- Ability to edit the Yara rules
- Malware analysis tool
City Information Security Officer at a government with 501-1,000 employees
I was desperately looking to automate whatever layers of security we had in place. Our existing infrastructure left my team blind to a constant stream of attacks.
The old approach to security—assigning lots of people to the problem—was no longer feasible. It was very time intensive and employee intensive. It took up so much of our time that it became very unproductive. I was desperately looking to automate whatever layers of security we had in place. The issue came to a head when I spotted suspicious network activity but could not get to the bottom of the problem with legacy signature-based security tools. My staff spent hours manually blocking suspicious connections. We were a sitting duck. Our existing infrastructure left my team blind to a constant stream of attacks. We tested several IPS/IDS type of solutions, including Symantec, Palo Alto Networks, and Cisco—and found them all inadequate for the security challenge we faced.
I decided to try the FireEye Network Threat Prevention Platform. We piloted a proof-of-concept trial. Installation took less than an hour, and almost immediately, the FireEye Network Threat Prevention Platform began providing valuable insight into what was going on in the network —no heavy administration required. We had planned to test the FireEye Network Threat Prevention Platform for 15 days; I knew within the first 24 hours that the solution delivered on its promise. I realized that I can’t get any better bang for the buck.
Used in-line, the FireEye Network Threat Prevention Platform provides the insight we need to stay ahead of advanced threats. The platform monitors Web traffic, by far the most common threat vector used in malware attacks. We are alerted to zero-day exploits and fast-morphing malware to keep sensitive data and systems safe. At the same time, the Network Threat Prevention Platform is capable of shutting down communications with malicious URLs used in targeted attacks. Thanks to the FireEye Multi-Vector Virtual Execution architecture, our security team can spot malware hidden in malicious images, PDFs, Flash, and ZIP/RAR/TNEF archives. Easy-to-digest email alerts validate true threats and help guide our incident response. And a browser-based dashboard cuts through the clutter with clear, actionable information about malware activity.
By every measure, the FireEye Network Threat Prevention Platform has exceeded our expectations. The platform requires little ongoing administration and does not waste the security team’s time with false positives. Instead of chasing down every ambiguous alert, I can spend more time on long-term preparedness and nurturing the security staff. For us, that means better service at a lower cost. FireEye is one of my few “go-to” products when I start my day. The business benefits are far reaching.
Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
Chief Technology Officer & CISO at a healthcare company with 501-1,000 employees
We were looking to find a way to stop malware from getting through. Our overall threat environment is well managed.
To fend off a growing wave of cyber attacks, the clinic had built up a multilayered defense-in-depth security infrastructure. We went as far as blocking out traffic from entire countries known for a high volume of attacks—a step we could take because of our exclusively local customer base.
Still, malware was getting through. Clinic employees would sometimes visit malicious or compromised websites. Malware on these sites sidestepped the clinic’s security measures, leading to several infections and concerns that accounts could be compromised. I signed on to a proof-of-value trial of the FireEye Network Threat Prevention Platform for Web security. The trial soon uncovered malware that our existing security tools had not detected. And later during the test, someone at our clinic clicked on a malicious link—which FireEye immediately detected and blocked. At that point, justifying the purchase was easy. We looked for competitive products, and none were found. I don’t think anybody else had anything anywhere close to where FireEye is. Installation was a breeze, the FireEye platform integrated seamlessly with our legacy security tools. Those tools included a firewall, intrusion prevention system, and Web gateway.
Today, FireEye plays a central role in our security infrastructure. Powered by the FireEye Multi-Vector Virtual Execution engine, the Network Threat Prevention Platform blocks inbound Web exploits and outbound multi-protocol callbacks to stop Web-based attacks.
The FireEye platform does not rely on malware binary signatures, so it identifies attacks that traditional defenses miss. In a typical month, FireEye generated 23 alerts—malware that had slipped past our other defenses. Out of those, 17 required no action because FireEye blocked them automatically. The remaining six were easily thwarted, thanks to clear, actionable alerts from the FireEye platform. We came into this with our eyes wide open. And this solution is really doing what we expected it to do.
FireEye is so effective at blocking attacks that we were even able to defer an upgrade of our IPS solution, saving a significant amount of money. One of the largest benefits of the FireEye platform is less tangible: reputation enhancement. The product works; our overall threat environment is well managed.
Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
Buyer's Guide
Trellix Network Detection and Response
November 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
Senior Network Security Analyst at a manufacturing company with 5,001-10,000 employees
Provides us with better malware, intrusion and incident detection.
What is most valuable?
How has it helped my organization?
It has provided us with better malware, intrusion and incident detection.
What needs improvement?
A lot of false positives.
For how long have I used the solution?
I've been using FireEye NX with web, email, and the malware analysis sandbox tool for two years.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
8/10.
Technical Support:8/10.
Which solution did I use previously and why did I switch?
No previous solution was used.
How was the initial setup?
It wasn't bad, the technical support team walked us through it.
What about the implementation team?
We used a vendor who was 8/10.
What other advice do I have?
Get training with editing Yara rules.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
I like how it detects zero day attacks, APT’s, and other types of malware.
What is most valuable?
I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.
How has it helped my organization?
One of the projects where we were deploying was a POC. When it was tested, it detected one of the world’s most dangerous APTs, like KABA, that was specially designed to target the telecommunication industry. This was one of the many thousands of findings that we were proud of.
What needs improvement?
Almost every feature of the product is on a high level.
For how long have I used the solution?
I have worked on these products from FireEye for three different projects, and I found them wonderful.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
9/10.
Technical Support:10/10.
Which solution did I use previously and why did I switch?
Our clients have used almost all of the best solutions available but most of them were unable to detect about 90% of the threats that FireEye NX can detect.
How was the initial setup?
The initial setup was quite straightforward and easy.
What about the implementation team?
We had implemented it in-house and in fact, I deployed the NX 2400 and NX 7400 devices myself.
What was our ROI?
Both for our clients and for ourselves, ROI was almost 200% more than we expected. We were satisfied.
What's my experience with pricing, setup cost, and licensing?
The initial setup and day-to-day cost is almost the same as other security devices available. However, others fail about 90% of the time to detect threats, APT’s & most importantly zero day attacks, while FireEye can detect them.
Which other solutions did I evaluate?
Of course, we had to check all other products available in the market, research their features, and then we had to compare these products based on benefits to our clients, and the expected ROI.
What other advice do I have?
It's one of the best products around based on its features like detection of almost all types of malware, APT’s, virus and zero day attacks, reporting, and its integration with other FireEye products like CMS, IPS etc.
Disclosure: My company has a business relationship with this vendor other than being a customer: The company I previously worked for iwas the only partner of FireEye for almost one and half years in our country
PreSales Director at a marketing services firm with 51-200 employees
The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security. The one thing that needs to improve is that they use guidance or FDK for max data.
Pros and Cons
- "The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."
- "The world is currently shifting to AI, but FIreEye is not following suit."
What is our primary use case?
My primary use case for this solution is world gateway or an email gateway for forensic tools.
What is most valuable?
The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.
What needs improvement?
The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
I find this product stable.
What do I think about the scalability of the solution?
I find this product scalable for our needs.
How is customer service and technical support?
We have our own qualified tech support team, and we do not find a need for the tech support from FireEye IT.
What's my experience with pricing, setup cost, and licensing?
We looked into other forensic options in the past. We used to use RSA in the past, but it is not the same as FireEye.
What other advice do I have?
The world is currently shifting to AI, Artificial Intelligence engines. FireEye, now has nothing in the road map to shifting to AI. Other companies do have a roadmap for AI integration. Now the hacker is more intelligent. The hacker is going to hack the laptop for example, and an AI engine could be an excellent prevention mechanism.
Disclosure: My company has a business relationship with this vendor other than being a customer: I am a reseller.
Cyber Security Analyst at a tech services company with 51-200 employees
Helps increase response to attacks and reduce client risks
Pros and Cons
- "Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days."
- "The solution's support needs to improve their support."
What is our primary use case?
The tool helps to reduce client risks.
What is most valuable?
Trellix Network Detection and Response helps increase response to attacks. One benefit is increased visibility and simplicity in maintaining it. AI analyzes and relates data based on past performance over the last five days.
What needs improvement?
The solution's support needs to improve their support.
For how long have I used the solution?
I have been working with the product for two years.
What do I think about the stability of the solution?
The tool is stable. However, it has some monthly limitations.
Which solution did I use previously and why did I switch?
Trellix Network Detection and Response differs from other products due to its integration.
How was the initial setup?
