FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.
Master Consultant (Network Security) at a tech services company with 1,001-5,000 employees
It added a layer of inspection that might be missed by traditional IPS or antivirus products. Features such as IPS are lacking.
What is most valuable?
How has it helped my organization?
I work for a managed services provider, so we don't deploy the product internally but deploy it in customers’ environments. For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before.
What needs improvement?
FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors. FireEye would need to work on these capabilities to have a fuller product offering (especially when all the other major NGFW vendors such as Check Point or Palo Alto offer similar threat emulation capabilities to FireEye).
For how long have I used the solution?
I have been using it for 3-4 years.
Buyer's Guide
Trellix Network Detection and Response
October 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What was my experience with deployment of the solution?
Deployment is extremely easy, and we haven't run into any issues.
Which solution did I use previously and why did I switch?
We also use the same capabilities that come in other products such as Palo Alto (wildfire) or CheckPoint (threat prevention). I don't think there is much difference in the capabilities between either of the products.
How was the initial setup?
Initial setup was very straightforward.
What about the implementation team?
We implement and provide continued managed services coverage for the product.
What other advice do I have?
Currently, I think if you have another product that can provide the same functionality (such as Palo Alto or CheckPoint), and that device is capable of handling the extra load of running these features, then I would consider using those products instead of adding a new product to the network.
Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a vendor partner.
RSSI at SDIS49
Stable threat protection that is easy to set up, and the appliances are good
Pros and Cons
- "The server appliance is good."
- "Technical packaging could be improved."
What is most valuable?
The server appliance is good.
What needs improvement?
Technical packaging could be improved.
It would be helpful to receive access to the administration of the product.
For how long have I used the solution?
We have been working with FireEye Network Security for one year.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
If you choose a good appliance, it could be scalable.
You have a login to your applications.
We are 600 users who are on the payroll, but in total, we have 3,000 and 2,400 of which are volunteers.
How are customer service and technical support?
Technical support is rather good. But it's very restrictive, it's false of maintenance.
If you're don't authenticate it each month, you have to ask for another password and it's a little bit repressive.
Which solution did I use previously and why did I switch?
Previously, we have not used another solution, because it's a compliment to TruePoint Securities.
The CheckPoint product is very strong, but we have found that some cases on CheckPoint lessons are not on the list.
How was the initial setup?
The initial setup was straightforward, you can do it by yourself.
You don't have to find a partner or a FireEye expert.
What's my experience with pricing, setup cost, and licensing?
The pricing is not reasonable. The user fee is not as high but the maintenance fee is expensive.
What other advice do I have?
For the next project, we will be doing comparisons for massive attacks.
We have been customers for five years and we have a very good relationship with them.
It's not the first line of defense. It's for us to subline of defense itself. It depends on the analysis of the threat.
An alternative tool could be Endpoint security.
I think we will put in service for Endpoint Security, soon. But network security is aligned more in your defense unison.
I would rate FireEye Network Security an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Trellix Network Detection and Response
October 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Deputy Assistant Secretary with 201-500 employees
We don't have to react because it stops anything from hurting the network
Pros and Cons
- "We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up."
- "Cybersecurity posture has room for improvement."
What is our primary use case?
Our primary use case if for zero-day identifying anomalies and zero-day vulnerabilities without requiring signature recognition.
How has it helped my organization?
McAfee didn't even know that there was a vulnerability out there, and this solution found it before McAfee, and then we notified them, and they came up with a patch to remediate that exploit.
What is most valuable?
The zero-day vulnerabilities feature is the most valuable feature.
What needs improvement?
Cybersecurity posture has room for improvement.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It's stable, we haven't had a lot of issues. We get updates when we need them and the vendor is responsive when we have issues.
What do I think about the scalability of the solution?
We have scalability across our whole network. We haven't had any scalability issues at all. It's used daily, as far as for the continuous monitoring required for cybersecurity.
We have the administrators, which is approximately five people that monitor it. Then it's also for our enterprise network, which is over 200k users. They're all sysadmins and cybersecurity engineer type people.
How are customer service and technical support?
The support from the company has been wonderful. Any time we've had any issues they responded.
How was the initial setup?
I did not set it up, but the setup seemed to be straightforward.
What was our ROI?
We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up.
What's my experience with pricing, setup cost, and licensing?
Pricing and licensing are reasonable compared to competitors.
What other advice do I have?
There may be other tools that do this, but FireEye is part of the defense in depth. What other products miss, FireEye tends to pick up.
I would rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at Mavisco Resources Sdn Bhd
An easy-to-deploy solution that is scalable, stable, and easy to configure
Pros and Cons
- "The product is very easy to configure."
- "It is not a very secure product."
What is our primary use case?
We use the product because our customers want to fix a web gateway and NDR so that they can watch the incoming traffic.
What is most valuable?
The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.
What needs improvement?
It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.
For how long have I used the solution?
I have been using the solution for about a year.
What do I think about the stability of the solution?
