Trellix Network Detection and Response Reviews

If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution.

The feature that I have found most valuable is the ability to block someone. 

It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment. I would also like to be able to block an email based on the content of the subject line. Similarly, if I could block based on a specific hash value then it would be very good.

After the initial testing during deployment, I was very confident that FireEye would work without any issues.

Technical support is good. They respond well, and if we send them software that we think is suspicious then they analyze it in a sandbox and get back to us.

The initial setup and deployment for this solution are straightforward.

We took a week for the deployment to make sure that everything was working. Rather than using inline mode, we initially put FireEye into monitoring mode. That was not the full functionality, but we used it to monitor the alerts. Based on the response that we received from the customer, we were able to put it into inline mode and it started working.

When I compare this solution to its competitors in the market, I find that it is a little expensive. Even the hardware costs are expensive.

This solution generally performs well. I have seen some emails it allowed, which should have been categorized as malicious, but apart from those, I haven't seen any other problems.

I would definitely recommend this product because I have seen many cases where other solutions were not able to catch malware, but FireEye raised a red flag. I have seen it work effectively in a production environment, and even catch zero-day malware when there is no signature present.

I would rate this solution seven and a half out of ten.

Our primary use of the solution is monitoring network security and intrusion detection.

The product has helped improve our organization by being easy to use and integrate. This saves time, trouble and money.

The most valuable features are the ability to detect intrusions and the user-friendly dashboard. The integration with our CM worked well. It gives visibility into what's going on at the user level.

There are three things that can be improved:

• Protection testing. When it comes to the protections, it requires a lot of testing to implement. 
• Local support. They need to beef up the capabilities of local support. 
• Pricing. The price is a bit high though it is an adequate product.

As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web).

FireEye is a very reliable, stable solution. In terms of integrity and interconnectivity, we have no issues with that.

It's a very scalable solution. When we deploy it to the end client we use LANDesk to help us. We have no problems with the deployments. So in terms of the scalability, integrity, and interconnectivity, it works well.

Customer service and technical support could use some enhancement. On a scale from 1 to 10, it is between six and seven. It is serviceable but there is much room for improvement.

FireEye is comparable to other products, such as HX, but seems expensive. It may cause us to look at other products in the market.

Having a product deployed that fills our needs keeps us from having to consider major changes in looking to other products on the market to resolve other issues.

I would rate it a seven out of ten. 

We are using the file security scanner. The solution is used to monitor network traffic for network-based malware.

It is very difficult for any organization to identify malicious software and code. With the FireEye product through its deep analysis, it is possible for malicious software to be identified across the network regardless of what the internal systems are. It gives you the ability to monitor the ingress and egress, then identify threats which are otherwise difficult to identify.

The increase in productivity has been about the same. One of the things that the FireEye product does is providing deep analysis. This gives you the detailed analytics about what it has detected. Whereas in a traditional environment with traditional tools, there is a tremendous amount of recovery and research involved to identify the details of the source and the indicators of the compromise. The FireEye product provides 80 to 90 percent of that information from a single pane of glass.

The most valuable features of the FireEye solution is the deep analysis for malicious software.

Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.

FireEye has been one of the market leaders in the stability space from what we have seen over the several years that we've been working with the vendor and the product. They continue to be leaders in this space.

The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks.

The technical support personnel for the FireEye platform has been very responsive, which is a critical factor when you're dealing with malicious software. They have also been very responsive when it comes to configuration and troubleshooting issues specific to the product.

It wasn't a case where we switched from another solution because we had been a long time customer. It wasn't a case of switching, as the company that I work for is a very mature organization with a staff of over 100 in information security with most of them as dedicated encryption service analysts.

Malicious actors have begun to identify when their code is being run in a simulator and are placing weights in their code so some of their malicious triggers don't take place immediately. This makes it more difficult to detect. An improvement that we would like to see is that the vendor continue to escalate their techniques and methods to match those that we are seeing as emerging threats.

The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right.

We have seen ROI.

Because of what the FireEye product does, it has significantly decreased our meantime in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the mean time to analysis decrease by at least tenfold.

There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product.

FireEye was actually the only product that was doing what they were doing.

We did have other vendors on our shortlist.

It brings a tremendous amount of value to your network environment. In terms of what we asked them to do, which is to help us to identify malicious code and threats, their product has delivered.

It is one thing to have an advanced security tool, like FireEye, but equally important to have a staff and security program which puts themselves in positions to leverage the tool properly.

In terms of maturity of the organization that I work with, it has a very mature security posture, which is necessary in our space because we are part of the financial critical infrastructure. So, we've been doing security for a very long time.

We use the product because our customers want to fix a web gateway and NDR so that they can watch the incoming traffic.

The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.

It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.

I have been using the solution for about a year.

I have no issue with the solution’s stability.

I have no issue with the tool’s scalability.

The initial setup is straightforward. The deployment took 30 minutes.

