BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Editor's Note: This FireEye AX series product overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products and compares the leading network security vendors in the market.
FireEye is considered one of the best malware sandboxes on the market today. The tool performs deep packet analysis through a full attack lifecycle and reports on any atypical modifications to applications or operating systems (OS) running on devices. The sandbox also automatically categorizes and prioritizes events for administrators, so they can quickly identify and begin investigating the most important events. The FireEye AX series can be set up in either sandbox or live mode. In sandbox mode, suspicious data is fully contained and analyzed in a traditional, segregated network sandbox. Live mode allows the suspicious data to have access to the outside world, thus allowing further tests if malware begins calling home or downloading additional malware.
Malware sandbox platform options
FireEye primarily uses a standalone appliance deployment model for its malware sandbox product. The standalone model -- the AX series -- does not rely on any other security products to do its job. Instead, it uses an integrated sensor to sift through and find potential malicious data with which to examine further. Within the FireEye AX series, there are three different models to choose from.
The AX5400 series FireEye sandbox can perform up to 8,200 analyses per day on a single unit. In terms of connectivity, the 1 rack unit appliance offers two 10/100/1000 Mbps copper Ethernet interfaces. For storage, the appliance uses two 600 GB hard disk drives (HDDs) in RAID 1. The analysis engine supports the Microsoft Windows OS.
The AX5500 series FireEye sandbox boasts performance of a maximum of 8,000 analyses per day. Note that this is 200 fewer than the AX 5400. The primary difference is that the AX 5500 supports both Microsoft Windows and Mac OS X operating systems, making the AX 5500 a viable option for enterprises with mixed operating environments. In terms of connectivity, the 1 rack unit appliance offers two 10/100/1000 Mbps copper Ethernet interfaces. For storage, the appliance uses four 900 GB RAID 10 HDDs.
At the top of the scale, from a performance perspective, is the AX 8400 FireEye sandbox. This 2 rack unit appliance can process up to 16,000 analyses per day. But like the AX 5400, its analysis only supports the Microsoft Windows OS. From a connectivity standpoint, the appliance has two 10/100/1000 Mbps copper Ethernet interfaces. For storage, the security device houses two 600 GB RAID 1 HDDs.
Pricing and support
Customers who wish to purchase FireEye sandbox appliances, hardware and support must do so through a value-added reseller (VAR). The reseller ultimately sets the final price. List pricing for the FireEye AX series is not published to the public.
FireEye offers two support programs with add-on services that can be purchased if desired. The platinum program covers both hardware and software support and provides email, Web and phone support on a 24/7 basis. A government support program is also available in select countries that ensures that Level 1 and 2 -- the highest severity incidences -- support requests are handled by citizens within the selected country. This may be important for government organizations working with highly sensitive information. Add-on services include a priority classification in which problems are addressed more quickly.
Learn about the benefits of cloud-based malware analysis.
Learn how smart sandboxes differ from traditional sandboxes.
Explore how some malware can beat sandboxes.
Discover how malware adapts to virtual machines.