Net Optics and FireEye
Business critical functions rely on quick, safe and reliable connections to the Internet. Unfortunately accessing the web isn’t as always as simple as it should be. There is malicious software constantly trying to find ways onto your network.
FireEye’s Web Malware Protection System (MPS) stops Web-based attacks that traditional and next-generation firewalls, IPS, AV, and Web gateways miss. It protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe. However their best deployment scenario is to be inline; and having devices inline can increase latency and slow down production. Find out more by downloading the Joint Solution Brief. http://www.netoptics.com
FireEye - Scalable Web Malware Protection Solution to Keep Your Network Safe and Up
1. Technology Alliance Partner I Solution Brief
Scalable Web Malware Protection Solution
to Keep Your Network Safe and Up
Net Optics and FireEye
The Challenge
Business critical functions rely on quick, safe and reliable connections to the
Internet. Unfortunately accessing the web isn’t as always as simple as it should
be. There is malicious software constantly trying to find ways onto your network.
FireEye’s Web Malware Protection System (MPS) stops Web-based attacks that
traditional and next-generation firewalls, IPS, AV, and Web gateways miss. It protects
against zero-day Web exploits and multi-protocol callbacks to keep sensitive data
and systems safe. However their best deployment scenario is to be inline; and
having devices inline can increase latency and slow down production.
The Solution
FireEye and Net Optics have partnered to provide a scalable and fault-tolerant
solution, which consists of the FireEye Web Malware Protection System, working
with Net Optics iBypass™ and xBalancer™. This solution lets customers maintain
their security and performance while also providing a platform for increasing
demand.
The Net Optics iBypass Switch with advanced Heartbeat and Link Fault Detect
features allow monitoring of xBalancer’s state information. A configurable heartbeat
packet sent from the iBypass Switch to the xBalancer helps identify link anomalies
or power failures. The Switch will immediately detect the change and will re-route
traffic using Fast Path™ switching technology. Once xBalancer is brought back
on-line, traffic automatically resumes.
The Net Optics xBalancer is built specifically to prevent tool overburdening
by distributing the traffic to multiple monitoring tools. Thus xBalancer allows
customers to scale their deployments as the need grows while maintaining security.
Tool health is monitored using Heartbeat packets and can proactively redirect
traffic to available or spare tools in case of failure.
The FireEye Web MPS appliances are a turnkey system that can be deployed
inline at Internet egress points to block inbound Web exploits and outbound
multi-protocol callbacks. They employ the most sophisticated Virtual Execution
(VX) engine in the world to accurately confirm zero-day attacks, create real-time
protections, and capture dynamic callback destinations. Dynamic analysis
of zero-day attacks within a full-featured virtual analysis environment yields
real-time malware security content to protect the local network and share with
subscribers of the FireEye Malware Protection Cloud (MPC). In addition, the
Web MPS can signal into incident response mechanisms, such as SIEM, and also
offers TCP resets for out-of-band blocking of TCP, UDP, or HTTP connections.
This joint solution from Sourcefire and Net Optics provides intelligent security
automation, advanced load-balancing and the assurance that their security
solution will scale as needs continue to grow, increasing ROI and network
reliability.
Solution Highlights
• Easily scale deployments as needs grow while
lowering TCO
• Gain next-generation load-balancing capability
without compromising reliability
• Protects against zero-day, advanced targeted
attacks – using the VX engine, it detects and stops
advanced targeted attacks using malicious images,
PDFs, Flash, or ZIP/RAR/TNEF archives
• Cuts off outbound malware transmissions across
multiple protocols – whether deployed inline or
out-of-band, it thwarts data exfiltration, botnet
activities, and advanced persistent threats
communicating across HTTP, FTP, IRC, and many
other protocols
• Integrates with Email MPS to stop blended attacks
– works with FireEye Email MPS protection to shut
down communications with malicious URLs used
in targeted attacks
• Dynamically generates malware intelligence –
Captures details such as callback coordinates and
communication characteristics to protect locally
and share globally through the cloud
2. Technology Alliance Partner I Solution Brief
Scalable Web Malware Protection Solution to Keep Your Network Safe and Up
Router
Switch
2
OFF
B
1
Bypass Switch
TM
Monitor
2
A
Network
BYPASS
ON
1
B
A
2
1
LINK
A
RESET
OUT
OUT
2
1
B
IN
IN
OU T IN
10 GigaBit
OU T IN
www.netoptics.com
Net Optics
iBypass™ Switch
The diagram shows two network ports on
the Net Optics iBypass connected inline to
the upstream and downstream network
devices, the two monitor ports connecting
to the xBalancer. The FireEye appliances
connect to the xBalancer, which provides
in line network conditions, the iBypass
Switch will pass a Heartbeat through the
xBalancer to verify its operation and route
network traffic through the xBalancer. The
xBalancer in turn uses a unique heartbeat
for each FireEye monitoring link. In case
of a heartbeat failure the xBalancer
rebalances the traffic to the remaining
tools or to an additional spare to maintain
continuous monitoring.
Console
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Management
Net Optics xBalancer™
FireEye Web MPS
FireEye Web MPS
FireEye Web MPS
FireEye Web MPS
Net Optics
FireEye
Net Optics is the leading provider of Total Application and Network
Visibility solutions that deliver real-time network intelligence for
peak performance in network monitoring and security. As a result,
businesses achieve the scalable end-to-end visibility they need to
optimize network performance of physical, virtual and private cloud
environments, and remote branch offices. More than 7,500 enterprises,
service providers and government organizations—including 85 percent
of the Fortune 100—trust Net Optics’ comprehensive plug and play
family of application-aware NPM, Network Packet Broker, Virtual/Cloud
and Visibility Management System (VMS) solutions to deliver immediate
results and quick time to value through an easy-to-use interface. Net
Optics maintains a global presence through leading OEM partner and
reseller networks.
FireEye is the leader in stopping the new breed of cyber
attacks, such as advanced malware, that easily bypass
traditional signature-based defenses and compromise
the majority of enterprise networks. The FireEye solutions
supplement traditional and next-generation firewalls, IPS,
anti-virus, and gateways, which cannot stop advanced
threats, leaving security holes in networks. FireEye offers
the industry’s only solution that detects and blocks attacks
across both Web and email threat vectors as well as latent
malware resident on file shares. It addresses all stages of an
attack lifecycle with a signature-less engine utilizing stateful
attack analysis to detect zero-day threats. Based in Milpitas,
California, FireEye is backed by premier financial partners
including Sequoia Capital, Norwest Venture Partners, and
Juniper Networks.
5303 Betsy Ross Drive
Santa Clara, CA 95054, United States
Main: +1 (408) 737-7777
www.netoptics.com
1440 McCarthy Blvd.
Milpitas, CA 95035, United States
Main: +1 (408) 321-6300
www.fireeye.com
Net Optics® is a registered trademark of Net Optics, an Ixia company. Copyright 1996-2013 Net Optics, Inc. All rights reserved. Additional company and product names may be trademarks or registered
trademarks of the individual companies and are respectfully acknowledged. FireEye and the FireEye logo are trademarks or registered trademarks of FireEye in the United States and other countries.