To deploy the product, we just need to know the customer network and put it as a gateway or bridge. We just need an IP.

The tool is a bit pricey.

I was involved in the proof of concept. If someone requires the tool for their environment, they can use it. Overall, I rate the solution a ten out of ten.

Our primary use case if for zero-day identifying anomalies and zero-day vulnerabilities without requiring signature recognition.

McAfee didn't even know that there was a vulnerability out there, and this solution found it before McAfee, and then we notified them, and they came up with a patch to remediate that exploit.

The zero-day vulnerabilities feature is the most valuable feature.

Cybersecurity posture has room for improvement. 

It's stable, we haven't had a lot of issues. We get updates when we need them and the vendor is responsive when we have issues.

We have scalability across our whole network. We haven't had any scalability issues at all. It's used daily, as far as for the continuous monitoring required for cybersecurity.

We have the administrators, which is approximately five people that monitor it. Then it's also for our enterprise network, which is over 200k users. They're all sysadmins and cybersecurity engineer type people. 

The support from the company has been wonderful. Any time we've had any issues they responded. 

I did not set it up, but the setup seemed to be straightforward.

We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up.

Pricing and licensing are reasonable compared to competitors.

There may be other tools that do this, but FireEye is part of the defense in depth. What other products miss, FireEye tends to pick up.

I would rate it an eight out of ten. 

Simplified Alert Dashboard is straightforward to navigate.

1. Granular reporting

Need more attributes for each alert; e.g. protocol, time, type of attack, etc. These attributes could be used for report generation or to aid as search criteria.

2. Rule base

Create an option to create/add/edit rules in the existing policy. Most importantly, create room to add exceptions to false positive alerts. 

3. Use one appliance for both Web detection and email detection to reduce the cost of shipping and delivery.

4. Detection of .zip and .rar files.

Stability issues manifested in terms of throughput maximization.

There were scalability issues for the appliance-based solution, but not for the cloud-based solution.

I rate it eight out of 10.

I was not using anything previously.

 Straightforward.

Use cloud solution; pricing is a bit high.

Palo Alto.

I rate this solution at six out of 10. There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management. It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives.

FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.

I work for a managed services provider, so we don't deploy the product internally but deploy it in customers’ environments. For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before.

FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors. FireEye would need to work on these capabilities to have a fuller product offering (especially when all the other major NGFW vendors such as Check Point or Palo Alto offer similar threat emulation capabilities to FireEye).

I have been using it for 3-4 years.

Deployment is extremely easy, and we haven't run into any issues.

We also use the same capabilities that come in other products such as Palo Alto (wildfire) or CheckPoint (threat prevention). I don't think there is much difference in the capabilities between either of the products.

Initial setup was very straightforward.

We implement and provide continued managed services coverage for the product.

Currently, I think if you have another product that can provide the same functionality (such as Palo Alto or CheckPoint), and that device is capable of handling the extra load of running these features, then I would consider using those products instead of adding a new product to the network.

There are sandbox capabilities. You can submit malicious files and great feedback, including if there is malware, what it is doing, et cetera.

The way it works is better than others thanks to the sandbox. It can give you simulations in different operating systems and applications and give your real insights from the perspective of a real environment.  You gain insights into evasion techniques. 

It's not just running in the background on an endpoint. You can do tests and learn. You can do behavior analysis. That's the main feature. 

The solution can scale. 

There isn't something missing - even with HX. HX was in the box and was working EDR and antivirus. They just need to keep the updates running and the features stable, and that's it. No new thing is required.

The initial setup is not exactly easy. 

It is an expensive solution.

We've been using the solution for six to eight years, since 2014. 

The stability is okay. It's something they always need to improve and manage. Yet it's quite good overall, so long as it stays updated. I'd rate it nine out of ten. 

The solution can scale well. It's not a problem.

We have one client with around 5,000 users, however, the user base varies from customer to customer. 

We've dealt with technical support. 

They take some time to answer, however, they solve the issue.

Positive

I compared this product with something like MD, for example, Forcepoint.

It's about how you are using the solution. If you don't have a Forcepoint Next Generation Firewall proxy you shouldn't go for MD. You should go for FireEye.If you need to use MD, you need to have the other solution as well. It's not working as a standalone. It feeds from other solutions.

The initial setup is a bit complex. It's not simple. For example, in the box, the imaging is very complex.

We implement the solution for our clients.

The product is pricey. We'd like it to cost less. Not all customers can afford it.

I am a deployment engineer. We are not using FireEye for ourselves. We are deploying it to our customers.

We are usually using the latest version since the database will be updated, and the images of the box itself will be updated regularly. It's always better in this kind of solution to have the latest update.

You can get it as a service provided by your cloud provider. With the on-premise, you will get the box, and each type of box has its deployment methodology or deployment technique. For example, if you are going to deploy the NX, you can make it online, and your networking can give it a motherboard from your switch.

I'd rate the solution nine out of ten. It's just a bit complex to set up.