Senior technical consultant at Hitachi Systems Micro Clinic
Real User
Top 10
2024-04-04T07:21:18Z
Apr 4, 2024
The solution has been in place for quite some time – three or four years. We've renewed it several times, and we upgraded from Gen 3 to Gen 4 hardware at one point as well. Currently, it's integrated with our firewall and McAfee IPS. We also have network-based sandboxing deployed. It uses static and dynamic analysis engines, so we get alerts if malicious traffic is detected or harmful objects are downloaded. We've been using their PX solution for packet capture, which is the core of their NDR functionality. But we haven't fully adopted the combined product – NX and PX – yet because they are still separate. The storage requirements for raw packet capture, especially with our traffic levels, make it quite expensive. And that's true for many security products. I feel like NDR is pretty expensive. However, this is especially true about raw packet capture for network telemetry – the storage requirements with RAID 0 become quite expensive, regardless of the solution.
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
System Engineer - Security Presales at Raya Integration
Real User
Top 10
2022-02-16T17:38:47Z
Feb 16, 2022
We use FireEye Network Security to secure the internet link. The solution works as an inline sandbox. Additionally, it can scan and monitor all uploads and downloads, and internet browsed links.
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
Real User
2021-08-31T19:20:06Z
Aug 31, 2021
The solution can be used for detecting malicious traffic based upon known IOCs and it's integrated with the artificial intelligent speed, so we're able to recognize which IOCs are matching and their threat attribution.
We are using it from the perspective of data protection. We have two types of data that is coming. One is the actual data or the customer data that comes into our premises, and the second is the internet traffic that comes into our organization. FireEye devices scan all the traffic that comes through the tools on which we have configured FireEye, and they also analyze a lot of traffic.
Information Security Consultant at a financial services firm with 1,001-5,000 employees
Consultant
2019-04-23T08:23:00Z
Apr 23, 2019
Our primary use case is for endpoint protection. We need the solution to integrate with the firewall so that we could get some threat intel based on the kinds of malicious factors that we are getting on the internet at work. We are working to optimize it with the firewall and the other tools we are using for network protection.
Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points.
The tool helps to reduce client risks.
The solution has been in place for quite some time – three or four years. We've renewed it several times, and we upgraded from Gen 3 to Gen 4 hardware at one point as well. Currently, it's integrated with our firewall and McAfee IPS. We also have network-based sandboxing deployed. It uses static and dynamic analysis engines, so we get alerts if malicious traffic is detected or harmful objects are downloaded. We've been using their PX solution for packet capture, which is the core of their NDR functionality. But we haven't fully adopted the combined product – NX and PX – yet because they are still separate. The storage requirements for raw packet capture, especially with our traffic levels, make it quite expensive. And that's true for many security products. I feel like NDR is pretty expensive. However, this is especially true about raw packet capture for network telemetry – the storage requirements with RAID 0 become quite expensive, regardless of the solution.
We use the solution in our servers and workstations for Endpoint Detection and Response.
In my company, the solution is used for our endpoints.
We use the product because our customers want to fix a web gateway and NDR so that they can watch the incoming traffic.
It is mostly an NTAP tool. It is just blocking the CNC domains. That is the primary use case.
We use FireEye Network Security to secure the internet link. The solution works as an inline sandbox. Additionally, it can scan and monitor all uploads and downloads, and internet browsed links.
The solution can be used for detecting malicious traffic based upon known IOCs and it's integrated with the artificial intelligent speed, so we're able to recognize which IOCs are matching and their threat attribution.
We implement this solution for our clients for the complete protection of their network.
We are using it from the perspective of data protection. We have two types of data that is coming. One is the actual data or the customer data that comes into our premises, and the second is the internet traffic that comes into our organization. FireEye devices scan all the traffic that comes through the tools on which we have configured FireEye, and they also analyze a lot of traffic.
We are using this solution for sandboxing on all channels.
We use FireEye to protect our web and email traffic.
Our primary use of the solution is monitoring network security and intrusion detection.
Our primary use case is for endpoint protection. We need the solution to integrate with the firewall so that we could get some threat intel based on the kinds of malicious factors that we are getting on the internet at work. We are working to optimize it with the firewall and the other tools we are using for network protection.
This solution is our firewall protection.
We use FireEye NX to monitor our networking traffic and FireEye EX to monitor our email traffic. So, it's mostly for blocking malicious traffic.
We are using the file security scanner. The solution is used to monitor network traffic for network-based malware.
We implemented this solution for our customers. The primary use case is for Advanced Persistent Threat detection at a network level.
Our primary use case if for zero-day identifying anomalies and zero-day vulnerabilities without requiring signature recognition.
Our primary use case is for application filtering and security.
We use FireEye to prevent cyber attacks.
My primary use case for this solution is world gateway or an email gateway for forensic tools.