Trellix NX 4600
Network Security 6th Generation 2U Appliance
Contact us for Pricing!
Overview
The Trellix NX 4600 stops the new generation of cyber attacks that use zero-day Web exploits and multiprotocol malware callbacks to compromise the majority of today's networks.
When used as a standard (or integrated) appliance, the NX Series appliance performs both monitoring and analysis functions. When used as a sensor within the Trellix Network Security, the NX 4600 only monitors traffic, extracting objects and URLs and sending them to an MVX cluster for analysis. This allows a flexible approach to your security solution.
Trellix Network Security
Trellix Network Security is an effective cyberthreat protection solution that helps your organization minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted, and other evasive attacks hiding in internet traffic. It facilitates efficient resolution of detected security incidents in minutes with concrete evidence, actionable intelligence, and response workflow integration.
With Trellix Network Security, you’re effectively protected against today’s threats whether they:
- Exploit Microsoft Windows, Apple OS X operating systems, or application vulnerabilities
- Are directed at the headquarters or branch offices
- Are hidden in a large volume of inbound internet traffic that must be inspected in real time
Trellix Network Security is available in a variety of form factors and deployment and performance options. It is typically placed in the path of internet traffic behind traditional network security appliances such as next generation firewalls, intrusion prevention systems (IPSs), and secure web gateways (SWGs).
Trellix Network Security supplements these solutions by rapidly detecting both known and unknown attacks with high accuracy and a low rate of false positives, while facilitating an efficient response to each alert.
Typical configuration of Network Security solutions
Features
Identify Attacks that Evade Traditional Defenses
Detect multi-flow, multi-stage, zero-day, polymorphic, ransomware and other advanced attacks with signature-less threat detection.
Leverage ML/AI and Correlation Engines for Retroactive Detection
Detect known and unknown threats in real time while also enabling back-in-time detection of threats.
Detect Suspicious Lateral Movements
Track and block lateral threats propagating within your enterprise network to reduce post-breach dwell time.
Categorize Non-Critical Riskware
Separate critical and non-critical malware (such as adware and spyware) to prioritize alert response.
Block Attacks Inline in Real Time
Immediately stop attacks to improve efficiency and minimize the impact of security incidents.
Map Detected Threats to MITRE ATT&CK Framework
Map detected threats to the MITRE ATT&CK framework for contextual evidence and future containment and remediation.
Cover Expanding Attack Surfaces
Protect your diverse network environment with support for the most common operating systems and over 160 file types.
Protect Your Network Anywhere
Choose from an extensive set of deployment scenarios, including in-line and out of band, on-premises, hybrid, public and private cloud, and virtual offerings.
Benefits
Designed to meet the needs of single-site and distributed multisite organizations, Trellix Network Security delivers several benefits.
Minimizes risk of cyberbreaches
Network Security is a highly effective cyberdefense solution that:
- Prevents intruders from breaking into an organization to steal valuable assets or disrupt business by stopping advanced, targeted, and other evasive attacks
- Stops attacks and contains intrusions faster with concrete evidence, actionable intelligence, inline blocking, and response workflow automation
- Eliminates weak points from an organization’s cyberdefenses with consistent protection for various operating systems, application types, branches, and central sites
Short payback period
Network Security gives you a return on your investment in several ways:
- Focuses security team resources on real attacks to reduce operational expenses
- Optimizes capital spend with a shared MVX service and a large variety of performance points to rightsize deployment to meet requirements
- Reduces future capital outlay with modular and extensible architecture
- Future-proofs security investment by scaling smoothly when the number of branches or the amount of internet traffic grows
- Protects existing investments by allowing cost-free migration from an integrated to a distributed deployment
Technical Advantages
Accurate and actionable threat detection and insights
Network Security uses multiple analysis techniques to detect attacks with high accuracy and a low rate of false alerts.
- The MVX engine detects zero-day, multiflow, and other evasive attacks with dynamic, signature-less analysis in a safe, virtual environment. It stops infection and compromise phases of the cyberattack kill chain by identifying never-before-seen exploits and malware.
