Trellix Network Detection and Response Reviews

Our primary use case is for endpoint protection. We need the solution to integrate with the firewall so that we could get some threat intel based on the kinds of malicious factors that we are getting on the internet at work. We are working to optimize it with the firewall and the other tools we are using for network protection.

Initially, we didn't have much visibility around what is occurring at our applications lower level, for instance, if we are exposed to any malicious attacks or SQL injections. Now, we've integrated FireEye with Splunk, so we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams.

The most valuable feature is FireEye NX.

Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.

From both a network level and security level it's pretty stable and it satisfies our organizational requirements.

The scalability of the solution is above average.

We implemented through a vendor team. I believe it took a five or possibly six-person networking team for the actual implementation. Followed by an information security team for policy configuration.

On a scale of one to 10, with one being the worst and 10 being the best, I would you rate this product an 8. From a security perspective, it's pretty decent. It's just that I have seen it miss some semi loads or triggers when it's integrated with other products. On the flexibility scale, I think that's where the improvement needs to be achieved. 

Our primary use case is for application filtering and security. 

We use it as a second level of defense for many clients in the telecom field. We use Symantec Blue Coat as a proxy for the web center. We even have a little bit of SSM because we are floating some Symantec traffic on the end for SSM integration. We also use it for oil and gas as a standalone or in remote sites to have a bit of security there.

Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities. 

Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier.

They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.

Stability is fine as long as we don't go deeper into the system. Once we go deeper into the SSM, inspection, and decryption, we get some issues. 

It requires one expert and three technicians for maintenance.

Scalability is smooth. I don't have any issues with the scale. We have the right boxes and the right configuration. For the telecom industry we have around 400 users and in the oil and gas industry, we have 600 users. 

We are also resellers for Palo Alto. 

If you look at the documentation, the initial setup is easy. We had the right training documents to go over and it was simple, it wasn't complicated at all. It took three days for configuration but in total around ten days. 

It requires one expert and three technicians for maintenance.

We are resellers so we implement it ourselves. We got the documentation from Cisco and were able to deploy. 

I was with one of my clients last week and he told me that he's satisfied with the solution because they prevent a lot of attacks and a lot of breaches. 

We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing. We can get cheaper features from Palo Alto though.

The main advice for such product is if you don't have any visibility regarding your application you need to deploy the FireEye solution. Otherwise, you don't have any visibility for the SSM, for the web traffic, and the application solution. If you need security with reasonable pricing, this is a good solution.

I would rate it a seven out of ten. 

We use FireEye to protect our web and email traffic.

The most valuable feature is MVX, which tests all of the files that have been received in an email. It uses virtual machines to test the behavior of the files and determine whether they are malicious in nature. If there is any abnormal activity then the file will be blocked. The corresponding hash value will then be recorded, submitted to the cloud, and added to the blacklist.

It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files.

FireEye can be improved in terms of network visibility. Some minor enhancements are needed.

I have been working with FireEye for about three years.

The stability is very good.

Scalability has been okay until now. If there is a major expansion in the future then we will proceed with that as it comes.

I have been in contact with technical support and I find them to be good.

I found the initial setup straightforward.

We had assistance with the implementation.

My advice to anybody who is implementing this solution is to fine-tune based on the use cases. Test the solution, monitor the alerts, and be proactive about anything that shows up. If there is any abnormal activity then be sure to take action quickly, and also, ensure that there is policy in place for other departments to act accordingly when malicious traffic is detected.

I would rate this solution an eight out of ten.

The solution can be used for detecting malicious traffic based upon known IOCs and it's integrated with the artificial intelligent speed, so we're able to recognize which IOCs are matching and their threat attribution.

I think there are some very functional features in FireEye when you compare the solution to traditional SIEM solutions. Traditional SIEM solutions don't have their own IPS/IDS functionalities and they integrate with third party WANs. In contrast, FireEye has created an ecosystem of products integrated with their own SIEM, which is cloud-based and integrates with network security, email security, host security and the like. 

The support is somewhat lacking with long response times. The expectation is that when it comes to security response, technical support should be readily available.

I've been using this solution for four years. 

The solution is stable. 

