Try our new research platform with insights from 80,000+ expert users
Information Security Consultant at a financial services firm with 1,001-5,000 employees
Consultant
Enhances security and visibility on all levels
Pros and Cons
  • "Initially, we didn't have much visibility around what is occurring at our applications lower level. For instance, if we are exposed to any malicious attacks or SQL injections. But now we've integrated FireEye with Splunk, so now we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams."
  • "Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."

What is our primary use case?

Our primary use case is for endpoint protection. We need the solution to integrate with the firewall so that we could get some threat intel based on the kinds of malicious factors that we are getting on the internet at work. We are working to optimize it with the firewall and the other tools we are using for network protection.

How has it helped my organization?

Initially, we didn't have much visibility around what is occurring at our applications lower level, for instance, if we are exposed to any malicious attacks or SQL injections. Now, we've integrated FireEye with Splunk, so we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams.

What is most valuable?

The most valuable feature is FireEye NX.

What needs improvement?

Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.

Buyer's Guide
Trellix Network Detection and Response
October 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

From both a network level and security level it's pretty stable and it satisfies our organizational requirements.

What do I think about the scalability of the solution?

The scalability of the solution is above average.

What about the implementation team?

We implemented through a vendor team. I believe it took a five or possibly six-person networking team for the actual implementation. Followed by an information security team for policy configuration.

What other advice do I have?

On a scale of one to 10, with one being the worst and 10 being the best, I would you rate this product an 8. From a security perspective, it's pretty decent. It's just that I have seen it miss some semi loads or triggers when it's integrated with other products. On the flexibility scale, I think that's where the improvement needs to be achieved. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Engineer at IRIS
Reseller
Prevents attacks and breaches but they should emphasize application filtering
Pros and Cons
  • "Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities."
  • "Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."

What is our primary use case?

Our primary use case is for application filtering and security. 

How has it helped my organization?

We use it as a second level of defense for many clients in the telecom field. We use Symantec Blue Coat as a proxy for the web center. We even have a little bit of SSM because we are floating some Symantec traffic on the end for SSM integration. We also use it for oil and gas as a standalone or in remote sites to have a bit of security there.

What is most valuable?

Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities. 

What needs improvement?

Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier.

They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Stability is fine as long as we don't go deeper into the system. Once we go deeper into the SSM, inspection, and decryption, we get some issues. 

It requires one expert and three technicians for maintenance.

What do I think about the scalability of the solution?

Scalability is smooth. I don't have any issues with the scale. We have the right boxes and the right configuration. For the telecom industry we have around 400 users and in the oil and gas industry, we have 600 users. 

Which solution did I use previously and why did I switch?

We are also resellers for Palo Alto. 

How was the initial setup?

If you look at the documentation, the initial setup is easy. We had the right training documents to go over and it was simple, it wasn't complicated at all. It took three days for configuration but in total around ten days. 

It requires one expert and three technicians for maintenance.

What about the implementation team?

We are resellers so we implement it ourselves. We got the documentation from Cisco and were able to deploy. 

What was our ROI?

I was with one of my clients last week and he told me that he's satisfied with the solution because they prevent a lot of attacks and a lot of breaches. 

What's my experience with pricing, setup cost, and licensing?

We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing. We can get cheaper features from Palo Alto though.

What other advice do I have?

The main advice for such product is if you don't have any visibility regarding your application you need to deploy the FireEye solution. Otherwise, you don't have any visibility for the SSM, for the web traffic, and the application solution. If you need security with reasonable pricing, this is a good solution.

I would rate it a seven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Trellix Network Detection and Response
October 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
reviewer1581882 - PeerSpot reviewer
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
Real User
Very functional with its own ecosystem of products integrated with an inbuilt SIEM
Pros and Cons
  • "Very functional and good for detecting malicious traffic."
  • "Technical support could be improved."

What is our primary use case?

The solution can be used for detecting malicious traffic based upon known IOCs and it's integrated with the artificial intelligent speed, so we're able to recognize which IOCs are matching and their threat attribution.

What is most valuable?

I think there are some very functional features in FireEye when you compare the solution to traditional SIEM solutions. Traditional SIEM solutions don't have their own IPS/IDS functionalities and they integrate with third party WANs. In contrast, FireEye has created an ecosystem of products integrated with their own SIEM, which is cloud-based and integrates with network security, email security, host security and the like. 

What needs improvement?

The support is somewhat lacking with long response times. The expectation is that when it comes to security response, technical support should be readily available.

For how long have I used the solution?

I've been using this solution for four years. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable with different modules of NX appliance which is a passive IPS/IDs for different bandwidth capacities. It's a matter of using the appropriate ones. 

How was the initial setup?

