Coming October 25: PeerSpot Awards will be announced! Learn more

FireEye Endpoint Security OverviewUNIXBusinessApplication

FireEye Endpoint Security is #12 ranked solution in EDR tools. PeerSpot users give FireEye Endpoint Security an average rating of 8.2 out of 10. FireEye Endpoint Security is most commonly compared to CrowdStrike Falcon: FireEye Endpoint Security vs CrowdStrike Falcon. FireEye Endpoint Security is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
FireEye Endpoint Security Buyer's Guide

Download the FireEye Endpoint Security Buyer's Guide including reviews and more. Updated: September 2022

What is FireEye Endpoint Security?

FireEye Endpoint Security is an integrated endpoint solution that detects, prevents and responds effectively to known malware and threats traditional anti-virus endpoint security products miss. It expands endpoint visibility and provides contextual frontline intelligence to help analysts automate protection, quickly determine the exact scope and level of any attack activity and adapt defenses as needed.

FireEye Endpoint Security Customers

Tech Resources Limited, Globe Telecom, Rizal Commercial Banking Corporation

FireEye Endpoint Security Video

FireEye Endpoint Security Pricing Advice

What users are saying about FireEye Endpoint Security pricing:
  • "It was an annual fee. There was just one overall fee."
  • "It is not so cheap in comparison to Sophos and other solutions."
  • FireEye Endpoint Security Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    Enables us to do IOC-based search across the enterprise and isolate compromised devices
    Pros and Cons
    • "It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised."
    • "It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating."
    • "Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection."
    • "It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents."
    • "They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us."

    What is our primary use case?

    It can be used for ransomware detection and data exfiltration. It is also able to detect Remote Access Trojan (RAT).

    What is most valuable?

    It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised.

    It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating.

    What needs improvement?

    Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.

    It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.

    They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.

    For how long have I used the solution?

    I have been using this solution for two years.

    Buyer's Guide
    FireEye Endpoint Security
    September 2022
    Learn what your peers think about FireEye Endpoint Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,325 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    It is stable. The FireEye team monitors it, and in case it goes down, we get an alert saying that the device is down. We either get their help or troubleshoot it ourselves to get it up and running.

    What do I think about the scalability of the solution?

    It is quite scalable. We have scaled it according to their sizing recommendations. They have devices for different bandwidths, models, and offices.

    We have about 4,000 people who are using this product. In terms of our plans to increase its usage, we are currently studying two options. One of them will basically scale up to about 40,000 instances.

    How are customer service and support?

    Their technical support is good. For each region, they seem to have got local support that takes care of all problems. They have support teams in Singapore, India, and North America.

    How was the initial setup?

    Its initial setup was straightforward. I have done one installation that took about 90 minutes. Virtual installations are straightforward. Physical installations have got some networking interfaces, and one needs to go through the documentation to do it. If you have got the right configuration, it is straightforward.

    What about the implementation team?

    We have about five people within SOC. We manage the engineering and deployment aspects of it. It is not very resource-hungry.

    For its deployment, we just needed about four people. We deployed about 14 appliances and one cloud-based instance. We have automated the deployment. We deployed it via Puppet, so the installation was fast.

    Which other solutions did I evaluate?

    We also use CrowdStrike Falcon, which is also endpoint security. At that time, we chose the best option based on our study. Both Falcon and FireEye were doing good in the market, so we basically went ahead with what was the best at that time. We buy the licenses for both of these and then do the deployment.

    We also use Sophos, but it is signature-based. We have licenses for the normal management control software of Sophos and the agents. We have not used Sophos Intercept X. My understanding is that it is an EDR, and we look forward to doing a study on it.

    What other advice do I have?

    Based on my two years of experience with this solution, I would comfortably recommend this solution.

    I would rate FireEye Endpoint Security an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Group Manager at HCL Technologies
    Real User
    Top 10
    Works in an ecosystem, has a central console, and can enable blocking
    Pros and Cons
    • "If the network has seen something, we can use that to put a block to all the endpoints."
    • "The solution can be expensive."

    What is our primary use case?

    We used it for a compromise assessment. That would be for our client. We deployed the agents. It was for endpoint security.

    We had been using the solution previously for one of the clients. We were using it for six months, and we did a compromise assessment based on the FireEye Endpoints that were deployed across the group. At that point in time, there were a lot of ransomware attacks in the environment, and it was impossible to identify the source of the attack and where it came from. The tools didn't point to that visibility. We had to deploy these agents across the environment and also monitor the environment using the network security appliances provided by FireEye just to monitor.

    We did monitor it for six months, so it was an assessment. In those six months, we did not have another ransomware attack. It was proven the environmental assessment was clean. That was the whole objective of the compromise assessment - to find out if there are any indicators or anything that has gained a foothold in the environment, trying to fend advanced persistent threats from that standpoint.

