data sheet

FireEye Email Security

Server Edition
Adaptive, intelligent, scalable defense
against email borne threats

HIGHLIGHTS
• Offers comprehensive email
security against malicious
attachments, credential-
phishing URLs, spoofing, zero-
day and multi-stage attacks
Figure 1. Integrated Email Security appliances include EX 3500, EX 5500 and EX 8500.
• Supports analysis against
Microsoft Windows and
Apple macOS X operating
Overview
system images
Email is the most vulnerable vector for cyber attacks because it is the highest
• Extensively examines email for volume data ingress point. Organizations face an ever-increasing number of
threats hidden in password- security challenges from email-based advanced threats. Most advanced threats
protected files, encrypted
use email to deliver URLs linked to credential phishing sites and weaponized
attachments, and URLs
file attachments. Because it is highly targetable and customizable, email is the
• Acquires real-time threat primary medium for cyber crime.
intelligence from the FireEye
DTI Cloud FireEye Email Security helps organizations minimize the risk of costly
breaches caused by advanced email attacks. Deployed on premises, FireEye
• Prioritizes and contains threats
Email Security – Server Edition leads the industry in identifying, isolating and
by providing contextual insights
for alerts immediately stopping URL and attachment-based attacks, before they enter an
organization’s environment. Email Security combines intelligence-led context
• Deploys on-premises with and detection plug-ins to unearth malicious and benign phishing URLs on a big
integrated or distributed
data, scalable platform. The signatureless Multi-Vector Virtual Execution™ (MVX)
MVX service
engine analyzes email attachments and URLs linked to downloadable content
against a comprehensive cross-matrix of operating systems, applications and
web browsers. Threats are identified with minimal noise, and false positives are
nearly nonexistent.
DATA SHEET | FIREEYE EMAIL SECURITY SERVER EDITION 2

FireEye collects extensive threat intelligence on At the core of Email Security are Advanced URL Defense,
adversaries through firsthand breach investigations and the MVX engine and MalwareGuard. These technologies
millions of sensors. Email Security draws on both concrete use machine learning and analytics to identify attacks that
evidence and contextual intelligence about attacks and evade traditional signature and policy-based defenses.
attackers to prioritize alerts and block threats in real time.
An integral part of Advanced URL Defense, PhishVision
By integrating with FireEye Network Security and Endpoint is an image classification engine that uses deep learning
Security organizations can get broader visibility into multi- to compile and compare screenshots of trusted and
vector blended attacks and coordinate real-time protection. commonly targeted brands against web pages referenced
by URLs in an email. Working in tandem with PhishVision,
Defense against email borne threats Kraken is a phishing detection plug-in that applies
With all the personal information available online, a domain and page content analytics to augment machine
cyber criminal can use social engineering to trick almost learning. Skyfeed, another advance in URL detection, is
any user into taking an action, clicking a URL or opening a purpose-built, fully automated malware intelligence
an attachment. gathering system. Social media accounts, blogs,
forums and threat feeds are collected to discover false
Email Security provides real-time detection and
negatives. The multi-faceted nature of Advanced URL
prevention against credential harvesting, impersonation
Defense offers organizations protected by Email Security
and spear-phishing attacks that typically evade
unparalleled defense against credential harvesting and
traditional email security defenses. Emails are analyzed
spear-phishing attacks.
and quarantined (blocked) if unknown and advanced
threats are found hidden in: MalwareGuard is a machine learning utility that takes
binary files as input and outputs a suspiciousness score.
• Attachment types including, but not limited to: EXE,
Every Portable Executable (PE) file seen on the wire is
DLL, PDF, SWF, DOC/ DOCX, XLS/XLSX, PPT/PPTX,
analyzed by MalwareGuard. A decision is made based on
JPG, PNG, MP3, MP4 and ZIP/RAR/TNEF archives
the score and detections triggered by MalwareGuard are
• Password-protected and encrypted attachments assigned a name.
• Password-protected attachments with password
The MVX engine detects zero-day, multi-flow and other
sent via image
evasive attacks by using dynamic, signature-less analysis in
• URLs embedded in emails, MS Office documents, PDF a safe, virtual environment. It identifies never-before-seen
and archive files (ZIP, ALZIP, JAR), and other file types exploits and malware to stop infection and compromise.
(Uuencoded, HTML)
Evasion mitigation
• Files downloaded through URLs – and even FTP links
Email Security supports a controlled live mode feature to
• Obfuscated, spoofed, shortened and dynamically defend against attacks that evade requests for remote
redirected URLs objects. The MVX engine detects malware requiring
• Credential-phishing and typosquatting URLs multiple downloads and returns the remote objects
requested by the sample binary. Controlled live mode
• Unknown Microsoft Windows and Apple macOS X
reduces false negatives for multistage downloads,
operating system images, browser and application advanced spear-phishing attacks and advanced
vulnerabilities ransomware intrusions.
• Malicious code embedded in spear-phishing emails
Attackers also try to evade technology used for detecting
While ransomware attacks start with an email, a call back suspicious URLs. As part of Advanced URL Defense,
to a command-and-control server is typically required to evasion mitigations for phishing sites are continually
encrypt the data. Email Security identifies and stops these evolving. Evasion mitigations are continually enhanced
hard-to- detect multi-stage malware campaigns. as part of Advanced URL Defense. Another evasion
mitigation, Guest Images can be customized to mimic
Superior threat detection a “used” endpoint when a potentially malicious object
Email Security helps mitigate the risk of costly breaches is executed. Many evasion techniques are prevented by
by identifying and isolating advanced, targeted and other ensuring the Guest Image reproduces an endpoint domain,
evasive attacks camouflaged as normal traffic. Once domain user, Outlook data and browser history.
detected, these attacks are immediately stopped, analyzed
and fingerprinted for faster identification of future threats.
DATA SHEET | FIREEYE EMAIL SECURITY SERVER EDITION 3

