RiskIQ Illuminate vs Trellix Network Detection and Response comparison

"The solution is stable with 12 years of established historical data."

"Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."

"We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."

"The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money."

"Support is very helpful and responsive."

"Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."

"We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement and that nothing else was infected. It helped us correlate the events and feel confident in our containment."

"Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days."

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"A low-cost service to evaluate the risk score of a supply chain would be very helpful."

"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

"The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."

"If you want to search the hashes in the environment, you need to put in IOCs one by one, making it a very hectic job."

"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

"Management of the appliance could be greatly improved."

"It is an expensive solution."

"Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis."

"FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market."

"When you purchase FireEye Network Security NX, will need to purchase a megabit per second package. You must know your needs from day one."

"It's an expensive solution."

"Because of what the FireEye product does, it has significantly decreased our mean time in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the meantime to analysis decrease by at least tenfold."

"There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product."

"The user fee is not as high but the maintenance fee is expensive."

"The pricing is fair, a little expensive, but fair. We've evaluated other products, and they're similarly priced."