    What is most valuable?

    It is a great solution. The way it exchanges the information between the entire ecosystem, all the endpoints, as well as the network ATP, can trigger the blocking even if it is seen by some other device. If the network has seen something, we can use that to put a block to all the endpoints.

    It works in an ecosystem. Centrally, from just one console, you can block malicious attacks across your environment. It provides you with the ability to respond to threats better.

    What needs improvement?

    The solution can be expensive.

    If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build.

    In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.

    For how long have I used the solution?

    We used the solution for six months.

    What do I think about the stability of the solution?

    The stability has been very good. There are no bugs or glitches and it doesn’t crash or freeze. It’s reliable.

    What do I think about the scalability of the solution?

    The product can scale. It’s not an issue at all. 20,000 users were using the solution with no problems.

    How are customer service and support?

    We have contacted tech support. Tech support was brilliant. They were very knowledgeable, very skillful, and very responsive, and they knew the subject matter. They knew what we were asking for.

    How was the initial setup?

    The agent installation was okay. It was just a package that was installed. It also provides options to customize and fine-tune based on the system's performance. It's not too heavy on the systems or the servers.

    On the network side of things, I think there were challenges to getting that working. We had to do a couple of alterations in terms of making it work, mainly since the appliance's model was provided using a special-purpose SFP, and the compatible SFP was not available in the client environment at that one point. We had to procure it specifically for that assessment.

    What's my experience with pricing, setup cost, and licensing?

    It’s very costly.

    What other advice do I have?

    I’d recommend the solution to others.

    I would rate the solution eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    FireEye Endpoint Security
    September 2022
    Learn what your peers think about FireEye Endpoint Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,325 professionals have used our research since 2012.
    Manager at a tech company with 1,001-5,000 employees
    Real User
    Top 5
    The most valuable feature is the capacity to collect all the information for forensic analysis purposes.
    Pros and Cons
    • "FireEye Endpoint Security's scalability is awesome. I think it is one of the best on that front."
    • "The reports need more development. They need more details on the reports and more details taking the executive view into consideration."

    What is our primary use case?

    The two primary use cases are towards the process monitor and malware detection for APT (Advanced Persistent Threat).

    How has it helped my organization?

    FireEye Endpoint Security has improved our customers' organizations. Before a customer was with us, they may have worked with Windows Defender. This is for suspicious activity. Then they implement the next solution that is for network monitoring. With that, they deploy the EGX for info security. Now, with these components, they have a lot of visibility on their network and endpoint activity.

    What is most valuable?

    The most valuable feature that my customers have found with solution is the capacity to collect all the information for forensic analysis purposes.

    What needs improvement?

    In my personal and professional view, I think the reports need more development. They need more details on the reports and more details taking the executive view into consideration.

    These reports contain the information that is gathered at the intake solutions. They are more geared for the technician and I think they need more executive information because it is important to talk to the main executives, and for them to see what is happening related to some of those suspicious activities.

    For how long have I used the solution?

    I have been using FireEye Endpoint Security for something like 4 years.

    What do I think about the stability of the solution?

    In terms of stability, we have had some issue related to the deployment and hardware requirements, because most customers need to revalidate all those requirements. For example, if your deployment was on a hyper B environment, we don't know their server. They decrease in the performance of the appliance because in some cases, the requirements are not specifically stated, including the CP or reserve for those components. For example, I may define that the memory requirement is 16 gigabytes with a specific machine build.

    What do I think about the scalability of the solution?

    FireEye Endpoint Security's scalability is awesome. I think it is one of the best on that front. This is because many of its steps are related to the optimization of whole the process, it's ratings and solutions with mail, social network, input solutions, and next generation CMM like Kellogg's. All these are on the single platform called FS. I sold a lot. You can see its integration with print solutions. That's very amazing.

    We have companies with a lot of endpoints. We think we have something like 4000 agents and 2 main appliances.

    How are customer service and technical support?

    Technical support is really great. The support is generally very fast, responding within one day.

    How was the initial setup?

    The main deployment is very simple because it's related to the deployment of an OVA file. The physical deployment is no problem.

    But the deployment needs some special knowledge about the quick console.

    Deployment tales about one week or less.

    What's my experience with pricing, setup cost, and licensing?

    If you compare your solution without the antivirus solution, and the price of the agent, it is a little bit expensive. But when you learn more about the value of forensic analysis, you will pay those costs. The price is expensive compared with other solutions, with the competitors. But it is really fast and really flexible and the user can research the information.

    Which other solutions did I evaluate?

    I think they checked out Kaspersky as well.

    What other advice do I have?

    I would recommend to check how they might pull reports. For example, where the customer modes fall because it's an independent investigation related to an IP.

