Trellix VX 12550
Network Security 5th Generation Virtual Execution Smart Grid 2U Appliance

Overview

Trellix Network Security is an effective cyberthreat protection solution that helps your organization minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted, and other evasive attacks hiding in internet traffic. It facilitates efficient resolution of detected security incidents in minutes with concrete evidence, actionable intelligence, and response workflow integration.

With Trellix Network Security, you’re effectively protected against today’s threats whether they:

• Exploit Microsoft Windows, Apple OS X operating systems, or application vulnerabilities
• Are directed at the headquarters or branch offices
• Are hidden in a large volume of inbound internet traffic that must be inspected in real time

Trellix Network Security is available in a variety of form factors and deployment and performance options. It is typically placed in the path of internet traffic behind traditional network security appliances such as next generation firewalls, intrusion prevention systems (IPSs), and secure web gateways (SWGs).

Trellix Network Security supplements these solutions by rapidly detecting both known and unknown attacks with high accuracy and a low rate of false positives, while facilitating an efficient response to each alert.

Typical configuration of Network Security solutions

Features

Benefits

Designed to meet the needs of single-site and distributed multisite organizations, Trellix Network Security delivers several benefits.

Minimizes risk of cyberbreaches

Network Security is a highly effective cyberdefense solution that:

• Prevents intruders from breaking into an organization to steal valuable assets or disrupt business by stopping advanced, targeted, and other evasive attacks
• Stops attacks and contains intrusions faster with concrete evidence, actionable intelligence, inline blocking, and response workflow automation
• Eliminates weak points from an organization’s cyberdefenses with consistent protection for various operating systems, application types, branches, and central sites

Short payback period

Network Security gives you a return on your investment in several ways:

• Focuses security team resources on real attacks to reduce operational expenses
• Optimizes capital spend with a shared MVX service and a large variety of performance points to rightsize deployment to meet requirements
• Reduces future capital outlay with modular and extensible architecture
• Future-proofs security investment by scaling smoothly when the number of branches or the amount of internet traffic grows
• Protects existing investments by allowing cost-free migration from an integrated to a distributed deployment

Technical Advantages

Accurate and actionable threat detection and insights

Network Security uses multiple analysis techniques to detect attacks with high accuracy and a low rate of false alerts.

• The MVX engine detects zero-day, multiflow, and other evasive attacks with dynamic, signature-less analysis in a safe, virtual environment. It stops infection and compromise phases of the cyberattack kill chain by identifying never-before-seen exploits and malware.
• Multiple dynamic machine learning, AI, and correlation engines detect and block obfuscated, targeted, and other customized attacks with contextual, rule-based analysis from real-time insights gathered on the front lines from thousands of hours of incident response experience. Network Security stops the infection, compromise, and intrusion phases of the cyberattack kill chain by identifying malicious exploits, malware, phishing attacks, and command and control callbacks. It also extracts and submits suspicious network traffic to the MVX engine for a definitive verdict analysis. In addition to client-side protection, engines support server-side detection, lateral movement detection, and detection of post-exploitation traffic.
• Alerts generated by Network Security include concrete real-time evidence to quickly respond to, prioritize, and contain targeted and newly discovered attacks. When operating in Evidence Collector mode, Network Security generates Layer 7 metadata, which is sent to Trellix Helix for analysis to provide further security context for your SOC team. In addition, detected threats can also be mapped to the MITRE ATT&CK framework for contextual evidence.

Detection

Capabilities	Benefits
Accurate detection of advanced, targeted, and other evasive attacks	Minimizes risk of costly cyberbreaches
Visibility and detection of post-breach lateral movement	Decreases time to detect post-breach activities and reduces attacker dwell time
Modular and scalable security architecture	Provides investment protection and supports business growth
Consistent level of protection for multi-OS environments and all internet access points	Creates a strong defense across the entire organization for all types of devices
Integrated, distributed, physical, virtual, on-premises, and cloud deployment options	Offers flexibility to align with organizational preferences and resources
Multivector correlation with email and content security	Provides visibility across a wider attack surface

