Sep 28 2015

Product Review: FireEye NX-1400 1U

The threat prevention appliance stops attackers in their tracks.

As cybercriminals exploit infected web pages to launch targeted attacks on state networks, security appliances are essential to thwarting them. The FireEye Network Threat Prevention NX-1400 1U appliance can protect up to 100 users from a variety of zero-day malware and multiprotocol attacks.

Products that employ signature-based scanners such as traditional anti-virus tools and less capable network-based intrusion prevention systems aren’t any match for these kinds of blended attacks. The latest exploits automatically look for weaknesses in endpoints (such an outdated version of Adobe Flash or an antiquated browser) and deposit malware.

The NX-1400 complements other security tools because it focuses on stopping the most advanced and pernicious malware from permeating the network.

How the NX-1400 Catches Exploit Attempts

When the NX detects an exploit, it examines network activities such as downloaded files or connections to the malware’s command-and-control servers or DNS queries. The FireEye appliance alerts security managers to potential threats as they’re happening in near real time. Managers can set the product to automatically block attacks or operate in a pass-through mode.

The NX performed as expected, showing the path that pieces of deliberately introduced, flash-based infections took through our network of test Windows 7 machines. These infections were typical of similar attacks that would take just a few minutes to execute, yet the security appliance detected and neutralized them and showed us how the infections would have worked if they hadn’t been stopped.

Like other security vendors, FireEye has its crowdsourced Dynamic Threat Intelligence subscription service. Millions of network sensors based all over the world are constantly reporting current malware tactics and threat activities, and this information is incorporated into the analysis used by the NX products. A subscription offers hourly updates, and for an additional fee, you can also receive information about threat actor profiles and why someone might target your organization.

FireEye offers a variety of NX models, and the NX-1400 is the second smallest in this line. Organizations that have a larger number of users or a lot more network throughput should consider a device with greater capacity.


Ports: 2Gbps network monitoring
Storage: 500GB for logging and audit files
IPS Rating: 20Mbps
Users Supported: Up to 100 Windows PCs
Threats Blocked: Both inbound and outbound malware types