The initial setup is straightforward. There is one template for location where we installed the virtual appliance and once that was up and running, it was fine. We had four or five people in the network team that set up the appliances.

What's my experience with pricing, setup cost, and licensing?

We pay an annual subscription fee. 

Which other solutions did I evaluate?

We evaluated three options and decided to go with FireEye.

What other advice do I have?

I would recommend this solution and rate it nine out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user221841 - PeerSpot reviewer
IT Security Manager with 51-200 employees
Vendor
Provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support for high-severity issues.

After the release of our first product we had a lot more exposure with the public and we knew we would attract some unwanted attention. We started looking at solutions for network hardening and intrusion protection.

We engaged The Herjavec Group to perform a network penetration test. THG offers a comprehensive suite of security and network services to organizations around the world, supported by Canada’s largest group of certified security professionals. Although the initial findings from the test showed the existing network to be robust, through practical experience with other similar clients, THG recommended implementing a FireEye Network Threat Prevention Platform. We felt comfortable after seeing the early results of the penetration test but decided to do an in-house demo of the FireEye Network Threat Prevention Platform to see how it would add to the protection of our internal systems and R&D network. As part of the overall evaluation of similar technologies, along with THG’s recommendation to evaluate FireEye, we also looked at several other competitive offerings. Once we had a chance to do our own due diligence, it was clear that there is really nothing else that compares with the FireEye appliance. After the proof of concept, I really didn’t have to do much to justify the investment. We immediately purchased the FireEye Network Threat Prevention Platform.

With any new solution the deployment effort and ongoing management overhead is always a consideration. We’ve been really pleased with how straightforward the FireEye solution is to manage. Installation was very simple, and the solution requires little-to-no ongoing maintenance. Because threat protection is a mission-critical function, we opted for the FireEye Platinum Support program. This level of support provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support engineering for any high-severity issues encountered. Our board of directors are very conscious about the value of the intellectual property that we are constantly creating and very sensitive to security concerns—especially cyber-based threats. You can’t put a price on an attack, especially when it’s your company’s underlying IP at risk. FireEye gives us leading edge protection.

Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
PeerSpot user
Professional Services Division Manager at 2Bsecure
Reseller
Agile, easy to scale, and the network security module is good
Pros and Cons
  • "The most valuable feature is the network security module."
  • "It is very expensive, the price could be better."

What is our primary use case?

We are using this solution for sandboxing on all channels.

What is most valuable?

The most valuable feature is the network security module. It is better than other solutions and it can make and find electrical movement.

Also, the attack vector is a feature that no one else offers.

Overall, it's a great solution.

What needs improvement?

It is very expensive, the price could be better. 

For how long have I used the solution?

I have been using FireEye Network Security for a couple of years.

We are using the latest version.

What do I think about the stability of the solution?

It's a stable solution. It's very agile.

What do I think about the scalability of the solution?

The scalability is great. 

You don't have to purchase another machine, but if you want, you can add another one. It goes through the cluster very smoothly.

I am part of the professional services with multiple organizations and multiple users.

How are customer service and technical support?

Technical support is great.

How was the initial setup?

The initial setup was complex because there were some bugs, but the professional service of FireEye was able to resolve them.

It took a long time to deploy.

What about the implementation team?

We are a reseller and the professional services of FireEye.

What's my experience with pricing, setup cost, and licensing?

It's an expensive solution.

Which other solutions did I evaluate?

We evaluated other solutions before choosing FireEye.

What other advice do I have?

I would recommend this solution to others interested in using it.

I would rate FireEye Network Security a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
SeniorNe6c94 - PeerSpot reviewer
Security Engineer at Tenece Professional services
Reseller
Alert Dashboard is easy to navigate, but detection, reporting, policy management need improvement
Pros and Cons
    • "There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
    • "It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
    • "Stability issues manifested in terms of throughput maximization."

    What is most valuable?

    Simplified Alert Dashboard is straightforward to navigate.

    What needs improvement?

    1. Granular reporting

    Need more attributes for each alert; e.g. protocol, time, type of attack, etc. These attributes could be used for report generation or to aid as search criteria.

    2. Rule base

    Create an option to create/add/edit rules in the existing policy. Most importantly, create room to add exceptions to false positive alerts. 

    3. Use one appliance for both Web detection and email detection to reduce the cost of shipping and delivery.

    4. Detection of .zip and .rar files.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    Stability issues manifested in terms of throughput maximization.

    What do I think about the scalability of the solution?

    There were scalability issues for the appliance-based solution, but not for the cloud-based solution.

    How are customer service and technical support?

    I rate it eight out of 10.

    Which solution did I use previously and why did I switch?

    I was not using anything previously.

    How was the initial setup?

     Straightforward.

    What's my experience with pricing, setup cost, and licensing?

