Trellix Network Detection and Response Reviews, Competitors and Pricing

IT Security Manager with 51-200 employees

May 12, 2015

Provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support for high-severity issues.

After the release of our first product we had a lot more exposure with the public and we knew we would attract some unwanted attention. We started looking at solutions for network hardening and intrusion protection.

We engaged The Herjavec Group to perform a network penetration test. THG offers a comprehensive suite of security and network services to organizations around the world, supported by Canada’s largest group of certified security professionals. Although the initial findings from the test showed the existing network to be robust, through practical experience with other similar clients, THG recommended implementing a FireEye Network Threat Prevention Platform. We felt comfortable after seeing the early results of the penetration test but decided to do an in-house demo of the FireEye Network Threat Prevention Platform to see how it would add to the protection of our internal systems and R&D network. As part of the overall evaluation of similar technologies, along with THG’s recommendation to evaluate FireEye, we also looked at several other competitive offerings. Once we had a chance to do our own due diligence, it was clear that there is really nothing else that compares with the FireEye appliance. After the proof of concept, I really didn’t have to do much to justify the investment. We immediately purchased the FireEye Network Threat Prevention Platform.

With any new solution the deployment effort and ongoing management overhead is always a consideration. We’ve been really pleased with how straightforward the FireEye solution is to manage. Installation was very simple, and the solution requires little-to-no ongoing maintenance. Because threat protection is a mission-critical function, we opted for the FireEye Platinum Support program. This level of support provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support engineering for any high-severity issues encountered. Our board of directors are very conscious about the value of the intellectual property that we are constantly creating and very sensitive to security concerns—especially cyber-based threats. You can’t put a price on an attack, especially when it’s your company’s underlying IP at risk. FireEye gives us leading edge protection.

Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.

Ala Khalil

PreSales Director at a marketing services firm with 51-200 employees

Nov 11, 2018

Download

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security. The one thing that needs to improve is that they use guidance or FDK for max data.

Pros and Cons

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The world is currently shifting to AI, but FIreEye is not following suit."

What is our primary use case?

My primary use case for this solution is world gateway or an email gateway for forensic tools.

What is most valuable?

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.

What needs improvement?

The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I find this product stable.

What do I think about the scalability of the solution?

I find this product scalable for our needs.

How is customer service and technical support?

We have our own qualified tech support team, and we do not find a need for the tech support from FireEye IT.

What's my experience with pricing, setup cost, and licensing?

We looked into other forensic options in the past. We used to use RSA in the past, but it is not the same as FireEye.

What other advice do I have?

The world is currently shifting to AI, Artificial Intelligence engines. FireEye, now has nothing in the road map to shifting to AI. Other companies do have a roadmap for AI integration. Now the hacker is more intelligent. The hacker is going to hack the laptop for example, and an AI engine could be an excellent prevention mechanism.

Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.

Buyer's Guide

Trellix Network Detection and Response

December 2024

Free Report: Trellix Network Detection and Response Reviews and More

Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.

DOWNLOAD NOW

831,265 professionals have used our research since 2012.

reviewer2158416

Cyber Security Analyst at a tech services company with 51-200 employees

Jun 12, 2024

Download

Helps increase response to attacks and reduce client risks

Pros and Cons

"Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days."

"The solution's support needs to improve their support."

What is our primary use case?

The tool helps to reduce client risks.

What is most valuable?

Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days.

What needs improvement?

The solution's support needs to improve their support.

For how long have I used the solution?

I have been working with the product for two years.

What do I think about the stability of the solution?

The tool is stable. However, it has some monthly limitations.

Which solution did I use previously and why did I switch?

Trellix Network Detection and Response differs from other products due to its integration.

How was the initial setup?

Trellix Network Detection and Response's deployment is easy and can be completed in a minute.

What about the implementation team?

My team helps with the tool's deployment.

What other advice do I have?

I would recommend the product to others. I rate it a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Last updated: Jun 12, 2024

it_user221847

Senior Vice President & CIO with 51-200 employees

Apr 12, 2015

We needed a solution which would allow us to proactively address threats.

We previously relied on a firewall for application-level blocking, an email gateway, and an anti-virus solution to protect our infrastructure. The existing combination was capable of identifying certain malware activity but we found we were always reactively responding to attacks. We were never in a position to proactively address the threats.