    On a scale of one to ten, I would give FireEye Endpoint Security a ten, because it's the only good option.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Cyber Defense Advisor | Founder Executive at a tech services company with 1-10 employees
    Real User
    Top 20
    Good support, straightforward deployment, and helpful for instant response to threats and incidents
    Pros and Cons
    • "The response part of EDR was most valuable. We used that to separate the endpoint from the network. We utilized the solution during the instant response. We were also utilizing advanced malware detection capabilities, but we benefited the most from its help with the response."
    • "In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us."

    What is our primary use case?

    I used it in my previous company. From an end-user perspective, I was the manager of the Cyber Defense Center that was in charge of the whole deployment and daily operations. I was using it as a Site Media Operations Manager.

    What is most valuable?

    The response part of EDR was most valuable. We used that to separate the endpoint from the network. We utilized the solution during the instant response. We were also utilizing advanced malware detection capabilities, but we benefited the most from its help with the response.

    What needs improvement?

    In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.

    For how long have I used the solution?

    I used it for one year. 

    How are customer service and support?

    I have no complaints. I would rate them a five out of five.

    Which solution did I use previously and why did I switch?

    It was a new deployment. We previously didn't have any similar solution in that company.

    How was the initial setup?

    It was pretty straightforward. Its deployment took half a month. It was quite a big deployment. We had quite a lot of end-user devices. We deployed it for 10,000 devices. We had around 20 security operations staff members at that time.

    What about the implementation team?

    It was driven by an in-house engineering team, but we leveraged some integrator companies as well. We had three members in the engineering team who took care of the deployment and everyday operations. During the deployment phase, we got help from integrators. So, we had two additional FTEs during the six-month implementation period.

    What was our ROI?

    In terms of ROI, if one is the best, I would rate it a two out of five. We had some false positive detections. We even had some incidents that were not detected. We did not get the expected level of visibility through FireEye.

    What's my experience with pricing, setup cost, and licensing?

    It was an annual fee. There was just one overall fee.

    Which other solutions did I evaluate?

    It was a very hard decision to make. We did a comparison with some other competitor products. One of them was Palo Alto Networks Cortex XDR, which was the biggest competitor at that time. We even checked Microsoft ATP and McAfee. So, we compared a couple of products before selecting FireEye.

    What other advice do I have?

    Organizations trying to or going for the FireEye solution should understand that they won't be able to see under the hood or what is happening within the product. FireEye is quite a black box solution. Understanding why certain findings got a particular verdict is not easy. If you want well-automated operations and you don't have an advanced operations team that wants to check the verdicts and understand how the product is working and making decisions, then it is good for you. If you have proper engineering skills on board and your operations teams want to understand the basic logic within the product that they are using on a daily basis, this might not be the best product for you.

    I would rate it an eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    IT Manager at a tech services company with 51-200 employees
    Real User
    Top 5
    Straightforward to set up, easy to use, and stable
    Pros and Cons
    • "It's a stable solution with good performance."
    • "We would like to solution to offer better security."

    What is our primary use case?

    We primarily use the solution for security. We use it to detect threats and cyber attacks.

    What is most valuable?

    The product is easy to use.

    It's a stable solution with good performance. 

    The scalability is good.

    The installation process is very straightforward.

    What needs improvement?

    We would like to solution to offer better security. 

    For how long have I used the solution?

    I've been dealing with the solution for years.

    What do I think about the stability of the solution?

    The product is quite stable. The performance has been good. There are no bugs or glitches. It doesn't crash or freeze. We find the product to be quite reliable.

    What do I think about the scalability of the solution?

    The solution is capable of scaling. It's not a problem. We have the solution on around 300 endpoints. 

    We have around 150 to 160 users on the solution currently.

    We do plan to increase usage in the future.

    How are customer service and support?

    I've never contacted technical support. I cannot speak to how helpful or responsive they are. 

    How was the initial setup?

    It's not a difficult solution to set up. It's pretty straightforward and simple. 

    I don't recall how much time did it took. It was one of my team members that actually was occupied with the task. It was a while ago as well. I don't know anymore.

    What about the implementation team?

    We worked with external consultants. I don't know exactly what the scope was, however. 

    What's my experience with pricing, setup cost, and licensing?

    We bought a four-year license for the product. We're under a contract with them for that amount of time. 

    Which other solutions did I evaluate?

    We did not evaluate any other EDR products before choosing FireEye. 

    What other advice do I have?

    We are just customers and end-users of the product. We don't have a special business relationship with the company. 

    I'm not sure which version of the solution I'm using. I don't know the version number off-hand. 

    I'd rate the solution at an eight out of ten.

