Trellix Network Detection and Response Reviews

Our primary use case is for endpoint protection. We need the solution to integrate with the firewall so that we could get some threat intel based on the kinds of malicious factors that we are getting on the internet at work. We are working to optimize it with the firewall and the other tools we are using for network protection.

Initially, we didn't have much visibility around what is occurring at our applications lower level, for instance, if we are exposed to any malicious attacks or SQL injections. Now, we've integrated FireEye with Splunk, so we get lots of triggers based on policy content associated with FireEye. The solution has allowed for growth and improvement in our information security and security operations teams.

The most valuable feature is FireEye NX.

Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.

From both a network level and security level it's pretty stable and it satisfies our organizational requirements.

The scalability of the solution is above average.

We implemented through a vendor team. I believe it took a five or possibly six-person networking team for the actual implementation. Followed by an information security team for policy configuration.

On a scale of one to 10, with one being the worst and 10 being the best, I would you rate this product an 8. From a security perspective, it's pretty decent. It's just that I have seen it miss some semi loads or triggers when it's integrated with other products. On the flexibility scale, I think that's where the improvement needs to be achieved. 

This solution is our firewall protection.

The most valuable feature is the view into the application.

I would like to see a smoother dashboard so I could monitor it better. A better depth of view, being able to see deeper into the management process, is what I'd like to see.

I would rate this solution at seven out of ten. It works and it's relatively easy to monitor.

Our primary use case is for application filtering and security. 

We use it as a second level of defense for many clients in the telecom field. We use Symantec Blue Coat as a proxy for the web center. We even have a little bit of SSM because we are floating some Symantec traffic on the end for SSM integration. We also use it for oil and gas as a standalone or in remote sites to have a bit of security there.

Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities. 

Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier.

They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.

Stability is fine as long as we don't go deeper into the system. Once we go deeper into the SSM, inspection, and decryption, we get some issues. 

It requires one expert and three technicians for maintenance.

Scalability is smooth. I don't have any issues with the scale. We have the right boxes and the right configuration. For the telecom industry we have around 400 users and in the oil and gas industry, we have 600 users. 

We are also resellers for Palo Alto. 

If you look at the documentation, the initial setup is easy. We had the right training documents to go over and it was simple, it wasn't complicated at all. It took three days for configuration but in total around ten days. 

It requires one expert and three technicians for maintenance.

We are resellers so we implement it ourselves. We got the documentation from Cisco and were able to deploy. 

I was with one of my clients last week and he told me that he's satisfied with the solution because they prevent a lot of attacks and a lot of breaches. 

We're partners with Cisco so we get a reasonable price. It's cheaper than Palo Alto in terms of licensing. We can get cheaper features from Palo Alto though.

The main advice for such product is if you don't have any visibility regarding your application you need to deploy the FireEye solution. Otherwise, you don't have any visibility for the SSM, for the web traffic, and the application solution. If you need security with reasonable pricing, this is a good solution.

I would rate it a seven out of ten. 

We use FireEye NX to monitor our networking traffic and FireEye EX to monitor our email traffic. So, it's mostly for blocking malicious traffic.

It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us. It gives us a better view of our network and our email environment.

The core functionality: It blocks what we need it to block.

I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports.

It could use more user-friendly navigation around the tool.

The stability is very good. I have never had issues with uptime.

As far as I know, scalability is good. However, we haven't had the need to scale it up at all.

We receive our technical support through a third-party. Directly with FireEye, I'm not sure about technical support.

It probably reduces our response time by a day or two. It also increase staff productivity.

It is a good bare bones solution for what they are looking for. However, if they wanted a more a robust solution, then they would probably have to look somewhere else or get additional FireEye products.

It was probably one of the earlier things that we did within the maturity of our security environment. So, it was sort of a starting point. We are still working to get some other things implemented.

We are using the file security scanner. The solution is used to monitor network traffic for network-based malware.

It is very difficult for any organization to identify malicious software and code. With the FireEye product through its deep analysis, it is possible for malicious software to be identified across the network regardless of what the internal systems are. It gives you the ability to monitor the ingress and egress, then identify threats which are otherwise difficult to identify.