    Use cloud solution; pricing is a bit high.

    Which other solutions did I evaluate?

    Palo Alto.

    What other advice do I have?

    I rate this solution at six out of 10. There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management. It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Value-added reseller.
    PeerSpot user
    PeerSpot user
    Lead Program Manager at a computer software company with 10,001+ employees
    Real User
    Stable, protective, easy to set up, and has a lot of features to scan vulnerabilities
    Pros and Cons
    • "It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities."
    • "I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."

    What is our primary use case?

    We are using it from the perspective of data protection. We have two types of data that is coming. One is the actual data or the customer data that comes into our premises, and the second is the internet traffic that comes into our organization. FireEye devices scan all the traffic that comes through the tools on which we have configured FireEye, and they also analyze a lot of traffic.

    What is most valuable?

    It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities.

    What needs improvement?

    I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. 

    They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet.

    For how long have I used the solution?

    We have been using FireEye for a couple of years.

    What do I think about the stability of the solution?

    It is stable.

    How are customer service and technical support?

    They are very good. They follow the SLA and have two types of support. Premium support is available 24/7, and it is more customized.

    Which solution did I use previously and why did I switch?

    We were using an IBM product.

    How was the initial setup?

    Its installation is quite easy. It is a straightforward installation unless you are using multiple technologies in your environment. If you are using Radware and other stuff, your FireEye needs to understand all the technologies. It needs to understand the data coming in from the switch and the data sent from the hardware devices and the load balancer. It tends to take a little time to understand the data traffic, but it is easy to implement. It takes about an hour.

    What about the implementation team?

    We had a consultant. Configuring the device takes about an hour, but we also have the backend configuration related to our environment, which takes a bit more time.

    We work across the globe. From the data center perspective, we have about 13 locations across the globe where we have implemented this solution. Two to three people are enough for its implementation.

    What other advice do I have?

    I would recommend this solution to others. We plan to keep using this solution. We have just migrated to the latest FireEye devices.

    I would rate FireEye Network Security an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user221847 - PeerSpot reviewer
    Senior Vice President & CIO with 51-200 employees
    Vendor
    We needed a solution which would allow us to proactively address threats.

    We previously relied on a firewall for application-level blocking, an email gateway, and an anti-virus solution to protect our infrastructure. The existing combination was capable of identifying certain malware activity but we found we were always reactively responding to attacks. We were never in a position to proactively address the threats.

    Following a recommendation by an independent security consultant, we performed a detailed evaluation of the FireEye platform. The inherent intelligence of FireEye’s solution was immediately evident and we felt that our purchase of the FireEye Network Threat Prevention Platform represented the final piece in the puzzle to lock down our infrastructure. The FireEye Network Threat Prevention Platform is deployed inline between the firewall and Internet gateway; preventing malicious multi-protocol callbacks and blocking inbound Web exploits that elude our other security measures. As an integral component of the FireEye Network Threat Prevention Platform, the FireEye Multi-Vector Virtual Execution engine confirms zero-day attacks and captures callback destinations to dynamically prevent users from accessing a malicious channel. The signature-less FireEye MVX engine executes suspicious binaries and Web objects against a broad range of browsers, plug-ins, applications, and operating environments to determine the true intent of the malicious code. 

    The FireEye Network Threat Prevention Platform not only protects our users when they visit websites but also when they receive email with malicious attachments or links: having both levels of protection is absolutely critical to us. The whole banking industry is subjected to a huge variety of very sophisticated attacks that exploit both Web and email weaknesses. We see many spear phishing attacks in which malicious emails disguise themselves as coming from legitimate business partners. If users click on a bad link or attachment that initiates a callback, the FireEye Network Threat Prevention Platform blocks it every time. 

    Several of our employees recently received an email that appeared to come from a trusted business partner. Five users tried to open an apparently innocuous attachment but the FireEye Network Threat Prevention Platform detected that it included embedded malware and immediately started blocking the approximately 200 callbacks each machine tried to generate. If any of these reached their intended target they could have severely compromised the bank’s systems but the FireEye solution just doesn’t allow this type of data to leave our network. FireEye has placed us in the position to proactively counter malicious threats; we now don’t have to take a user offline in order to rebuild their PC following an attack. We’re better protected and more productive! Cybercriminals grow smarter all the time, that’s why our use of the FireEye next-generation security platform is now mandatory throughout the bank’s infrastructure.

    Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
    PeerSpot user
    Buyer's Guide
    Download our free Trellix Network Detection and Response Report and get advice and tips from experienced pros sharing their opinions.
    Updated: October 2024
    Buyer's Guide
    Download our free Trellix Network Detection and Response Report and get advice and tips from experienced pros sharing their opinions.