Trellix Network Detection and Response's deployment is easy and can be completed in a minute.
What about the implementation team?
My team helps with the tool's deployment.
What other advice do I have?
I would recommend the product to others. I rate it a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Jun 12, 2024
Flag as inappropriateExpert Penetration Tester at a financial services firm with 1,001-5,000 employees
Compatibility with legacy components alleviates the need for additional investments in hardware, software, and training.
Our infrastructure contains an extensive amount of hardware, applications, networks, and online banking systems; each with their own characteristics and potential vulnerabilities. With an environment of this complexity it is imperative to deploy best-in-class security measures. However, with the escalating sophistication of multi-domain attacks it became very evident that traditional security technologies were becoming increasingly inadequate and easily bypassed.
We spoke with a number of security product providers and industry experts, and we began seeing a pattern of recommendations emerging from many sources for the FireEye suite of solutions. We contacted the company and collaborated to identify exactly what we needed to deploy to supplement our existing defenses.
We implemented the FireEye Network Threat Prevention Platform to guard against zero-day Web exploits and multi-protocol callbacks. The most critical success factor for us was the threat detection performance of the solution: After all of our testing was conducted we felt confident that this was the right approach to safeguard the bank from advanced malware, zero-day and targeted attacks. We especially liked the protection against blended attacks that had already evaded multiple layers of legacy security controls.
Another key benefit was the FireEye platform’s ease of integration with our existing security information event management system. Compatibility with legacy components, such as the SIEM system, alleviates the need for additional investments in hardware, software, and training.
In addition to penetration testing, part of my role involves the analysis of malware that specifically targets Internet banking customers. The appliance’s use of the FireEye Multi-Vector Execution engine and the ability to archive suspected malware for later scrutiny have both been major pluses for this aspect of my job. We are continually investigating new security solutions; the FireEye technology has always been extremely compelling to us, and it has been very validating to see the company back this up with its continuously evolving expertise and innovation. The ever-expanding threatscape makes it a constant challenge to keep our environment protected, but FireEye continues to deliver.
Disclosure: PeerSpot has made contact with the reviewer to validate that the person is a real user. The information in the posting is based upon a vendor-supplied case study, but the reviewer has confirmed the content's accuracy.
Security Analyst at a financial services firm with 201-500 employees
Its core functionality is really good, but it could use a little work in the reporting
Pros and Cons
- "It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
- "I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports."
What is our primary use case?
We use FireEye NX to monitor our networking traffic and FireEye EX to monitor our email traffic. So, it's mostly for blocking malicious traffic.
How has it helped my organization?
It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us. It gives us a better view of our network and our email environment.
What is most valuable?
The core functionality: It blocks what we need it to block.
What needs improvement?
I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports.
It could use more user-friendly navigation around the tool.
What do I think about the stability of the solution?
The stability is very good. I have never had issues with uptime.
What do I think about the scalability of the solution?
As far as I know, scalability is good. However, we haven't had the need to scale it up at all.
How are customer service and technical support?
We receive our technical support through a third-party. Directly with FireEye, I'm not sure about technical support.
What was our ROI?
It probably reduces our response time by a day or two. It also increase staff productivity.
What other advice do I have?
It is a good bare bones solution for what they are looking for. However, if they wanted a more a robust solution, then they would probably have to look somewhere else or get additional FireEye products.
It was probably one of the earlier things that we did within the maturity of our security environment. So, it was sort of a starting point. We are still working to get some other things implemented.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Trellix Network Detection and Response Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Popular Comparisons
Microsoft Defender for Office 365
Palo Alto Networks WildFire
Microsoft Defender for Identity
Palo Alto Networks VM-Series
Trend Micro Deep Discovery
Fortinet FortiSandbox
Check Point SandBlast Network
Symantec Advanced Threat Protection
Trellix Advanced Threat Defense
SonicWall Capture Advanced Threat Protection
Ixia ThreatARMOR
Buyer's Guide
Download our free Trellix Network Detection and Response Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How much do independent test results affect your security purchases?
- Holding Security Vendors Accountable
- What can businesses do to improve their security posture?
- When evaluating Advanced Threat Protection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- Compromise Assessment vs Threat Hunting
- What are the main evaluation criteria for you when choosing the right vendor for brand protection services?
- Why is ATP (Advanced Threat Protection) important for companies?
Thanks