- Multiple dynamic machine learning, AI, and correlation engines detect and block obfuscated, targeted, and other customized attacks with contextual, rule-based analysis from real-time insights gathered on the front lines from thousands of hours of incident response experience. Network Security stops the infection, compromise, and intrusion phases of the cyberattack kill chain by identifying malicious exploits, malware, phishing attacks, and command and control callbacks. It also extracts and submits suspicious network traffic to the MVX engine for a definitive verdict analysis. In addition to client-side protection, engines support server-side detection, lateral movement detection, and detection of post-exploitation traffic.
- Alerts generated by Network Security include concrete real-time evidence to quickly respond to, prioritize, and contain targeted and newly discovered attacks. When operating in Evidence Collector mode, Network Security generates Layer 7 metadata, which is sent to Trellix Helix for analysis to provide further security context for your SOC team. In addition, detected threats can also be mapped to the MITRE ATT&CK framework for contextual evidence.
Detection
| Capabilities | Benefits |
|---|---|
| Accurate detection of advanced, targeted, and other evasive attacks | Minimizes risk of costly cyberbreaches |
| Visibility and detection of post-breach lateral movement | Decreases time to detect post-breach activities and reduces attacker dwell time |
| Modular and scalable security architecture | Provides investment protection and supports business growth |
| Consistent level of protection for multi-OS environments and all internet access points | Creates a strong defense across the entire organization for all types of devices |
| Integrated, distributed, physical, virtual, on-premises, and cloud deployment options | Offers flexibility to align with organizational preferences and resources |
| Multivector correlation with email and content security | Provides visibility across a wider attack surface |
Prevention
| Capabilities | Benefits |
|---|---|
| Immediate blocking of attacks at line rates from 250 Mbps to 10 Gbps | Gives real-time protection against evasive attacks |
| Visibility into encrypted traffic | Delivers optional built-in TLS 1.3 decryption support on appliances without an additional license fee |
Response
| Capabilities | Benefits |
|---|---|
| Low rate of false alerts, riskware categorization, and mapping to MITRE ATT&CK framework | Reduces operational cost of triaging unreliable alerts |
| Pivot to investigation and alert validation, endpoint containment, and incident response | Automates and simplifies security workflows |
| Execution evidence and actionable threat intelligence | Accelerates prioritization and resolution of detected security incidents |
Comprehensive visibility into suspicious lateral movements
Network Security includes the SmartVision advanced correlation and analytics engine that detects suspicious lateral internal network traffic across the entire network, from the data center to remote branch office locations. With more than 180 rules for lateral movement detection, SmartVision provides full kill-chain detection that targets east-west, server-facing deployments.
SmartVision also includes a machine learning framework with data-exfiltration detection, JA3 detection for identifying encrypted communication, web shell detection (visibility into attacks on web servers), and detection of malware lateral movement. It provides Layer 7 context around every real-time alert and maps adversarial techniques based on the MITRE ATT&CK framework.
Immediate and resilient protection
Network Security offers flexible deployment modes, including out-of-band monitoring via test access point (TAP)/switched port analyzer (SPAN), inline monitoring, or inline active blocking. Inline blocking mode automatically blocks inbound exploits and malware and outbound multiprotocol callbacks. In inline monitoring mode, your organization decides how to respond to generated alerts. In out-of-band prevention mode, Network Security issues TCP resets for out-of-band blocking of TCP or HTTP connections.
Selected models offer an active high-availability option to provide resilience in case of network or device failures.
Wide attack surface coverage
Network Security delivers a consistent level of protection for today’s diverse network environments, providing:
- Support for most common Microsoft Windows, Apple Mac OS X, and Linux operating systems
- Analysis of over 160 different file types, including portable executables, active web content, archives, images, Java, Microsoft, and Adobe applications and multimedia
- Execution of suspicious network traffic against thousands of operating systems, service pack, IoT application type, and application version combinations
- Protection against advanced attacks and malware types that are difficult to detect via signatures: web shell uploads, existing web shells, ransomware, and cryptominers
Validated and prioritized alerts
In addition to detecting genuine attacks, MVX technology is also used to validate alerts detected by conventional signature-matching methods and to identify and prioritize critical threats. Your organization gets these efficiencies:
- IPS with MVX engine validation reduces the time required to triage signature-based detection that’s traditionally prone to false alerts.
- Riskware categorization separates genuine breach attempts from undesirable but less malicious activity (such as adware and spyware) to prioritize alert response.
Response workflow integration
Network Security can be augmented in several ways to automate alert response workflows. For example:
- Trellix Central Management System correlates alerts from both Network Security and Trellix Email Security for a broader view of an attack and to set blocking rules that prevent the attack from spreading further.
