My main use case for Trellix Network Detection and Response is utilizing an integrated network IDS and IPS, Network Security Manager, and Network Endpoint Security in infrastructure for enterprise network solutions in enterprise organizations.

A specific example of how I use Trellix Network Detection and Response in my organization is that we have a similar solution to ArcSight HP with an IDS IPS solution and Network Security Manager. We place the sensors in the network's in-out traffic detection path, and all traffic in and out from the sensor is monitored. The sensor responds and produces reports and generates alerts on threats and incidents on Network Security Manager. We categorize alerts into categories such as high, low, critical, and medium. Additionally, Network Security Manager has a built-in firewall, which we use to block attacks and threats.

Regarding how I use Trellix Network Detection and Response, we utilize next-generation firewalls, but the problem was that the firewall could not explore packets or scan the network's anomalies and network traffic, which resulted in a heavy load. Therefore, we placed the sensors on the data center network traffic path, and these sensors perform in-depth inspections, including SSL inspections and network detection response. They possess high-performance CPU capabilities, reducing the load on the firewall by 50 percent while performing detections and scans on traffic, leaving the firewall to handle only packet inspections, packet blocking, and URL blocking policies.

View full review »

I mainly use Trellix Network Detection and Response to find zero-day threats, malware, or anything malicious on our clients' endpoint devices.

I can give you a specific example of how I used Trellix Network Detection and Response to spot something malicious. Such a scenario is when a user using a client device logs in to a Tor browser and is using the Tor browser to surf something malicious. On the dashboard, we used to get the alert for the same and we used to investigate from there by looking at the IP, the source IP, the destination IP, and how it is landing on the Tor browser and what the user is doing. We could do all of this with that.

View full review »

My main use case for Trellix Network Detection and Response is for threat detection and response across our workstations and servers.

View full review »

Our main use cases for Trellix Network Detection and Response are centered around network visibility, which allows us to detect suspicious activity. I generally use Trellix Network Detection and Response as a complementary visibility tool instead of standalone dependencies. This is because our team usually combines endpoint SIEM and cloud telemetry with network visibility, making Trellix Network Detection and Response more useful when correlated with other security tools.

View full review »

My main use case for Trellix Network Detection and Response is to continuously analyze network traffic and identify suspicious activity that may indicate security threats. It helps us gain deeper visibility into network behavior and improve our overall threat detection capability.

During routine monitoring with Trellix Network Detection and Response, the platform identified unusual communication between internal systems and external destinations. The activity appeared normal at first glance, but Trellix Network Detection and Response highlighted it as anomalous, allowing us to investigate and address the issue before it escalated.

View full review »

My main use case for Trellix Network Detection and Response is to detect anomalies within the network to ensure that the NDR functionality is delivering what is expected, so primarily the NDR functionality.

A specific example of how I have used Trellix Network Detection and Response in a project is that it provides visibility for clients, allowing them to see all the traffic within their network infrastructure, detect any security triggers that need to be investigated, and take action to protect the network, ensuring there is no unusual or unwanted behavior or traffic.

View full review »

My primary use case for Trellix Network Detection and Response is real-time threat detection, network traffic monitoring, and rapid incident response. I use it to identify malicious activity, prevent unauthorized access, and improve overall network security visibility across the organization.

A practical example of how I have used Trellix Network Detection and Response in my daily work was detecting unusual outbound traffic from a user endpoint. The solution quickly identified the suspicious behavior, generated an alert, and helped us isolate the affected device before any data loss occurred. This significantly reduced investigation time and minimized the security risk.

View full review »

Our main use case for Trellix Network Detection and Response is to maintain oversight of our network traffic and catch any threats or unusual activity as early as possible.

Trellix Network Detection and Response runs in the background monitoring all network traffic, and whenever something unusual comes up, it sends us an alert and we look into it straight away without any delay.

View full review »

Trellix Network Detection and Response is used for monitoring network traffic, detecting advanced threats, identifying suspicious behavior, and improving incident response capability across the organization. View full review »

My main use case for Trellix Network Detection and Response is providing support for our customers, and one of our customers has Trellix, so we had to provide monitoring or specific XDR tools for that customer, including Trellix, Crowdstrike, and many others.

A typical task or incident I have handled using Trellix Network Detection and Response demonstrates that it is a very good tool for XDR, very comfortable to use, and extremely easy to use, making it one of the best XDR tools.