Prevention

Capabilities	Benefits
Immediate blocking of attacks at line rates from 250 Mbps to 10 Gbps	Gives real-time protection against evasive attacks
Visibility into encrypted traffic	Delivers optional built-in TLS 1.3 decryption support on appliances without an additional license fee

Response

Capabilities	Benefits
Low rate of false alerts, riskware categorization, and mapping to MITRE ATT&CK framework	Reduces operational cost of triaging unreliable alerts
Pivot to investigation and alert validation, endpoint containment, and incident response	Automates and simplifies security workflows
Execution evidence and actionable threat intelligence	Accelerates prioritization and resolution of detected security incidents

Comprehensive visibility into suspicious lateral movements

Network Security includes the SmartVision advanced correlation and analytics engine that detects suspicious lateral internal network traffic across the entire network, from the data center to remote branch office locations. With more than 180 rules for lateral movement detection, SmartVision provides full kill-chain detection that targets east-west, server-facing deployments.

SmartVision also includes a machine learning framework with data-exfiltration detection, JA3 detection for identifying encrypted communication, web shell detection (visibility into attacks on web servers), and detection of malware lateral movement. It provides Layer 7 context around every real-time alert and maps adversarial techniques based on the MITRE ATT&CK framework.

Immediate and resilient protection

Network Security offers flexible deployment modes, including out-of-band monitoring via test access point (TAP)/switched port analyzer (SPAN), inline monitoring, or inline active blocking. Inline blocking mode automatically blocks inbound exploits and malware and outbound multiprotocol callbacks. In inline monitoring mode, your organization decides how to respond to generated alerts. In out-of-band prevention mode, Network Security issues TCP resets for out-of-band blocking of TCP or HTTP connections.

Selected models offer an active high-availability option to provide resilience in case of network or device failures.

Wide attack surface coverage

Network Security delivers a consistent level of protection for today’s diverse network environments, providing:

• Support for most common Microsoft Windows, Apple Mac OS X, and Linux operating systems
• Analysis of over 160 different file types, including portable executables, active web content, archives, images, Java, Microsoft, and Adobe applications and multimedia
• Execution of suspicious network traffic against thousands of operating systems, service pack, IoT application type, and application version combinations
• Protection against advanced attacks and malware types that are difficult to detect via signatures: web shell uploads, existing web shells, ransomware, and cryptominers

Validated and prioritized alerts

In addition to detecting genuine attacks, MVX technology is also used to validate alerts detected by conventional signature-matching methods and to identify and prioritize critical threats. Your organization gets these efficiencies:

• IPS with MVX engine validation reduces the time required to triage signature-based detection that’s traditionally prone to false alerts.
• Riskware categorization separates genuine breach attempts from undesirable but less malicious activity (such as adware and spyware) to prioritize alert response.

Response workflow integration

Network Security can be augmented in several ways to automate alert response workflows. For example:

• Trellix Central Management System correlates alerts from both Network Security and Trellix Email Security for a broader view of an attack and to set blocking rules that prevent the attack from spreading further.
• Trellix Network Forensics integrates with Network Security to provide detailed packet captures associated with an alert and enable in-depth investigations.
• Trellix Endpoint Security identifies, validates, and contains compromises detected by Network Security to simplify containment and remediation of affected endpoints.

Flexible Deployment Options

Network Security offers various deployment options to match your organization’s needs and budget.

Integrated Network Security

Standalone, all-in-one hardware appliances with integrated MVX service secure an internet access point at a single site. Network Security is an easy-to-manage, clientless solution that deploys quickly without requiring rules, policies, or tuning.

Distributed Network Security

Extensible appliances with centrally shared MVX service secure internet access points within organizations using the following features and capabilities:

• Network Smart Node physical or virtual appliances analyze internet traffic to detect and block malicious traffic and submit suspicious activity over an encrypted connection to the MVX service for definitive verdict analysis.
• MVX Smart Grid on-premises, centrally located, elastic MVX service offers transparent scalability, built-in N+1 fault tolerance, and automated load balancing.
• Trellix Cloud MVX service subscription ensures privacy by analyzing traffic on the Network Smart Node; only suspicious objects are sent over an encrypted connection to the MVX service, where objects revealed as benign are discarded.
• Protection options on-premises or in the cloud, in addition to standalone and virtual appliances. Trellix offers Network Security in the public cloud with availability in both AWS and Azure.