- Trellix Network Forensics integrates with Network Security to provide detailed packet captures associated with an alert and enable in-depth investigations.
- Trellix Endpoint Security identifies, validates, and contains compromises detected by Network Security to simplify containment and remediation of affected endpoints.
Flexible Deployment Options
Network Security offers various deployment options to match your organization’s needs and budget.
Integrated Network Security
Standalone, all-in-one hardware appliances with integrated MVX service secure an internet access point at a single site. Network Security is an easy-to-manage, clientless solution that deploys quickly without requiring rules, policies, or tuning.
Distributed Network Security
Extensible appliances with centrally shared MVX service secure internet access points within organizations using the following features and capabilities:
- Network Smart Node physical or virtual appliances analyze internet traffic to detect and block malicious traffic and submit suspicious activity over an encrypted connection to the MVX service for definitive verdict analysis.
- MVX Smart Grid on-premises, centrally located, elastic MVX service offers transparent scalability, built-in N+1 fault tolerance, and automated load balancing.
- Trellix Cloud MVX service subscription ensures privacy by analyzing traffic on the Network Smart Node; only suspicious objects are sent over an encrypted connection to the MVX service, where objects revealed as benign are discarded.
- Protection options on-premises or in the cloud, in addition to standalone and virtual appliances. Trellix offers Network Security in the public cloud with availability in both AWS and Azure.
Distributed deployment models for Network Security
Specifications
2) Power Supply 2
3) Serial Console Port
4) VGA Connector
5) USB 2.0 Port
6) USB 3.2 Port
7) ether1 RJ45 Management Port
9) VGA Connector
10) pether3 (SFP+) Monitoring 3 Port
11) pether4 (SFP+) Monitoring 4 Port
12) pether5 (SFP+) Monitoring 5 Port
13) pether6 (SFP+) Monitoring 6 Port
14) pether7 (SFP+) Monitoring 7 Port
16) pether9 (SFP+) Monitoring 9 Port
17) pether10 (SFP+) Monitoring 10 Port
18) pether11 (RJ45) Monitoring 11 Port
19) pether12 (RJ45) Monitoring 12 Port
20) pether13 (RJ45) Monitoring 13 Port
21) pether14 (RJ45) Monitoring 14 Port
| NX 2600 | NX 3600 | NX 4600 | NX 5600 | NX 6600 | NX 8600 | |
|---|---|---|---|---|---|---|
| IPS Performance | ||||||
| Max IPS performance | Up to 500 Mbps | Up to 1 Gbps | 2 Gbps | Up to 5 Gbps | Up to 10 Gbps | Up to 20 Gbps |
| Max concurrent connections | 160K | 500K | 1 M | 2 M | 4 M | 8 M |
| New connections per second | 8K/Sec | 10K/Sec | 20K/Sec | 40K/Sec | 80K/Sec | 160K/Sec |
| Specifications | ||||||
| OS support | Linux macOS X Microsoft Windows |
Linux macOS X Microsoft Windows |
Linux macOS X Microsoft Windows |
Linux macOS X Microsoft Windows |
Linux macOS X Microsoft Windows |
Linux macOS X Microsoft Windows |
| Performance | Up to 500 Mbps | Up to 500 Mbps | Up to 2 Gbps | Up to 5 Gbps | Up to 10 Gbps | Up to 20 Gbps |