    I'd recommend the solution to other users and organizations.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Delivery Manager at a tech services company with 10,001+ employees
    MSP
    Great containment feature and very user-friendly GUI
    Pros and Cons
    • "A great console with a user-friendly GUI."
    • "Search feature could be made more user-friendly."

    What is our primary use case?

    The solution enables me to monitor all my endpoints and ensure that our agents are reporting to the FireEye management server. That is key for allowing us to see any suspicious traffic coming in. I'm the delivery manager and we are customers of FireEye. 

    What is most valuable?

    I like the console and the GUI is user-friendly. One of the most important and critical features is containment. Suppose something gets infected and there's the possibility of it spreading laterally and causing a problem or compromising a network. FireEye has a feature that enables it to disconnect from a system network so that the infection doesn't spread. 

    Even if an incident occurs at night when support teams are not available, the feature can contain the infection so that when the support teams get to work, they can carry out the remediation part and bring the system back to production.

    What needs improvement?

    I'd like to see the searches enhanced because when I hand over the product to someone without experience, it should be user-friendly to them as well. If the feature was enhanced, and the amount of data that comes in reduced, it would simplify the process for anyone. 

    For how long have I used the solution?

    I've been using this solution for two years. 

    What do I think about the stability of the solution?

    The solution is stable.

    What do I think about the scalability of the solution?

    I haven't had any issues with scalability. 

    How are customer service and support?

    The support is pretty good, we haven't had any problems. 

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    We had a separate team implementing FireEye and there didn't seem to be any issues so I think deployment was relatively straightforward. 

    Which other solutions did I evaluate?

    I prefer FireEye to solutions like CrowdStrike, Carbon Black, and Trend Micro which are not as user-friendly. FireEye is also easier to integrate with the SIEM, so all the logs get pushed and there are no issues getting the device integrated with SIEM. 

    What other advice do I have?

    I rate this solution nine out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Simone Scatolini - PeerSpot reviewer
    System&Security engineer at Var Group SpA
    Reseller
    Top 20
    A strong, stable, and scalable solution with good support

    What is our primary use case?

    We are using all Trellix solutions, and we are also using all McAfee products. Our customers are using virus scan for the old platforms, Endpoint Security, MVISION, File and Folder Encryption, File and Folder Protection, and Device Control, but at the moment, I am really interested in the integration between the new Trellix solution like MVISION and FireEye.

    What is most valuable?

    It is a really strong solution for endpoint security.

    What needs improvement?

    There should be better integration between the ePolicy Orchestrator and FireEye console. The integration of both consoles should be better.

    For how long have I used the solution?

    I have been using this solution for about six years.

    What do I think about the stability of the solution?

    Its stability is perfect.

    What do I think about the scalability of the solution?

    Its scalability is perfect. In our company, we have between 2,000 and 3,000 users, but our installation has about 50,000 endpoints for all customers.

    How are customer service and support?

    They're very good. I am in contact with their support about five times a day, and they respond quickly.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    It was easy. I have been using Trellix since the carbon age. I have been using Trellix since the day it was released.

    Its deployment doesn't take long. 

    What about the implementation team?

    I customize every installation.

    What's my experience with pricing, setup cost, and licensing?

    It is not so cheap in comparison to Sophos and other solutions.

    What other advice do I have?

    Make a really detailed survey of all the systems before implementing any solution on the endpoint. Do not buy the license and try deployment after that.

    I would rate it a 10 out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    Syed Faisal - PeerSpot reviewer
    ICT Manager at SecurEyes
    Real User
    Top 10
    Easy to use, stable, and not heavy on system resources
    Pros and Cons
    • "FireEye Endpoint Security is easy to use and lightweight compared to others."
    • "Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive."

    What is our primary use case?

    We are using this solution for endpoint security against cyber attacks.

    What is most valuable?

    FireEye Endpoint Security is easy to use and lightweight compared to others.

    What needs improvement?

    Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive.

    For how long have I used the solution?

    I have been using FireEye Endpoint Security for a couple of months.

    What do I think about the scalability of the solution?

    This solution is scalable. However, it could improve to be able to be handle large-scale operations. The OS most systems are running I am not sure it can handle a lot of nodes but many companies are coming out with cloud options that should be able to manage much more nodes.

    How are customer service and technical support?

    Technical support can take some time to respond on the first level. They could improve the speed at which they resolve and handle support.

    What about the implementation team?

    We have an administrator and engineer that does the implementation and maintenance of the solution.

    Which other solutions did I evaluate?

    I have evaluated Carbon Black and FortiEDR.

    What other advice do I have?

    I would not recommend this solution to others. However, if you have a small budget then this solution could be a second option.

    I rate FireEye Endpoint Security an eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Download our free FireEye Endpoint Security Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free FireEye Endpoint Security Report and get advice and tips from experienced pros sharing their opinions.