Certain features in Trellix Network Detection and Response, such as using AL-type commands, may initially pose a challenge for those unfamiliar with such commands. However, once users become accustomed to the system, it becomes easier to use.

FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically.

In the next release, they should add a multiple virtual context feature.

The product's integration capabilities are an area of concern where improvements are required.

It is not supporting multiple SSLs. If we've got four or five servers and all the traffic has to pass through Fire Eye, and the servers are using their own SSL certificate, FireEye is not supporting this. 

We'd like the potential for better scaling. 

Generally, this particular product has a lot of room for improvement.

It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment. I would also like to be able to block an email based on the content of the subject line. Similarly, if I could block based on a specific hash value then it would be very good.

It is not a very secure product. It doesn’t provide 100% protection. The security must be improved. The tool must provide more integrations with different platforms.

Technical packaging could be improved.

It would be helpful to receive access to the administration of the product.

Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone.

They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules.

There are three things that can be improved:

• Protection testing. When it comes to the protections, it requires a lot of testing to implement. 
• Local support. They need to beef up the capabilities of local support. 
• Pricing. The price is a bit high though it is an adequate product.

As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web).

There isn't something missing - even with HX. HX was in the box and was working EDR and antivirus. They just need to keep the updates running and the features stable, and that's it. No new thing is required.

The initial setup is not exactly easy. 

It is an expensive solution.

FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors. FireEye would need to work on these capabilities to have a fuller product offering (especially when all the other major NGFW vendors such as Check Point or Palo Alto offer similar threat emulation capabilities to FireEye).

The support is somewhat lacking with long response times. The expectation is that when it comes to security response, technical support should be readily available.

Cybersecurity posture has room for improvement. 

Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.

It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files.

FireEye can be improved in terms of network visibility. Some minor enhancements are needed.

Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.

Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier.

They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.

It is very expensive, the price could be better. 

1. Granular reporting

Need more attributes for each alert; e.g. protocol, time, type of attack, etc. These attributes could be used for report generation or to aid as search criteria.

2. Rule base

Create an option to create/add/edit rules in the existing policy. Most importantly, create room to add exceptions to false positive alerts. 

3. Use one appliance for both Web detection and email detection to reduce the cost of shipping and delivery.

4. Detection of .zip and .rar files.

I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. 

They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet.

A lot of false positives.

Almost every feature of the product is on a high level.

The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.

I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports.

It could use more user-friendly navigation around the tool.

The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it, like what type of Windows and what type of applications they use, and they have zero control over this. I would like to see more customization of the VMs.

Cluster option is not available in NX, and for false positives we need some customization configuration available, such as a whitelist.

Management of the appliance could be greatly improved. 

They should take a leaf out of the book of Symantec's (Formerly Blue Coat) MAA appliances. The management is super-easy, most features are available through the GUI, and the administrator has an easy to navigate interface that helps in faster threat analysis.

It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning. 

I would like to see a smoother dashboard so I could monitor it better. A better depth of view, being able to see deeper into the management process, is what I'd like to see.