Integration to improve alert handling efficiencies • Central Management correlates alerts from both Email
Email Security analyzes every email attachment and URL Security and Network Security for a broader view of an
to accurately identify today’s advanced attacks. Real- attack and to set blocking rules to prevent the attack
time updates from the entire FireEye security ecosystem from spreading.
combined with attribution of alerts to known threat actors
• Central Management supports role-based tagging to
provide context for prioritizing and acting on critical alerts
know who is being targeted.
and blocking advanced email attacks. Known, unknown
and non-malware-based threats are identified with minimal • Central Management supports alert response and
noise and false positives so that resources are focused remediation based on role-based criteria.
on real attacks to reduce operational expenses. Riskware
Additional capabilities
categorization separates genuine breach attempts from
YARA-based rules enable customization
undesirable, but less malicious activity (such as adware
Email Security enables analysts to specify and test custom
and spyware) to prioritize alert response.
rules to analyze email attachments for threats targeting
Rapid adaptation to the evolving threat landscape their organization.
Email Security helps your organization continually adapt
Executive impersonation protection
your proactive defense against email-borne threats via
Email Security – Server Edition offers the capability to
real-time threat intelligence from the FireEye Dynamic
block business email compromises (BEC) to protect
Threat Intelligence (DTI) Cloud. Deep intelligence about
important employees from being spoofed. A policy is
threats and attackers combines adversarial, machine and
created that compares inbound email display names to an
victim intelligence to:
approved list that matches approved envelope senders.
• Deliver timely and broader visibility to threats
Message queue, alert and quarantine management
• Identify specific capabilities and features of detected Email Security – Server Edition provides a high degree
malware and malicious attachments of control over the email messages it scans. For active
• Provide contextual insights to prioritize and protection-mode deployments, messages can be tracked
accelerate response and managed as they move through the MTA queue. Email
attributes can be used to search and verify that messages
• Determine the probable identity and motives of an
were received, analyzed and delivered to the next hop and
attacker and track their activities within your organization trends over time can be monitored through an intuitive
• Rewrite all URLs embedded within an email to protect dashboard. Explicit allow and block lists provide custom
users from malicious links control over email processing. Common alert attributes
can be searched and selected. And bulk operations can be
• Retroactively identify spear-phishing attacks and
performed on alerts and quarantined messages.
prevent access to phishing sites by highlighting
malicious URLs Active-protection or monitor-only mode
Email Security can analyze emails and quarantine threats
Response workflow integration
for active protection. For monitor-only deployments
Email Security works seamlessly with FireEye Helix and
organizations just set up a transparent BCC rule to send
FireEye Central Management.
copies of emails to Email Security for analysis.
• As a component of the security operations platform
— FireEye Helix — it provides visibility across the
entire infrastructure. FireEye Helix augments email and
third-party alerts with intelligence, correlation to the
endpoint, automation, and investigative tips. With these
capabilities, FireEye Helix surfaces unseen threats and
empowers expert decisions.
DATA SHEET | FIREEYE EMAIL SECURITY SERVER EDITION 4

