested from0 C to 40 C foradditional margin10 C to 35 CTested from0 C to 40 C foradditional margin10 C to 35 CTested from 0 Cto 40 Cfor additionalmargin10 C to 35 CTested from 0 Cto 40 Cfor additionalmargin10 C to 35 CTested from 0 Cto 40 Cfor additionalmargin10 C to 35 CTested from 0 Cto 40 Cfor additionalmarginNon-OperatingTemperature-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 C-40 C to 70 COperatingRelative Humidity8% - 90% (noncondensing)8% - 90% (noncondensing)8% - 90% (noncondensing)8% - 90% (noncondensing)8% - 90% (noncondensing)8% - 90% (noncondensing)10% - 85% (noncondensing)10% - 85% (noncondensing)10% - 85%(non-condensing)10% - 85% (noncondensing)Non-OperatingRelative Humidity5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)5% - 95% (noncondensing)OperatingAltitude5,000 ft5,000 ft5,000 ft5,000 ft5,000 ft5,000 ft5,000 ft5,000 ft5,000 ft5,000 ftNote: All performance values vary depending on the system configuration and traffic profile being processed.DATA S H E E T / F I R E E Y E N E T W O R K S E C U R I T Y5
I P S T E C H N I C A L S P E C I F I C AT I O N SNX4400/4420NX7400/7420NX 7500NX 9450NX 10000NX 10450NX 1055050 Mbps100 Mbps or250 Mbps1 Gbps1 Gbps2 Gbps4 Gbps4 Gbps4 20K/Sec120K/Sec360K/SecNX 900NX 1400NX 2400IPSPerformance10 Mbps20 MbpsConcurrentConnections4KNewConnectionsPer SecondPackets PerSecondAC T I V E FA I L O P E N S W I T C H T E C H N I C A L S P E C I F I C AT I O N SAFO 1G SWITCHAFO 10G SWITCHDimensions (WxDxH)8.75” x 11.0” x 1.35” (22.2 x 27.9 x 3.4 cm)6.5” x 14.0” x 1.125” (16.5 x 35.6 x 2.8 cm)Management Ports(1) DB9 Serial Console, (1) RJ45 Cat5e Port (10/100)(1) DB9 Serial Console, (1) RJ45 Cat5e Port (10/100)Network Ports(2) RJ45 Cat5e Ports (10/100/1000)(1) Quad LC ConnectorMonitoring Ports(2) RJ45 Cat5e Ports (10/100/1000)(2) XFP PortsAC Power Input100 240 VAC, 0.5 A, 47-63 Hz100 240 VAC, 1.0 A, 47-63 HzOperating Temp0 C to 40 C0 C to 40 CNote: All performance values vary depending on the system configuration and traffic profile being processed.For more information on FireEye, visit:www.FireEye.comFireEye, Inc.1440 McCarthy Blvd. Milpitas, CA 95035408.321.6300 / 877.FIREEYE (347.3393) / info@FireEye.comwww.FireEye.com 2016 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc.All other brands, products, or service names are or may be trademarksor service marks of their respective owners. DS.NTPP.EN-US.042016
FIREEYE NETWORK SECURITY NETWORK SECURITY THAT COMBATS WEB-BASED CYBER ATTACKS HIGHLIGHTS Detects advanced and zero-day attacks with . NX 2400, NX 4420, NX 7420, NX 10000 (not pictured: NX 1400, NX 4400, NX 7400, NX 10550) DATA SHEE FIREEYE NETWOR SECURITY 2 Real-time threat prevention blocks
