FireEye Non-Signature-Based Malware Detection

FireEye has unveiled its first appliances built for in-line blocking of Web and e-mail malware using non-signature-based detection methods.

Ordinarily placed behind an organization’s Internet perimeter firewall, the three versions of FireEye’s Malware Protection System (MPS) can each detect and block inbound malware and also monitor for any outbound communications from malware, such as bots trying to contact their C&C servers.  The underlying technology that FireEye has developed makes use of a so called “virtual-machine detection method” that mirrors real-time traffic inside the MPS appliance and replays it to see if they’re compromised or attacked. 

The FireEye in-line MPS products cost from $25K to the low hundred thousands depending on the model.