Flexible Deployment Options

Email Security – Server Edition offers various deployment • MVX Smart Grid: on-premise, centrally located, elastic
options to match an organization’s needs and budget: MVX service that offers transparent scalability, built-in
N+1 fault tolerance and automated load balancing.
• Integrated Email Security: standalone, all-in-one
hardware appliance with integrated MVX service to Bursting from an integrated hardware appliance to an
secure an email ingress point at a single site. FireEye MVX Smart Grid provides added capacity for detecting
Email Security is an easy-to-manage solution that and analyzing email-borne threats during peak message
deploys in under 60 minutes. It doesn’t require rules, throughput periods.
policies or tuning. • FireEye Cloud MVX: MVX service subscription that

• Distributed Email Security: extensible appliances with

ensures privacy by analyzing traffic on the Email
centrally shared MVX service to secure email ingress Smart Node. Only suspicious objects are sent over an
points within organizations encrypted connection to the MVX service, where objects
revealed as benign are discarded.
• Email Smart Node: virtual sensors analyze email
traffic to detect and block malicious traffic and submit
suspicious activity over an encrypted connection to the
MVX service for definitive verdict analysis

Integrated Email Security

Physical Appliance

Central Site
FireEye
MVX Smart Grid Cloud MVX

Remote site

Email Smart Node

Virtual Appliance

Figure 2. Distributed and bursting deployment models for Email Security.

DATA SHEET | FIREEYE EMAIL SECURITY SERVER EDITION 5

Table 1. Technical specifications.

EX 3500 EX 5500 EX 8500

Performance* Up to 700 unique attachments Up to 1,800 unique attachments Up to 2,650 unique attachments
per hour per hour per hour

Network Interface Ports 2x 1GigE BaseT 2x 1GigE BaseT 4x SFP+ (supporting 10GigE Fiber,
10GigE Copper, 1GigE Copper),
2x 1GigE BaseT

Management Ports 2x 1GigE BaseT 2x 1GigE BaseT 2x 1GigE BaseT

IPMI Monitoring Included Included Included

VGA Port (rear panel) Included Included Included

USB Ports (rear panel) 4x USB Type A Rear 2x USB Type A Front, 2x USB Type A Front,
2x USB Type A Rear 2x USB Type A Rear

Serial Port (rear panel) 115,200 bps, No Parity, 8 Bits, 115,200 bps, No Parity, 8 Bits, 115,200 bps, No Parity, 8 Bits,
1 Stop Bit 1 Stop Bit 1 Stop Bit

Storage Capacity 4x 2TB, RAID 10, HDD 3.5 inch, FRU 4x 2TB, RAID 10, HDD 3.5 inch, FRU 4x 2TB, RAID 10, HDD 3.5 inch, FRU

