Join Our Email List
Email:



Security Blogs









 



FireEye Malware Analysis System

The FireEye Malware Analysis System (MAS) gives threat analysts hands-on control over powerful auto-configured test environments where they can safely execute and inspect advanced malware, zero-day, and targeted APT attacks embedded in common file formats, email attachments, and Web objects. With advanced instrumentation, the FireEye Virtual Execution (VX) environments provide forensic details on the exploit, such as the vulnerability exploited to create a buffer overflow condition, attempts to escalate privileges within Windows, and the callback coordinates used to exfiltrate data.

When threat analysts need a secure environment to test, replay, characterize, and document advanced malicious activities, they can simply load a suspicious file or set of files into the FireEye MAS' VX engine. As it analyzes files such as suspicous email attachments, PDF documents, or Web objects via a URL, the MAS reports a full 360-degree view of the attack, from the initial exploit and malware execution path to the callback destinations and follow-on binary download attempts.
  • Provides pre-configured sandbox or live-mode analysis for unknown code and suspicious Web objects - Supports single and batch testing with a range of browsers, plug-ins, applications and Windows operating environments, looking for any sign of unusual activity and any attempt to exploit a vulnerability
  • Automated or batched analysis of zero-day attacks - Using the VX engine, it detects and stops advanced targeted attacks using malicious images, PDFs, Flash, or ZIP/RAR/TNEF archives
  • Identifies outbound malware transmissions across multiple protocols - Shows how malicious code plans to steal data, control bot activities or communicate multistage operations using HTTP, FTP, or IRC, revealing the intent of the malicious software
  • Dynamically generates malware intelligence - Captures details such as callback coordinates and communication characteristics to protect locally and share globally through the cloud
  • Integrates with Web, Email, and File MPS via CMS - All new malicious content uncovered using the MAS can be pushed to the Web, Email, and File MPS for real-time protection against emerging attacks
  • Streamlines analysis - Lets analysts drill into samples to confirm attacks and understand the intent and targets of the criminals, without the overhead of creating and maintaining test configurations
  • Supports YARA-based rules - Enables information security analysts to specify byte-level rules and quickly analyze objects for threats specific to the organization
  • Supports third party anti-virus and AV-Suite integration - Malicious objects that anti-virus can also identify can be linked to the deeper forensic information provided in the MAS for more efficient incident response prioritization







Products & Solutions


FireEye Overview

Web Security

Email Security

File Security

Malware Analysis




Documentation


FireEye Brochure

Web Security

Email Security

File Security

Malware Analysis


© 2014 Secure Content Technologies. All rights reserved.