Upgrading to new versions isn't easy and it can take a long time. Also, other solutions' tamper protection features are better than FireEye's. Clients should have access to our local information, but they shouldn't change settings on the system itself.
The solution needs to work on memory consumption. It is too high. EDRs are notorious for this. Technical support could be improved a bit. They are doing a lot with the acquisition and rebranding, and things may take a while to settle.
The solution can be expensive. If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build. In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.
Cyber Defense Advisor | Founder Executive at a tech services company with 1-10 employees
Real User
2022-02-21T09:43:20Z
Feb 21, 2022
In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.
Cyber Security Consultant at a energy/utilities company with 10,001+ employees
Consultant
2022-01-27T13:46:01Z
Jan 27, 2022
The way that signatures work when using this solution could be improved. They could be more user friendly. We would like the ability to select a client's signature from a menu or file share to save time. FireEye allows three releases per day which are automated. If the automation fails for some reason, the release fails. FireEye does not allow manual releases. This is why we are moving away from using this solution.
Learn what your peers think about Trellix Endpoint Security (ENS). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive.
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
Real User
2021-05-25T16:00:34Z
May 25, 2021
Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection. It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents. They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.
Manager at a tech company with 1,001-5,000 employees
Real User
2021-02-02T17:08:00Z
Feb 2, 2021
In my personal and professional view, I think the reports need more development. They need more details on the reports and more details taking the executive view into consideration. These reports contain the information that is gathered at the intake solutions. They are more geared for the technician and I think they need more executive information because it is important to talk to the main executives, and for them to see what is happening related to some of those suspicious activities.
Technical Manager (SOC Operations) at Novac Technology Solutions
Real User
Top 5
2020-08-30T08:33:50Z
Aug 30, 2020
The Linux support is very poor. I use base detection. Currently, they are providing malware protection and logon track features in Windows and Mac. These features aren't available in Linux. It will be helpful to extend these capabilities to Linux. We would also like assets grouping and device lock protection features, which are included in their roadmap.
They could use a Host Intrusion Prevention System (HIPS) and application control module. If you have another endpoint product running on the same machine, you have to fine tune functions from FireEye to avoid performance and user experience issues.
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Real User
2019-08-05T06:24:00Z
Aug 5, 2019
We had a very large problem that has, unfortunately, not been solved. Simply put, when we start the computer the program will not start. We have encouraged FireEye to solve this problem because we have to manually start this product each and every time, and it affects almost thirty percent of our environment. From a security perspective, this is not stable. After using various components in this solution, I get the feeling that not every part of the whole FireEye suite works perfectly with the other parts. Sometimes you have this functionality where the product has the ability to take data from one part of the solution and use it in different parts. Sometimes, however, you don't have this luxury. The solution needs more suitable dashboards that handle things from different perspectives. For example, a CEO and a technician from operations are completely different. The integration and display of the dashboards have to be done better.
* AV management based on manual scan * Manual scan feature is not easily done * A long way of setting hostname set, and * Scheduling over policy which is time taking and I don't feel comfortable.
Trellix Endpoint Security (ENS) is a comprehensive solution designed to protect organizations from advanced cyber threats. With its advanced threat detection capabilities, ENS provides real-time visibility into endpoint activities, enabling proactive threat hunting and response.
It leverages machine learning algorithms to identify and block sophisticated malware, ransomware, and zero-day attacks. ENS also offers robust data loss prevention (DLP) features, preventing sensitive...
Upgrading to new versions isn't easy and it can take a long time. Also, other solutions' tamper protection features are better than FireEye's. Clients should have access to our local information, but they shouldn't change settings on the system itself.
The solution needs to work on memory consumption. It is too high. EDRs are notorious for this. Technical support could be improved a bit. They are doing a lot with the acquisition and rebranding, and things may take a while to settle.
The solution can be expensive. If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build. In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.
There should be better integration between the ePolicy Orchestrator and FireEye console. The integration of both consoles should be better.
In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.
The way that signatures work when using this solution could be improved. They could be more user friendly. We would like the ability to select a client's signature from a menu or file share to save time. FireEye allows three releases per day which are automated. If the automation fails for some reason, the release fails. FireEye does not allow manual releases. This is why we are moving away from using this solution.
We would like to solution to offer better security.
Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive.
Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection. It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents. They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.
In my personal and professional view, I think the reports need more development. They need more details on the reports and more details taking the executive view into consideration. These reports contain the information that is gathered at the intake solutions. They are more geared for the technician and I think they need more executive information because it is important to talk to the main executives, and for them to see what is happening related to some of those suspicious activities.
The Linux support is very poor. I use base detection. Currently, they are providing malware protection and logon track features in Windows and Mac. These features aren't available in Linux. It will be helpful to extend these capabilities to Linux. We would also like assets grouping and device lock protection features, which are included in their roadmap.
Something that needs to improve is the interface. I would also like to see simple processing and reporting online.
They could use a Host Intrusion Prevention System (HIPS) and application control module. If you have another endpoint product running on the same machine, you have to fine tune functions from FireEye to avoid performance and user experience issues.
We had a very large problem that has, unfortunately, not been solved. Simply put, when we start the computer the program will not start. We have encouraged FireEye to solve this problem because we have to manually start this product each and every time, and it affects almost thirty percent of our environment. From a security perspective, this is not stable. After using various components in this solution, I get the feeling that not every part of the whole FireEye suite works perfectly with the other parts. Sometimes you have this functionality where the product has the ability to take data from one part of the solution and use it in different parts. Sometimes, however, you don't have this luxury. The solution needs more suitable dashboards that handle things from different perspectives. For example, a CEO and a technician from operations are completely different. The integration and display of the dashboards have to be done better.
I hope the solution can be used in cloud systems going forward.
* AV management based on manual scan * Manual scan feature is not easily done * A long way of setting hostname set, and * Scheduling over policy which is time taking and I don't feel comfortable.