Enclosure 1RU, Fits 19-inch Rack 2RU, Fits 19-inch Rack 2RU, Fits 19-inch Rack

Chassis Dimensions (WxDxH) 17.2” x 25.6” x 1.7” 17.24” x 24.41” x 3.48” 17.24” x 24.41” x 3.48”
(437 x 650 x 43.2 mm) (438 x 620 x 88.4 mm) (438 x 620 x 88.4 mm)

AC Power Supply Redundant (1+1) 750 watt, Redundant (1+1) 800 watt, Redundant (1+1) 800 watt,
100 - 240 VAC, 9 – 4.5A,50-60 Hz, 100 - 240 VAC, 9 – 4.5A,50-60 Hz, 100 - 240 VAC, 9 – 4.5A,50-60 Hz,
IEC60320-C14 inlet, FRU IEC60320-C14 inlet, FRU IEC60320-C14 inlet, FRU

DC Power Supply Not Available Not Available Not Available

Thermal Maximum Power 245 watts (836 BTU per hour) 456 watts (1,556 BTU per hour) 530 watts (1,808 BTU per hour)

MTBF (h) 54,200 hours 57,401 hours 53,742 hours

Appliance Alone / As Shipped 30.0 lbs (13.6 kg) / 41.0 lbs (18.6 kg) 44.1 lbs (20.0 kg) / 65.3 lbs (29.6 kg) 44.4 lbs (20.2 Kg) / 65.6 lbs (29.8 kg)
Weight, lb (kg)

Compliance Safety IEC 60950 IEC 60950 IEC 60950

EN 60950-1 EN 60950-1 EN 60950-1
UL 60950 UL 60950 UL 60950
CSA/CAN-C22.2 CSA/CAN-C22.2 CSA/CAN-C22.2

Compliance EMC FCC Part 15 FCC Part 15 FCC Part 15

ICES-003 Class A ICES-003 Class A ICES-003 Class A
AS/NZS CISPR 22 AS/NZS CISPR 22 AS/NZS CISPR 22
CISPR 32 CISPR 32 CISPR 32
EN 55032 EN 55032 EN 55032
EN 55024 EN 55024 EN 55024
IEC/EN 61000-3-2 IEC/EN 61000-3-2 IEC/EN 61000-3-2
IEC/EN 61000-3-3 IEC/EN 61000-3-3 IEC/EN 61000-3-3
IEC/EN 61000-4-2 IEC/EN 61000-4-2 IEC/EN 61000-4-2
V-2/2015 & V-3/2015 V-2/2015 & V-3/2015 V-2/2015 & V-3/2015

Security Certifications FIPS 140-2, CC NDPP v1.1 FIPS 140-2, CC NDPP v1.1 FIPS 140-2, CC NDPP v1.1

Environmental Compliance RoHS Directive 2011/65/EU; REACH; RoHS Directive 2011/65/EU; REACH; RoHS Directive 2011/65/EU; REACH;
WEEE Directive 2012/19/EU WEEE Directive 2012/19/EU WEEE Directive 2012/19/EU

Operating Temperature 0 ~ 35° C (32 ~ 95° F) 0 ~ 35° C (32 ~ 95° F) 0 ~ 35° C (32 ~ 95° F)

Operating Relative Humidity 10 ~ 95% @ 40° C, non-condensing 10 ~ 95% @ 40° C, non-condensing 10 ~ 95% @ 40° C, non-condensing

Operating Altitude 3,000 m / 9,842 ft 3,000 m / 9,842 ft 3,000 m / 9,842 ft

* All performance values vary depending on the system configuration and email traffic profile being processed. Size appliance(s) based on
unique attachments per hour.
DATA SHEET | FIREEYE EMAIL SECURITY SERVER EDITION 6

Table 2. FireEye MVX smart grid specifications.