The solution is scalable with different modules of NX appliance which is a passive IPS/IDs for different bandwidth capacities. It's a matter of using the appropriate ones. 

The initial setup is straightforward. There is one template for location where we installed the virtual appliance and once that was up and running, it was fine. We had four or five people in the network team that set up the appliances.

We pay an annual subscription fee. 

We evaluated three options and decided to go with FireEye.

I would recommend this solution and rate it nine out of 10. 

We are using it from the perspective of data protection. We have two types of data that is coming. One is the actual data or the customer data that comes into our premises, and the second is the internet traffic that comes into our organization. FireEye devices scan all the traffic that comes through the tools on which we have configured FireEye, and they also analyze a lot of traffic.

It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities.

I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. 

They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet.

We have been using FireEye for a couple of years.

It is stable.

They are very good. They follow the SLA and have two types of support. Premium support is available 24/7, and it is more customized.

We were using an IBM product.

Its installation is quite easy. It is a straightforward installation unless you are using multiple technologies in your environment. If you are using Radware and other stuff, your FireEye needs to understand all the technologies. It needs to understand the data coming in from the switch and the data sent from the hardware devices and the load balancer. It tends to take a little time to understand the data traffic, but it is easy to implement. It takes about an hour.

We had a consultant. Configuring the device takes about an hour, but we also have the backend configuration related to our environment, which takes a bit more time.

We work across the globe. From the data center perspective, we have about 13 locations across the globe where we have implemented this solution. Two to three people are enough for its implementation.

I would recommend this solution to others. We plan to keep using this solution. We have just migrated to the latest FireEye devices.

I would rate FireEye Network Security an eight out of ten.

• Ability to edit the Yara rules
• Malware analysis tool

It has provided us with better malware, intrusion and incident detection.

A lot of false positives.

I've been using FireEye NX with web, email, and the malware analysis sandbox tool for two years.

No issues encountered.

No issues encountered.

8/10.

8/10.

No previous solution was used.

It wasn't bad, the technical support team walked us through it.

We used a vendor who was 8/10.

Get training with editing Yara rules.

I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.

One of the projects where we were deploying was a POC. When it was tested, it detected one of the world’s most dangerous APTs, like KABA, that was specially designed to target the telecommunication industry. This was one of the many thousands of findings that we were proud of.

Almost every feature of the product is on a high level.

I have worked on these products from FireEye for three different projects, and I found them wonderful.

No issues encountered.

No issues encountered.

No issues encountered.

9/10.

10/10.

Our clients have used almost all of the best solutions available but most of them were unable to detect about 90% of the threats that FireEye NX can detect.

The initial setup was quite straightforward and easy.

We had implemented it in-house and in fact, I deployed the NX 2400 and NX 7400 devices myself.

Both for our clients and for ourselves, ROI was almost 200% more than we expected. We were satisfied.

The initial setup and day-to-day cost is almost the same as other security devices available. However, others fail about 90% of the time to detect threats, APT’s & most importantly zero day attacks, while FireEye can detect them.

Of course, we had to check all other products available in the market, research their features, and then we had to compare these products based on benefits to our clients, and the expected ROI.

It's one of the best products around based on its features like detection of almost all types of malware, APT’s, virus and zero day attacks, reporting, and its integration with other FireEye products like CMS, IPS etc.

We are using this solution for sandboxing on all channels.

The most valuable feature is the network security module. It is better than other solutions and it can make and find electrical movement.

Also, the attack vector is a feature that no one else offers.

Overall, it's a great solution.

It is very expensive, the price could be better. 

I have been using FireEye Network Security for a couple of years.

We are using the latest version.

It's a stable solution. It's very agile.

The scalability is great. 

You don't have to purchase another machine, but if you want, you can add another one. It goes through the cluster very smoothly.

I am part of the professional services with multiple organizations and multiple users.

Technical support is great.

The initial setup was complex because there were some bugs, but the professional service of FireEye was able to resolve them.

It took a long time to deploy.

We are a reseller and the professional services of FireEye.

It's an expensive solution.

We evaluated other solutions before choosing FireEye.

I would recommend this solution to others interested in using it.

I would rate FireEye Network Security a nine out of ten.