View full review »

I am working with Trellix Network Detection and Response as part of my overall experience with these products today.

Trellix Network Detection and Response is used for threat and response use cases for my clients. The solution correlates telemetry data from the endpoint or security solution, providing a single click of workbook and workbenches in the console for best visibility of root cause. After reviewing the workbenches and workbook, I create the playbooks accordingly, severity-wise.

The threat intelligence feature is helpful for full threat investigation. When I receive major detections from Trellix Network Detection and Response, I initiate some queries from the threat intel, and the threat intel shares with me the verdict and threat severity, which can be critical or high.

Forensic analysis is helpful because I need to collect some infections from infected machines. I first need to determine what the initial root impact machine is and the impacted network. It helps determine where the threats are coming from, and the forensic insights assist in this investigation.

View full review »

The solution has been in place for quite some time – three or four years. We've renewed it several times, and we upgraded from Gen 3 to Gen 4 hardware at one point as well.

Currently, it's integrated with our firewall and McAfee IPS. We also have network-based sandboxing deployed. It uses static and dynamic analysis engines, so we get alerts if malicious traffic is detected or harmful objects are downloaded.

We've been using their PX solution for packet capture, which is the core of their NDR functionality. But we haven't fully adopted the combined product – NX and PX  – yet because they are still separate. 

The storage requirements for raw packet capture, especially with our traffic levels, make it quite expensive.  And that's true for many security products. I feel like NDR is pretty expensive. 

However, this is especially true about raw packet capture for network telemetry – the storage requirements with RAID 0 become quite expensive, regardless of the solution.

View full review »

The primary use case for Trellix Network Detection and Response is network intrusion detection, which is crucial for protecting environments. It helps secure networks and defend against phishing and other attacks created by the networking sector. We use the solution for detection and forensics investigation, reporting incidents such as the source and network path of attacks.

View full review »

We use the solution in our servers and workstations for Endpoint Detection and Response. 

View full review »

In my company, the solution is used for our endpoints.

View full review »

It is mostly an NTAP tool. It is just blocking the CNC domains. That is the primary use case.

View full review »

We use FireEye Network Security to secure the internet link. The solution works as an inline sandbox. Additionally, it can scan and monitor all uploads and downloads, and internet browsed links.

View full review »

The solution can be used for detecting malicious traffic based upon known IOCs and it's integrated with the artificial intelligent speed, so we're able to recognize which IOCs are matching and their threat attribution.

View full review »

We implement this solution for our clients for the complete protection of their network.

View full review »

The tool helps to reduce client risks. 

View full review »

I use the solution in my company's daily operations to conduct threat investigations.

View full review »

We are using it from the perspective of data protection. We have two types of data that is coming. One is the actual data or the customer data that comes into our premises, and the second is the internet traffic that comes into our organization. FireEye devices scan all the traffic that comes through the tools on which we have configured FireEye, and they also analyze a lot of traffic.

View full review »

We are using this solution for sandboxing on all channels.

View full review »

We use FireEye to protect our web and email traffic.

View full review »

Our primary use of the solution is monitoring network security and intrusion detection.

View full review »

Our primary use case is for endpoint protection. We need the solution to integrate with the firewall so that we could get some threat intel based on the kinds of malicious factors that we are getting on the internet at work. We are working to optimize it with the firewall and the other tools we are using for network protection.

View full review »

This solution is our firewall protection.

View full review »

Our primary use case is for application filtering and security. 

View full review »

We use FireEye NX to monitor our networking traffic and FireEye EX to monitor our email traffic. So, it's mostly for blocking malicious traffic.

View full review »

We are using the file security scanner. The solution is used to monitor network traffic for network-based malware.

View full review »

We use FireEye to prevent cyber attacks. 

View full review »

We implemented this solution for our customers. The primary use case is for Advanced Persistent Threat detection at a network level.

View full review »

Our primary use case if for zero-day identifying anomalies and zero-day vulnerabilities without requiring signature recognition.

View full review »

My primary use case for this solution is world gateway or an email gateway for forensic tools.

View full review »

Implementing at customer sites. Conducting pre-sales and PoC demos for customers and providing technical support to customers on behalf of FireEye.

View full review »

We use the product because our customers want to fix a web gateway and NDR so that they can watch the incoming traffic.

View full review »