Following a recommendation by an independent security consultant, we performed a detailed evaluation of the FireEye platform. The inherent intelligence of FireEye’s solution was immediately evident and we felt that our purchase of the FireEye Network Threat Prevention Platform represented the final piece in the puzzle to lock down our infrastructure. The FireEye Network Threat Prevention Platform is deployed inline between the firewall and Internet gateway; preventing malicious multi-protocol callbacks and blocking inbound Web exploits that elude our other security measures. As an integral component of the FireEye Network Threat Prevention Platform, the FireEye Multi-Vector Virtual Execution engine confirms zero-day attacks and captures callback destinations to dynamically prevent users from accessing a malicious channel. The signature-less FireEye MVX engine executes suspicious binaries and Web objects against a broad range of browsers, plug-ins, applications, and operating environments to determine the true intent of the malicious code.

The FireEye Network Threat Prevention Platform not only protects our users when they visit websites but also when they receive email with malicious attachments or links: having both levels of protection is absolutely critical to us. The whole banking industry is subjected to a huge variety of very sophisticated attacks that exploit both Web and email weaknesses. We see many spear phishing attacks in which malicious emails disguise themselves as coming from legitimate business partners. If users click on a bad link or attachment that initiates a callback, the FireEye Network Threat Prevention Platform blocks it every time.

Several of our employees recently received an email that appeared to come from a trusted business partner. Five users tried to open an apparently innocuous attachment but the FireEye Network Threat Prevention Platform detected that it included embedded malware and immediately started blocking the approximately 200 callbacks each machine tried to generate. If any of these reached their intended target they could have severely compromised the bank’s systems but the FireEye solution just doesn’t allow this type of data to leave our network. FireEye has placed us in the position to proactively counter malicious threats; we now don’t have to take a user offline in order to rebuild their PC following an attack. We’re better protected and more productive! Cybercriminals grow smarter all the time, that’s why our use of the FireEye next-generation security platform is now mandatory throughout the bank’s infrastructure.

it_user221844

City Information Security Officer at a government with 501-1,000 employees

Apr 12, 2015

I was desperately looking to automate whatever layers of security we had in place. Our existing infrastructure left my team blind to a constant stream of attacks.

The old approach to security—assigning lots of people to the problem—was no longer feasible. It was very time intensive and employee intensive. It took up so much of our time that it became very unproductive. I was desperately looking to automate whatever layers of security we had in place. The issue came to a head when I spotted suspicious network activity but could not get to the bottom of the problem with legacy signature-based security tools. My staff spent hours manually blocking suspicious connections. We were a sitting duck. Our existing infrastructure left my team blind to a constant stream of attacks. We tested several IPS/IDS type of solutions, including Symantec, Palo Alto Networks, and Cisco—and found them all inadequate for the security challenge we faced.

I decided to try the FireEye Network Threat Prevention Platform. We piloted a proof-of-concept trial. Installation took less than an hour, and almost immediately, the FireEye Network Threat Prevention Platform began providing valuable insight into what was going on in the network —no heavy administration required. We had planned to test the FireEye Network Threat Prevention Platform for 15 days; I knew within the first 24 hours that the solution delivered on its promise. I realized that I can’t get any better bang for the buck.

Used in-line, the FireEye Network Threat Prevention Platform provides the insight we need to stay ahead of advanced threats. The platform monitors Web traffic, by far the most common threat vector used in malware attacks. We are alerted to zero-day exploits and fast-morphing malware to keep sensitive data and systems safe. At the same time, the Network Threat Prevention Platform is capable of shutting down communications with malicious URLs used in targeted attacks. Thanks to the FireEye Multi-Vector Virtual Execution architecture, our security team can spot malware hidden in malicious images, PDFs, Flash, and ZIP/RAR/TNEF archives. Easy-to-digest email alerts validate true threats and help guide our incident response. And a browser-based dashboard cuts through the clutter with clear, actionable information about malware activity.

By every measure, the FireEye Network Threat Prevention Platform has exceeded our expectations. The platform requires little ongoing administration and does not waste the security team’s time with false positives. Instead of chasing down every ambiguous alert, I can spend more time on long-term preparedness and nurturing the security staff. For us, that means better service at a lower cost. FireEye is one of my few “go-to” products when I start my day. The business benefits are far reaching.

it_user221838

Chief Technology Officer & CISO at a healthcare company with 501-1,000 employees

Apr 12, 2015

We were looking to find a way to stop malware from getting through. Our overall threat environment is well managed.

