The new appliances, which are based on the company's existing Malware Protection System products, basically catch the unknown threats that firewalls and intrusion prevention systems (IPSes) don't, says Marc Maiffrett, chief security architect for FireEye. "When we light up is when [unknown threats] are slipping through, or if there's already stuff on your network," he says.
FireEye's technology uses virtual machine analysis and FireEye's cloud-based intelligence network -- but no malware signatures. "In a full malware lifecycle, there are still inbound exploits coming through the network from WiFi or USBs … existing compromised machines, so we look at the outbound traffic coming out of the network [as well]," Maiffrett says.
Maiffrett says FireEye got to see its technology's response during Operation Aurora, when some of its customers were among those targeted in the attacks on Google, Adobe, Intel, and others. "We got to see firsthand how it would play out. Three of our customers ... were using our [original] detection product," he says, which helped analyze the malware used in the attacks.
With the new inline appliance, a zero-day like Aurora would go to the VM analysis engine first: "As soon as we could see it was bad ... we put in a rule that blocks it from calling back to the server in Taiwan," for example, Maiffrett says. "So any computers that might have been targeted would not be able to communicate out."
FireEye today also launched Modern Malware Exposed, a site that includes educational content and tools for businesses and provides a free malware assessment.
Pricing for the FireEye 2000, 4000, and 7000 series network security appliances starts at $24,950.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.