| SmartVision mode performance | Up to 1 Gbps | Up to 1 Gbps | Up to 4 Gbps | Up to 10 Gbps | Up to 20 Gbps | Coming soon |
| Network monitoring ports | (4) x 1G RJ45 ports | (4) x 1G RJ45 ports | 4 x 1G RJ45 bypass 4 x 1G/10G SFP+ 4 x 10G SFP+ |
4 x 1G/10G RJ45 bypass 4 x 1G/10G SFP+ 4 x 10G SFP+ |
2 x 40G QSFP+ 4 x 10G SFP+ 2 x 1G/10G SFP+ 4 x 1G/10G RJ45 bypass |
2 x 40G QSFP+ 4 x 10G SFP+ 2 x 1G/10G SFP+ 4 x 1G/10G RJ45 bypass 2 x 100G QSFP28 |
| Network ports mode of operation | In-line monitor, fail-open,fail-close (HW bypass) or TAP/SPAN | |||||
| High availability (HA) | Not available | Not available | Not available | Not available | Not available | Not available |
| Management ports (rear panel) | 2 x 1G RJ45 ports | 2 x 1G RJ45 ports | 2 x 1G | 2 x 1G/10G | 2 x 1G/10G | 2 x 1G/10G |
| IPMI port | 10/100/1000G BASE-T(Rear panel) | 10/100/1000G BASE-T(Rear panel) | 10/100/1000G BASE-T(Rear panel) | 10/100/1000G BASE-T(Rear panel) | 10/100/1000G BASE-T(Rear panel) | 10/100/1000G BASE-T(Rear panel) |
| Front LCD & keypad | Not available | Not available | Not available | Not available | Not available | Not available |
| VGA port | Yes | Yes | Yes | Yes | Yes | Yes |
| USB ports | 2 x USB 2.0 2 x USB 3.2 |
2 x USB 2.0 2 x USB 3.2 |
4 x Type A USB ports (all rear) | 2 x Type A USB ports (all rear) | 2 x Type A USB ports (all rear) | 2 x Type A USB ports (all rear) |
| Serial port (rear panel) | 115,200 bps, no parity, 8 bits, 1 stop bit | 115,200 bps, no parity, 8 bits, 1 stop bit | 115,200 bps, no parity, 8 bits, 1 stop bit | 115,200 bps, no parity, 8 bits, 1 stop bit | 115,200 bps, no parity, 8 bits, 1 stop bit | 115,200 bps, no parity, 8 bits, 1 stop bit |
| Drive capacity | (2) 4 TB HDD, RAID 1, 3.5 inch, FRU | (2) 4 TB HDD, RAID 1, 3.5 inch, FRU | (2) 4 TB HDD, RAID 1, 3.5 inch, FRU | (2) 4 TB HDD, RAID 1, 3.5 inch, FRU | (2) 4 TB HDD, RAID 1, 3.5 inch, FRU | (2) 4 TB HDD, RAID 1, 3.5 inch, FRU |
| Enclosure | 1RU, fits 19-inch Rack | 1RU, fits 19-inch Rack | 2RU, fits 19-inch Rack | 2RU, fits 19-inch Rack | 2RU, fits 19-inch Rack | 2RU, fits 19-inch Rack |
| Chassis dimension WxDxH | 17.2in (437 mm) x 19.98in (507 mm) x 1.7in (43 mm) | 17.2in (437 mm) x 19.98in (507 mm) x 1.7in (43 mm) | 19in (482.6mm) x 26in (660.4mm) x 3.5in (88.9 mm) | 19in (482.6mm) x 26in (660.4mm) x 3.5in (88.9 mm) | 19in (482.6mm) x 26in (660.4mm) x 3.5in (88.9 mm) | 19in (482.6mm) x 26in (660.4mm) x 3.5in (88.9 mm) |
| AC power supply | Redundant (1+1), FRU, 400W with Input 100-240VAC / 6.0 – 3.0A 200-240VDC / 3.4- 3.2A, 50-60 Hz IEC60320- C14 inlet |
Redundant (1+1), FRU, 400W with Input 100-240VAC / 6.0 – 3.0A 200-240VDC / 3.4- 3.2A, 50-60 Hz IEC60320- C14 inlet |
Redundant (1+1), FRU, 920W with Input 100-240V, 11-4.4A, 50-60 Hz IEC60320-C14 inlet | Redundant (1+1), FRU, 1000W/1200W with Input 100- 127/200-240Vac, 15-12A/8.5-7A,50-60 Hz IEC60320-C14 inlet | Redundant (1+1), FRU, 1000W/1200W with Input 100- 127/200-240Vac, 15-12A/8.5-7A,50-60 Hz IEC60320-C14 inlet | Redundant (1+1), FRU, 1000W/1200W with Input 100- 127/200- 240Vac, 15-12A/8.5- 7A, 50-60 Hz IEC60320-C14 inlet |