To fend off a growing wave of cyber attacks, the clinic had built up a multilayered defense-in-depth security infrastructure. We went as far as blocking out traffic from entire countries known for a high volume of attacks—a step we could take because of our exclusively local customer base.

Still, malware was getting through. Clinic employees would sometimes visit malicious or compromised websites. Malware on these sites sidestepped the clinic’s security measures, leading to several infections and concerns that accounts could be compromised. I signed on to a proof-of-value trial of the FireEye Network Threat Prevention Platform for Web security. The trial soon uncovered malware that our existing security tools had not detected. And later during the test, someone at our clinic clicked on a malicious link—which FireEye immediately detected and blocked. At that point, justifying the purchase was easy. We looked for competitive products, and none were found. I don’t think anybody else had anything anywhere close to where FireEye is. Installation was a breeze, the FireEye platform integrated seamlessly with our legacy security tools. Those tools included a firewall, intrusion prevention system, and Web gateway.

Today, FireEye plays a central role in our security infrastructure. Powered by the FireEye Multi-Vector Virtual Execution engine, the Network Threat Prevention Platform blocks inbound Web exploits and outbound multi-protocol callbacks to stop Web-based attacks.

The FireEye platform does not rely on malware binary signatures, so it identifies attacks that traditional defenses miss. In a typical month, FireEye generated 23 alerts—malware that had slipped past our other defenses. Out of those, 17 required no action because FireEye blocked them automatically. The remaining six were easily thwarted, thanks to clear, actionable alerts from the FireEye platform. We came into this with our eyes wide open. And this solution is really doing what we expected it to do.

FireEye is so effective at blocking attacks that we were even able to defer an upgrade of our IPS solution, saving a significant amount of money. One of the largest benefits of the FireEye platform is less tangible: reputation enhancement. The product works; our overall threat environment is well managed.

Security4668

Security Analyst at a financial services firm with 201-500 employees

Mar 24, 2019

Download

Its core functionality is really good, but it could use a little work in the reporting

Pros and Cons

"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."

"I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."

What is our primary use case?

We use FireEye NX to monitor our networking traffic and FireEye EX to monitor our email traffic. So, it's mostly for blocking malicious traffic.

How has it helped my organization?

It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us. It gives us a better view of our network and our email environment.

What is most valuable?

The core functionality: It blocks what we need it to block.

What needs improvement?

I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports.

It could use more user-friendly navigation around the tool.

What do I think about the stability of the solution?

The stability is very good. I have never had issues with uptime.

What do I think about the scalability of the solution?

As far as I know, scalability is good. However, we haven't had the need to scale it up at all.

How are customer service and technical support?

We receive our technical support through a third-party. Directly with FireEye, I'm not sure about technical support.

What was our ROI?

It probably reduces our response time by a day or two. It also increase staff productivity.

What other advice do I have?

It is a good bare bones solution for what they are looking for. However, if they wanted a more a robust solution, then they would probably have to look somewhere else or get additional FireEye products.

It was probably one of the earlier things that we did within the maturity of our security environment. So, it was sort of a starting point. We are still working to get some other things implemented.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Sysengine0946

System Engineer at a tech services company with 1,001-5,000 employees

Mar 7, 2019

Download

Protects the users' browser by finding zero-day threats and malware

Pros and Cons

"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."

"The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it. Like what type of Windows and what type of applications and they have zero control over this."

What is our primary use case?

We implemented this solution for our customers. The primary use case is for Advanced Persistent Threat detection at a network level.

How has it helped my organization?

Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser.

What needs improvement?

The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it, like what type of Windows and what type of applications they use, and they have zero control over this. I would like to see more customization of the VMs.

For how long have I used the solution?

Still implementing.

What do I think about the stability of the solution?

Their stability is good.

What do I think about the scalability of the solution?

In terms of scalability, we haven't deployed them on a larger scale. We have only deployed on two appliances. It requires two or three people to administer the device. Usually, those are cybersecurity engineers or network admins.

How are customer service and technical support?

Their technical support is very good and responsive.

How was the initial setup?

FireEye is easy to use and the setup is easy. The deployment could be finished in two hours. Three to four staff are required for the deployment.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little high.

What other advice do I have?

I would rate it a 7.5 out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.