VX 5500 VX 12500

OS Support Microsoft Windows Microsoft Windows

Apple macOS X Apple macOS X

Performance* Up to 480 unique attachments per hour Up to 3,780 unique attachments per hour

High Availability** N+1 N+1

Management Ports (rear panel) 1x 10/100/1000 Mbps BASE- T Ports 1x 10/100/1000 Mbps BASE- T Ports

Cluster Ports (rear panel) 3x 10/100/1000 Mbps BASE-T Ports 1x 10/100/1000 Mbps BASE-T Ports,
2x 10 Gbps BASE-T Ports

IPMI Port (rear panel) Included Included

Front LCD & Keypad Not Available Included

VGA Ports Included Included

USB Ports (rear panel) 4x Type A USB Ports 2x Type A USB Ports

Serial Port (rear panel) 115,200 bps, No Parity, 8 bits, 1 Stop Bit 115,200 bps, No Parity, 8 Bits, 1 Stop Bit

Drive Capacity 2x 2TB 3.5 SAS HDD, RAID 1, hot-swappable, FRU 4 x 4TB 3.5” SAS3 HDD, RAID 1, FRU

Enclosure 1RU, Fits 19-inch Rack 2RU, Fits 19-inch Rack

Chassis Dimensions (WxDxH) 17. 2x25.6x1.7 Inches (437 x 650 x 43.2 mm) 17.2x33.5x3.5 Inches (437 x 851 x 89 mm)

DC Power Supply Not Available Not Available

AC Power Supply Redundant (1+1) 750 watt, 100-240 VAC, Redundant (1+1) 800W: 100-127V,
8 - 3.8 A, 50-60 Hz, IEC60320-C14, inlet, 9.8A-7A 1000W: 220-240V, 7-5A, 50-60Hz, FRU
hot-swappable, FRU IEC60320-C14 inlet, FRU

Power Consumption Maximum 285 watts 760 watts

Thermal Dissipation Maximum 972 BTU per hour 2594 BTU per hour

MTBF 54,200 hours 38,836 hours

Appliance Alone / As Shipped Weight 33 lb (15 kg) / 48 lb (21.8 kg) 46 lb (21 kg) / 90 lb (40.2 kg)

Security Certification FIPS 140-2 Level 1, CC NDPP v1.1 FIPS 140-2 Level 1, CC NDPP v1.1

Regulatory Compliance Safety IEC 60950 IEC 60950

EN 60950-1 EN 60950-1
UL 60950 UL 60950
CSA/CAN-C22.2 CSA/CAN-C22.2

* All performance values vary depending on the system configuration and traffic profile being processed.
** With appropriate redundant hardware configurations.
DATA SHEET | FIREEYE EMAIL SECURITY SERVER EDITION 7

Table 3. FireEye Email Security smart node, virtual sensor specifications.

EX 5500V

OS Support  Microsoft Windows, Apple macOS X

Performance* Up to 1,250 unique attachments per hour

Network Monitoring Ports 2

Network Management Ports 2

CPU cores 8

Memory 16 GB

Drive Capacity 384 GB

Network Adapters VMXNet 3, vNIC

Hypervisor Support VMWare ESXi 6.0 or later

* All performance values vary depending on the system configuration and traffic profile being processed.

FireEye Email Security is part of FireEye XDR

Learn more at www.FireEye.com/XDR

FireEye, Inc. About FireEye, Inc.

601 McCarthy Blvd. Milpitas, CA 95035 FireEye is the intelligence-led security company.
408.321.6300/877.FIREEYE (347.3393) Working as a seamless, scalable extension of customer
[email protected] security operations, FireEye offers a single platform
that blends innovative security technologies, nation-
state grade threat intelligence, and world-renowned
©2019 FireEye, Inc. All rights reserved. FireEye is Mandiant® consulting. With this approach, FireEye
a registered trademark of FireEye, Inc. All other eliminates the complexity and burden of cyber security
brands, products, or service names are or may be
trademarks or service marks of their respective
for organizations struggling to prepare for, prevent and
owners. E-EXT-DS-US-EN-000044-03 respond to cyber attacks.