I have no issue with the solution’s stability.
What do I think about the scalability of the solution?
I have no issue with the tool’s scalability.
How was the initial setup?
The initial setup is straightforward. The deployment took 30 minutes.
What about the implementation team?
To deploy the product, we just need to know the customer network and put it as a gateway or bridge. We just need an IP.
What's my experience with pricing, setup cost, and licensing?
The tool is a bit pricey.
What other advice do I have?
I was involved in the proof of concept. If someone requires the tool for their environment, they can use it. Overall, I rate the solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
It has significantly decreased our mean time in being able to identify and detect malicious threats
Pros and Cons
- "The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks."
- "The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right."
What is our primary use case?
We are using the file security scanner. The solution is used to monitor network traffic for network-based malware.
How has it helped my organization?
It is very difficult for any organization to identify malicious software and code. With the FireEye product through its deep analysis, it is possible for malicious software to be identified across the network regardless of what the internal systems are. It gives you the ability to monitor the ingress and egress, then identify threats which are otherwise difficult to identify.
The increase in productivity has been about the same. One of the things that the FireEye product does is providing deep analysis. This gives you the detailed analytics about what it has detected. Whereas in a traditional environment with traditional tools, there is a tremendous amount of recovery and research involved to identify the details of the source and the indicators of the compromise. The FireEye product provides 80 to 90 percent of that information from a single pane of glass.
What is most valuable?
The most valuable features of the FireEye solution is the deep analysis for malicious software.
What needs improvement?
Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.
What do I think about the stability of the solution?
FireEye has been one of the market leaders in the stability space from what we have seen over the several years that we've been working with the vendor and the product. They continue to be leaders in this space.
What do I think about the scalability of the solution?
The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks.
How are customer service and technical support?
The technical support personnel for the FireEye platform has been very responsive, which is a critical factor when you're dealing with malicious software. They have also been very responsive when it comes to configuration and troubleshooting issues specific to the product.
Which solution did I use previously and why did I switch?
It wasn't a case where we switched from another solution because we had been a long time customer. It wasn't a case of switching, as the company that I work for is a very mature organization with a staff of over 100 in information security with most of them as dedicated encryption service analysts.
Malicious actors have begun to identify when their code is being run in a simulator and are placing weights in their code so some of their malicious triggers don't take place immediately. This makes it more difficult to detect. An improvement that we would like to see is that the vendor continue to escalate their techniques and methods to match those that we are seeing as emerging threats.
How was the initial setup?
The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right.
What was our ROI?
We have seen ROI.
Because of what the FireEye product does, it has significantly decreased our meantime in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the mean time to analysis decrease by at least tenfold.
What's my experience with pricing, setup cost, and licensing?
There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product.
Which other solutions did I evaluate?
FireEye was actually the only product that was doing what they were doing.
We did have other vendors on our shortlist.
What other advice do I have?
It brings a tremendous amount of value to your network environment. In terms of what we asked them to do, which is to help us to identify malicious code and threats, their product has delivered.
It is one thing to have an advanced security tool, like FireEye, but equally important to have a staff and security program which puts themselves in positions to leverage the tool properly.
In terms of maturity of the organization that I work with, it has a very mature security posture, which is necessary in our space because we are part of the financial critical infrastructure. So, we've been doing security for a very long time.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Technical Consultant at a tech services company with 51-200 employees
A reliable and complete network protection solution that protects from signature-based and signature-less attacks and has powerful logging
Pros and Cons
- "It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
- "I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went."
- "Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."
- "They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
What is our primary use case?
We implement this solution for our clients for the complete protection of their network.
What is most valuable?
It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye.
I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went.
What needs improvement?
Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone.
They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules.
What do I think about the stability of the solution?
It is very reliable. Its hardware is also very robust. I have not heard anything about device failures. Its hardware can survive at 50-degree temperature.
What do I think about the scalability of the solution?
Its scalability is good, but it depends on the features you are using. If you are using all the features, you might have to upgrade the boxes. It can scale to a certain level. For example, if you have 100 users, it can cater to 120 or 150 users, but it cannot cater to over 200 users. A lot of time, because of money issues or some other issues, customers just buy the hardware for their current needs, and they don't consider the future requirements. It is not something that is related to the scalability of FireEye.
We do not use it in our company. We are a partner of FireEye, and we implement it for our customers. I have seen customers using it for maybe 4,000 or 5,000 users.
How are customer service and technical support?
Their tech support is based in India. They are very supportive.
How was the initial setup?
It is very user-friendly. You just plug in the serial console, and you'll just get all the options. You just type the question mark symbol in CLI, and it will show all available options. The setup was pretty straightforward. I was able to do the basic configuration within 30 minutes. Rules and policy optimization can take a long time, but the basic configuration is pretty smooth and quick.
What's my experience with pricing, setup cost, and licensing?
Its price is a bit high. A small customer cannot buy it. Its licensing is on a yearly basis.