The increase in productivity has been about the same. One of the things that the FireEye product does is providing deep analysis. This gives you the detailed analytics about what it has detected. Whereas in a traditional environment with traditional tools, there is a tremendous amount of recovery and research involved to identify the details of the source and the indicators of the compromise. The FireEye product provides 80 to 90 percent of that information from a single pane of glass.

The most valuable features of the FireEye solution is the deep analysis for malicious software.

Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.

FireEye has been one of the market leaders in the stability space from what we have seen over the several years that we've been working with the vendor and the product. They continue to be leaders in this space.

The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks.

The technical support personnel for the FireEye platform has been very responsive, which is a critical factor when you're dealing with malicious software. They have also been very responsive when it comes to configuration and troubleshooting issues specific to the product.

It wasn't a case where we switched from another solution because we had been a long time customer. It wasn't a case of switching, as the company that I work for is a very mature organization with a staff of over 100 in information security with most of them as dedicated encryption service analysts.

Malicious actors have begun to identify when their code is being run in a simulator and are placing weights in their code so some of their malicious triggers don't take place immediately. This makes it more difficult to detect. An improvement that we would like to see is that the vendor continue to escalate their techniques and methods to match those that we are seeing as emerging threats.

The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right.

We have seen ROI.

Because of what the FireEye product does, it has significantly decreased our meantime in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the mean time to analysis decrease by at least tenfold.

There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product.

FireEye was actually the only product that was doing what they were doing.

We did have other vendors on our shortlist.

It brings a tremendous amount of value to your network environment. In terms of what we asked them to do, which is to help us to identify malicious code and threats, their product has delivered.

It is one thing to have an advanced security tool, like FireEye, but equally important to have a staff and security program which puts themselves in positions to leverage the tool properly.

In terms of maturity of the organization that I work with, it has a very mature security posture, which is necessary in our space because we are part of the financial critical infrastructure. So, we've been doing security for a very long time.

We use FireEye to prevent cyber attacks. 

Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening.

It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning. 

FireEye is quite stable. 

We are currently also using Symantec. 

The initial setup was straightforward, not complex. The deployment didn't take too much time. It took around fifteen to twenty days. It took one person to deploy it and we have three administrators using this solution.

We used a third-party to help us with the deployment. We had a good experience with them.

I have seen return of investment in the way that it prevents breaches and attacks.

I would rate this solution an eight out of ten. I would recommend implementing FireEye, it's a great tool.

We implemented this solution for our customers. The primary use case is for Advanced Persistent Threat detection at a network level.

Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser.

The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it, like what type of Windows and what type of applications they use, and they have zero control over this. I would like to see more customization of the VMs.

Their stability is good. 

In terms of scalability, we haven't deployed them on a larger scale. We have only deployed on two appliances. It requires two or three people to administer the device. Usually, those are cybersecurity engineers or network admins. 

Their technical support is very good and responsive. 

FireEye is easy to use and the setup is easy. The deployment could be finished in two hours. Three to four staff are required for the deployment.

The pricing is a little high. 

I would rate it a 7.5 out of ten. 

Our primary use case if for zero-day identifying anomalies and zero-day vulnerabilities without requiring signature recognition.

McAfee didn't even know that there was a vulnerability out there, and this solution found it before McAfee, and then we notified them, and they came up with a patch to remediate that exploit.

The zero-day vulnerabilities feature is the most valuable feature.

Cybersecurity posture has room for improvement. 

It's stable, we haven't had a lot of issues. We get updates when we need them and the vendor is responsive when we have issues.

We have scalability across our whole network. We haven't had any scalability issues at all. It's used daily, as far as for the continuous monitoring required for cybersecurity.

We have the administrators, which is approximately five people that monitor it. Then it's also for our enterprise network, which is over 200k users. They're all sysadmins and cybersecurity engineer type people. 

The support from the company has been wonderful. Any time we've had any issues they responded. 

I did not set it up, but the setup seemed to be straightforward.

We see ROI in the sense that we don't have to react because it stops anything from hurting the network. We can stop it before we have a bigger mess to clean up.

Pricing and licensing are reasonable compared to competitors.

There may be other tools that do this, but FireEye is part of the defense in depth. What other products miss, FireEye tends to pick up.

I would rate it an eight out of ten.