Senior technical consultant at Hitachi Systems Micro Clinic
Real User
Top 10
2024-04-04T07:21:18Z
Apr 4, 2024
The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless. STG needs to... I'm not sure what their roadmap is; they've mentioned full integration, but it hasn't materialized yet. Both the McAfee and FireEye engineering teams need to accelerate the process, as it would definitely benefit customers. The integration between Nextiva and Trellix could also use some work.
Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use.
It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.
Senior Manager at a financial services firm with 10,001+ employees
Real User
2022-11-28T07:55:26Z
Nov 28, 2022
It is not supporting multiple SSLs. If we've got four or five servers and all the traffic has to pass through Fire Eye, and the servers are using their own SSL certificate, FireEye is not supporting this. We'd like the potential for better scaling. Generally, this particular product has a lot of room for improvement.
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
There isn't something missing - even with HX. HX was in the box and was working EDR and antivirus. They just need to keep the updates running and the features stable, and that's it. No new thing is required. The initial setup is not exactly easy. It is an expensive solution.
System Engineer - Security Presales at Raya Integration
Real User
Top 10
2022-02-16T17:38:47Z
Feb 16, 2022
FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically. In the next release, they should add a multiple virtual context feature.
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
Real User
2021-08-31T19:20:06Z
Aug 31, 2021
The support is somewhat lacking with long response times. The expectation is that when it comes to security response, technical support should be readily available.
Sr Technical Consultant at a tech services company with 51-200 employees
Real User
2021-05-18T20:31:56Z
May 18, 2021
Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone. They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules.
I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet.
It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files. FireEye can be improved in terms of network visibility. Some minor enhancements are needed.
IT Senior Consultant at a manufacturing company with 1,001-5,000 employees
Consultant
2019-06-04T07:43:00Z
Jun 4, 2019
It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment. I would also like to be able to block an email based on the content of the subject line. Similarly, if I could block based on a specific hash value then it would be very good.
Head of IT Division at PT Bank Mandiri (Persero) Tbk.
Real User
2019-05-27T16:12:00Z
May 27, 2019
There are three things that can be improved: * Protection testing. When it comes to the protections, it requires a lot of testing to implement. * Local support. They need to beef up the capabilities of local support. * Pricing. The price is a bit high though it is an adequate product. As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web).
Information Security Consultant at a financial services firm with 1,001-5,000 employees
Consultant
2019-04-23T08:23:00Z
Apr 23, 2019
Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.
CEO at a tech services company with 1-10 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.
Security Analyst at a financial services firm with 201-500 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports. It could use more user-friendly navigation around the tool.
I would like to see a smoother dashboard so I could monitor it better. A better depth of view, being able to see deeper into the management process, is what I'd like to see.
System Engineer at a tech services company with 1,001-5,000 employees
Real User
2019-02-25T08:45:00Z
Feb 25, 2019
The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it, like what type of Windows and what type of applications they use, and they have zero control over this. I would like to see more customization of the VMs.
Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier. They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.
Technical lead at a tech services company with 51-200 employees
Real User
2019-02-10T10:06:00Z
Feb 10, 2019
It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning.
PreSales Director at a marketing services firm with 51-200 employees
Reseller
2018-11-11T13:13:00Z
Nov 11, 2018
The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.
Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points.
The solution's support needs to improve their support.
The analytics could be better. It seems heavily influenced by the McAfee and FireEye integration, and that integration still isn't seamless. STG needs to... I'm not sure what their roadmap is; they've mentioned full integration, but it hasn't materialized yet. Both the McAfee and FireEye engineering teams need to accelerate the process, as it would definitely benefit customers. The integration between Nextiva and Trellix could also use some work.
Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use.
The product's integration capabilities are an area of concern where improvements are required.
It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.
It is not supporting multiple SSLs. If we've got four or five servers and all the traffic has to pass through Fire Eye, and the servers are using their own SSL certificate, FireEye is not supporting this. We'd like the potential for better scaling. Generally, this particular product has a lot of room for improvement.
There isn't something missing - even with HX. HX was in the box and was working EDR and antivirus. They just need to keep the updates running and the features stable, and that's it. No new thing is required. The initial setup is not exactly easy. It is an expensive solution.
FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically. In the next release, they should add a multiple virtual context feature.
The support is somewhat lacking with long response times. The expectation is that when it comes to security response, technical support should be readily available.
Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone. They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules.
I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet.
It is very expensive, the price could be better.
Technical packaging could be improved. It would be helpful to receive access to the administration of the product.
It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files. FireEye can be improved in terms of network visibility. Some minor enhancements are needed.
It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment. I would also like to be able to block an email based on the content of the subject line. Similarly, if I could block based on a specific hash value then it would be very good.
There are three things that can be improved: * Protection testing. When it comes to the protections, it requires a lot of testing to implement. * Local support. They need to beef up the capabilities of local support. * Pricing. The price is a bit high though it is an adequate product. As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web).
Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.
Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.
I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports. It could use more user-friendly navigation around the tool.
I would like to see a smoother dashboard so I could monitor it better. A better depth of view, being able to see deeper into the management process, is what I'd like to see.
Cybersecurity posture has room for improvement.
The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it, like what type of Windows and what type of applications they use, and they have zero control over this. I would like to see more customization of the VMs.
Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier. They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.
It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning.
The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.