The FireEye Malware Protection Cloud interconnects FireEye appliances deployed within customer networks, technology partner networks, and service providers around the globe. It provides a real-time exchange of threat data on only confirmed cyber attacks. In turn, protecting what is important, your organization- worldwide.

1. Datasheet
Malware Protection Cloud
A Real-Time Global Exchange of Threat Data Helps Preempt Emerging, Zero-Day Attacks
Highlights The FireEye Malware Protection Cloud (MPC) is a global
• Global sharing of anonymized network connecting Malware Protection Systems (MPS)
intelligence on emerging Web-,
into a real-time exchange of threat data on confirmed,
email-, and file-enabled threats
zero-day attacks.
• Appliances can pull data feeds
on zero-day malware and
advanced targeted attacks to This Internet cybercrime watch system provides subscribers the
prevent cybercriminal infiltration latest intelligence on zero-day attacks and unauthorized malware
of the network callback destinations.
• Ongoing callback destination
updates block malware Real-time sharing of global malware intelligence
communications and data The FireEye MPC interconnects FireEye appliances deployed within
exfiltration
customer networks, technology partner networks, and service providers
• Subscription and publishing of around the world. The MPC serves as a global distribution hub to
threat intelligence are optional, efficiently share auto-generated malware security intelligence such as
so sites can decide how much
new malware profiles, vulnerability exploits, and obfuscation tactics,
to share
as well as new threat findings from the FireEye Malware Intelligence
Lab and verified third-party security feeds. Through the MPC, FireEye
appliances are more efficient at detecting both known malware as
well as the zero-day, highly targeted attacks used in cybercrime,
cyber espionage, and cyber reconnaissance.
How it works: stopping advanced targeted attacks
The FireEye Web MPS, Email MPS, File MPS, and MAS appliances analyze
across major threat vectors—Web, email, and files—for advanced
targeted attacks. Within each appliance, the Virtual Execution (VX)
The FireEye Malware Protection Cloud helps engine creates dynamic security content based on the analysis of
share dynamic threat intelligence between suspicious Web traffic, email attachments, and files. The FireEye Central
FireEye researchers and appliances
Management System (CMS) is then used to distribute the dynamic
security content locally to each appliance to provide real-time
protection throughout the entire FireEye deployment.
“Within seconds of a potential compromise the FireEye appliance tells
us exactly what we need to know, and it allows us to focus our resources
on what is important. The benefits, not only to my own organization but
to all the scientists and engineers, have been invaluable.”
— Lead Analyst, Cyber Defense, Government Agency

2. Datasheet
Organizations that subscribe to the MPC will • Fully qualified malware callback destinations
receive threat data from, and can opt-in to send (destination IP address, protocols used, ports
threat data to, the global subscriber base to stop used) used to exfiltrate data and deliver
emerging threats. cybercriminal commands
• Malware communication protocol characteristics,
Dynamic analysis protects against unknown, such as custom commands used to instantiate
zero-day attacks transmission sessions
The multi-phase VX engine captures, replays, and
confirms zero-day malware and targeted attacks Blocks based on facts to avoid false positives
by executing suspicious binaries and Web objects Unlike reputation and risk-based threat intelligence
against a range of browsers, plug-ins, applications, networks, which make assumptions about potentially
and operating environments. The VX engine is risky code and broadcast signatures that may either
instrumented to confirm an attack is underway falsely block or falsely allow traffic, FireEye systems
tracking vulnerability exploitation, memory corruption confirm malicious activity. The assessments captured
to facilitate arbitrary code execution, and other by the FireEye systems are conclusive, because
definitive malicious actions. As the virtual attack suspicious code is fully tested in a virtual execution
plays out, it captures dynamic callback channels environment. An example demonstrates the value
used by the zero-day attack and then creates of real-time intelligence updates:
blocking rules for that channel.
1. A FireEye appliance identifies a malicious
By integrating MPS inspections across multiple IP address serving as a command and control
threat vectors, customers get comprehensive threat (C&C) system and begins to block outbound
analysis of OS, Web-based, email, and application calls to that address
threats. This integrated approach enables the most
2. The appliance automatically notifies the
comprehensive protection against known and zero-
day malware used in advanced targeted attacks. FireEye MPC of the destination IP address, port,
By sharing real-time local detections, subscribers and malware protocol used in the attempted
contribute to and gain from the global Malware connection
Protection Cloud to mitigate the ongoing threats 3. MPC subscribers’ FireEye appliances pull
targeting organizations worldwide. down regular updates and block connections
to that IP address that use the same port and
Detailed intelligence on emerging threats malware protocol
Threat intelligence includes: 4. Compromised systems at all MPC subscriber
• Malware attack profiles (MD5s of malware sites are cut off from contacting the botnet
code, network behaviors, obfuscation tactics) C&C system
that identify confirmed and known attacks
• Analysis of file share objects, email attachments,
and URLs
© 2012 FireEye, Inc. All rights reserved. FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may
be trademarks or service marks of their respective owners. – DS.MPC.022012
FireEye, Inc. | 1390 McCarthy Blvd. Milpitas, CA 95035 | 408.321.6300 | 877.FIREEYE (347.3393) | info@fireeye.com | www.fireeye.com