What other advice do I have?
I would definitely recommend this solution. Anyone who is looking for a complete network protection solution and does not have any budget issues should definitely go for it.
I would rate FireEye Network Security a ten out of ten for technology and security.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
OT/ICS Information Security Specialist at SANS
Good support, easy to implement, and proactively tests incoming files for malicious behavior
Pros and Cons
- "The most valuable feature is MVX, which tests all of the files that have been received in an email."
- "It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."
What is our primary use case?
We use FireEye to protect our web and email traffic.
What is most valuable?
The most valuable feature is MVX, which tests all of the files that have been received in an email. It uses virtual machines to test the behavior of the files and determine whether they are malicious in nature. If there is any abnormal activity then the file will be blocked. The corresponding hash value will then be recorded, submitted to the cloud, and added to the blacklist.
What needs improvement?
It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files.
FireEye can be improved in terms of network visibility. Some minor enhancements are needed.
For how long have I used the solution?
I have been working with FireEye for about three years.
What do I think about the stability of the solution?
The stability is very good.
What do I think about the scalability of the solution?
Scalability has been okay until now. If there is a major expansion in the future then we will proceed with that as it comes.
How are customer service and technical support?
I have been in contact with technical support and I find them to be good.
How was the initial setup?
I found the initial setup straightforward.
What about the implementation team?
We had assistance with the implementation.
What other advice do I have?
My advice to anybody who is implementing this solution is to fine-tune based on the use cases. Test the solution, monitor the alerts, and be proactive about anything that shows up. If there is any abnormal activity then be sure to take action quickly, and also, ensure that there is policy in place for other departments to act accordingly when malicious traffic is detected.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Infrastructure at a tech services company with 11-50 employees
Great sandboxing, good reliability, and helpful support
Pros and Cons
- "The solution can scale."
- "It is an expensive solution."
What is most valuable?
There are sandbox capabilities. You can submit malicious files and great feedback, including if there is malware, what it is doing, et cetera.
The way it works is better than others thanks to the sandbox. It can give you simulations in different operating systems and applications and give your real insights from the perspective of a real environment. You gain insights into evasion techniques.
It's not just running in the background on an endpoint. You can do tests and learn. You can do behavior analysis. That's the main feature.
The solution can scale.
What needs improvement?
There isn't something missing - even with HX. HX was in the box and was working EDR and antivirus. They just need to keep the updates running and the features stable, and that's it. No new thing is required.
The initial setup is not exactly easy.
It is an expensive solution.
For how long have I used the solution?
We've been using the solution for six to eight years, since 2014.
What do I think about the stability of the solution?
The stability is okay. It's something they always need to improve and manage. Yet it's quite good overall, so long as it stays updated. I'd rate it nine out of ten.
What do I think about the scalability of the solution?
The solution can scale well. It's not a problem.
We have one client with around 5,000 users, however, the user base varies from customer to customer.
How are customer service and support?
We've dealt with technical support.
They take some time to answer, however, they solve the issue.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I compared this product with something like MD, for example, Forcepoint.
It's about how you are using the solution. If you don't have a Forcepoint Next Generation Firewall proxy you shouldn't go for MD. You should go for FireEye.If you need to use MD, you need to have the other solution as well. It's not working as a standalone. It feeds from other solutions.
How was the initial setup?
The initial setup is a bit complex. It's not simple. For example, in the box, the imaging is very complex.
What about the implementation team?
We implement the solution for our clients.
What's my experience with pricing, setup cost, and licensing?
The product is pricey. We'd like it to cost less. Not all customers can afford it.
What other advice do I have?
I am a deployment engineer. We are not using FireEye for ourselves. We are deploying it to our customers.
We are usually using the latest version since the database will be updated, and the images of the box itself will be updated regularly. It's always better in this kind of solution to have the latest update.
You can get it as a service provided by your cloud provider. With the on-premise, you will get the box, and each type of box has its deployment methodology or deployment technique. For example, if you are going to deploy the NX, you can make it online, and your networking can give it a motherboard from your switch.
I'd rate the solution nine out of ten. It's just a bit complex to set up.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Trellix Network Detection and Response Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Popular Comparisons
Microsoft Defender for Office 365
Palo Alto Networks WildFire
Microsoft Defender for Identity
Palo Alto Networks VM-Series
Trend Micro Deep Discovery
Fortinet FortiSandbox
Check Point SandBlast Network
Symantec Advanced Threat Protection
Trellix Advanced Threat Defense
SonicWall Capture Advanced Threat Protection
Ixia ThreatARMOR
Buyer's Guide
Download our free Trellix Network Detection and Response Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How much do independent test results affect your security purchases?
- Holding Security Vendors Accountable
- What can businesses do to improve their security posture?
- When evaluating Advanced Threat Protection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- Compromise Assessment vs Threat Hunting
- What are the main evaluation criteria for you when choosing the right vendor for brand protection services?
- Why is ATP (Advanced Threat Protection) important for companies?