| Power consumption maximum (watts) | 300 watts | 300 watts | 552 watts | 852 watts | 928 watts | 1100 watts |
| Thermal dissipation maximum (BTU/h) | 1024 BTU/h | 1024 BTU/h | 1883 BTU/h | 2905 BTU/h | 3164 BTU/h | 3751 BTU/h |
| MTBF (h) | Coming Soon | Coming Soon | Coming Soon | Coming Soon | Coming Soon | Coming Soon |
| Appliance alone / as shipped weight in lb. (kg) | 24 lbs (10.8 kg)/ 37lbs (16.7kg) | 24 lbs (10.8 kg)/ 37lbs (16.7kg) | 39 lbs (17.69 kg) / 65 lbs (29.48 kg) | 42 lbs (19.05 kg) / 68 lbs (30.84 kg) | 43 lbs (19.5 kg) 69 lbs (31.3 kg) | 43 lbs (19.5 kg) 69 lbs (31.3 kg) |
| Regulatory compliance safety | EN IEC 62368- 1:2018+A11:2020 | EN IEC 62368- 1:2018+A11:2020 | CAN/CSA 22.2 No. 62368 UL 62368 IEC 62368 EN 62368 BS EN 62368 |
CAN/CSA 22.2 No. 62368 UL 62368 IEC 62368 EN 62368 BS EN 62368 |
CAN/CSA 22.2 No. 62368 UL 62368 IEC 62368 EN 62368 BS EN 62368 |
CAN/CSA 22.2 No. 62368 UL 62368 IEC 62368 EN 62368 BS EN 62368 |
| Regulatory compliance EMC | EN 55032:2015/ A11:2020, EN 55035:2017/A11:2020, EN 61000-3-2:2014, EN 61000-3-3:2013 |
EN 55032:2015/ A11:2020, EN 55035:2017/A11:2020, EN 61000-3-2:2014, EN 61000-3-3:2013 |
FCC Part 15 Class-A CE (Class-A) CNS 13438 CISPR 32 VCCI-CISPR32 EN 55035 EN 55032 EN 61000 ICES-003 KN 32 KN 35 |
FCC Part 15 Class-A CE (Class-A) CNS 13438 CISPR 32 VCCI-CISPR32 EN 55035 EN 55032 EN 61000 ICES-003 KN 32 KN 35 |
FCC Part 15 Class-A CE (Class-A) CNS 13438 CISPR 32 VCCI-CISPR32 EN 55035 EN 55032 EN 61000 ICES-003 KN 32 KN 35 |
FCC Part 15 Class-A CE (Class-A) CNS 13438 CISPR 32 VCCI-CISPR32 EN 55035 EN 55032 EN 61000 ICES-003 KN 32 KN 35 |
| Environmental compliance | RoHS: Directive 2011/65/EU | RoHS: Directive 2011/65/EU | RoHS REACH |
RoHS REACH |
RoHS REACH |
RoHS REACH |
| Operating temperature | 5°C - 35°C (41°F - 95°F) |
5°C - 35°C (41°F - 95°F) |
5–35°C (41–95°F) |
10–35°C (50–95°F) |
10–35°C (50–95°F) |
10–35°C (50–95°F) |
| Non-operating temperature | -40°C - 70°C (-40°F - 158°F) |
-40°C - 70°C (-40°F - 158°F) |
-40°C - 70°C (-40°F - 158°F) |
-40°C - 70°C (-40°F - 158°F) |
-40°C - 70°C (-40°F - 158°F) |
-40°C - 70°C (-40°F - 158°F) |
| Operating relative humidity | 8% - 90% (non-condensing) | 8% - 90% (non-condensing) | 8% - 90% (non-condensing) | 8% - 90% (non-condensing) | 8% - 90% (non-condensing) | 8% - 90% (non-condensing) |
| Non-operating relative humidity | 5% - 95% (non-condensing) | 5% - 95% (non-condensing) | 5% - 95% (non-condensing) | 5% - 95% (non-condensing) | 5% - 95% (non-condensing) | 5% - 95% (non-condensing) |
| Operating altitude | 0-1,524 m 0-5,000 ft |
0-1,524 m 0-5,000 ft |
0-1,524 m 0-5,000 ft |
0-1,524 m 0-5,000 ft |
0-1,524 m 0-5,000 ft |
0-1,524 m 0-5,000 ft |
Documentation
Download the Trellix Network Security Datasheet (.PDF)
Download the Trellix Network Security NX Series Specifications Datasheet (.PDF)
Pricing Notes:
- Pricing and product availability subject to change without notice.
Contact us for Pricing!