Distributed deployment models for Network Security

Specifications

	VX 5500	VX 12550
OS support	Linux macOS X Microsoft Windows	Linux macOS X Microsoft Windows
Performance	Up to 2 Gbps	Up to 14 Gbps
High availability (HA)	N+1	N+1
Management ports (rear panel)	1x 10/100/1000 Mbps BASE-T	1x 10/100/1000 Mbps BASE-T
Cluster Ports (rear panel)	3x 10/100/1000 Mbps BASE-T	1x 10/100/1000 Mbps BASE-T, 2x 10 Gbps BASE-T, 4x 10 GigE SFP+ ports
IPMI port	Included	Included
Front LCD & keypad	Not available	Not available
VGA port	Included	Included
USB ports (rear panel)	4x Type A USB ports	2x Type A USB ports
Serial port (rear panel)	115,200 bps, no parity, 8 bits, 1 stop bit	115,200 bps, no parity, 8 bits, 1 stop bit
Drive capacity	2x 2TB 3.5 SAS3 HDD, RAID 1, hot-swappable, FRU	2x 4TB 3.5 SAS3 HDD, RAID 1, hot-swappable, FRU
Enclosure	1RU, fits 19 inch rack	2RU, fits 19 inch rack
Chassis dimension WxDxH	17. 2 x 25.6 x 1.7 In (437 x 650 x 43.2 mm)	17.2 x 31 x 3.5 in (437 x 787 x 89 mm)
DC power supply	Not available	Not available
AC power supply	Redundant (1+1) 750 watt, 100–240 VAC, 8 - 3.8 A, 50–60 Hz, IEC60320-C14, inlet, hot-swappable, FRU	Redundant (1+1) 1000 watt, 100–240 VAC 10.5–4.0A, 50–60 Hz IEC60320-C14 inlet, FRU
Power consumption maximum (watts)	285 watts	660 watts
Thermal dissipation maximum (BTU/h)	972 BTU/h	2594 BTU/h
MTBF (h)	54,200 h	54,041 h
Appliance alone / as shipped weight in lb. (kg)	27.0 lbs (12.2 kg) / 38.0 lbs (17.2 kg)	44 lbs (20 kg) / 71 lbs (32.2 kg)
Security certifications	FIPS 140-2 Level 1, CC NDcPP v2.2e	FIPS 140-2 Level 1, CC NDcPP v2.2e
Regulatory compliance safety	IEC 60950 EN 60950-1 UL 60950 CSA/CAN-C22.2	IEC 60950 EN 60950-1 UL 60950 CSA/CAN-C22.2
Regulatory compliance EMC	FCC Part 15 ICES-003 Class A AS/NZS CISPR 22 CISPR 32 EN 55032 EN 55024 IEC/EN 61000-3-2 IEC/EN 61000- 3-3 IEC/EN 61000- 4-2 V-2/2015 & V-3/2015	FCC Part 15 ICES-003 Class A AS/NZS CISPR 22 CISPR 32 EN 55032 EN 55024 IEC/EN 61000-3-2 IEC/EN 61000- 3-3 IEC/EN 61000- 4-2 V-2/2015 & V-3/2015
Environmental compliance	RoHS Directive 2011/65/EU REACH WEEE Directive 2012/19/EU	RoHS Directive 2011/65/EU REACH WEEE Directive 2012/19/EU
Operating temperature	0–40°C (32–104°F)	0–40°C (32–104°F)
Non-operating temperature	-30–70°C (-22–158°F)	-30–70°C (-22–158°F)
Operating relative humidity	10%–95% at 40°C noncondensing	10%–90% at 40°C noncondensing
Non-operating relative humidity	10%–95% at 60°C noncondensing	10%–95% at 55°C noncondensing
Operating altitude	3,000 m (9,842 ft)	3,000 m (9,842 ft)

Documentation

Download the Trellix Network Security Datasheet (.PDF)

Download the Trellix Network Security NX Series Specifications Datasheet (.PDF)