Like many of its competitors, the company's email MPS appliance analyses all the data flowing through the network perimeter, but it also executes all email objects in a virtual machine environment.
In the event that an object passes the usual security tests, it is allowed through but, if the item flags up as breaching security in the virtual machine environment, it is immediately recalled.
Ashar Aziz, the firm's CTO and founder, explained that, if an object or email item is found to be problematic, the appliance recalls the mail item and then quarantines it.
"This is important if the object is an embedded PDF or complex HTML attachment, as conventional IT security systems and software will not detect the presence of malware or similar problems", he told Infosecurity.
"By executing in a virtual computer environment, it is possible to discover what an email item or data object actually does and take action if required", he said.
The process of executing an object in a virtual machine environment, he went on to say, takes anywhere between a few milliseconds to a few tenths of a second.
That timeframe, he claims, may be enough for an infection to start to hit a users' machine – assuming it is opened immediately – but not fully execute.
In the case of a botnet infection for example, he said, the suspect email can be recalled a long time before the infection event begins to execute.
According to FireEye, along with data from its cloud intelligence network, appliance users get the latest security content about malicious attachments targeting zero-day vulnerabilities, malware callback channels, and URL blacklist updates.
"Using the FireEye Email MPS, we've been able to stop over three dozen separate spear phishing attacks over the course of two weeks", said an IT administrator at a US defence contractor, who asked to remain anonymous.
"In our case, we've seen no false quarantines, and by integrating with our FireEye Web MPS, we can quickly trace a zero-day web exploit back to its spear phishing email preventing a breach and saving at least 320 hours of forensic analysis for just one of the incidents", he added.