Trellix Network Detection and Response Reviews

My primary use case for this solution is world gateway or an email gateway for forensic tools.

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.

The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.

I find this product stable.

I find this product scalable for our needs.

We have our own qualified tech support team, and we do not find a need for the tech support from FireEye IT. 

We looked into other forensic options in the past. We used to use RSA in the past, but it is not the same as FireEye.

The world is currently shifting to AI, Artificial Intelligence engines. FireEye, now has nothing in the road map to shifting to AI. Other companies do have a roadmap for AI integration. Now the hacker is more intelligent. The hacker is going to hack the laptop for example, and an AI engine could be an excellent prevention mechanism.

Simplified Alert Dashboard is straightforward to navigate.

1. Granular reporting

Need more attributes for each alert; e.g. protocol, time, type of attack, etc. These attributes could be used for report generation or to aid as search criteria.

2. Rule base

Create an option to create/add/edit rules in the existing policy. Most importantly, create room to add exceptions to false positive alerts. 

3. Use one appliance for both Web detection and email detection to reduce the cost of shipping and delivery.

4. Detection of .zip and .rar files.

Stability issues manifested in terms of throughput maximization.

There were scalability issues for the appliance-based solution, but not for the cloud-based solution.

I rate it eight out of 10.

I was not using anything previously.

 Straightforward.

Use cloud solution; pricing is a bit high.

Palo Alto.

I rate this solution at six out of 10. There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management. It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives.

Implementing at customer sites. Conducting pre-sales and PoC demos for customers and providing technical support to customers on behalf of FireEye.

Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security.

The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive. It has helped FireEye be the first ones to announce zero-days on many occasions.

Management of the appliance could be greatly improved. 

They should take a leaf out of the book of Symantec's (Formerly Blue Coat) MAA appliances. The management is super-easy, most features are available through the GUI, and the administrator has an easy to navigate interface that helps in faster threat analysis.

FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.

I work for a managed services provider, so we don't deploy the product internally but deploy it in customers’ environments. For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before.

FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors. FireEye would need to work on these capabilities to have a fuller product offering (especially when all the other major NGFW vendors such as Check Point or Palo Alto offer similar threat emulation capabilities to FireEye).

I have been using it for 3-4 years.

Deployment is extremely easy, and we haven't run into any issues.

We also use the same capabilities that come in other products such as Palo Alto (wildfire) or CheckPoint (threat prevention). I don't think there is much difference in the capabilities between either of the products.

Initial setup was very straightforward.

We implement and provide continued managed services coverage for the product.

Currently, I think if you have another product that can provide the same functionality (such as Palo Alto or CheckPoint), and that device is capable of handling the extra load of running these features, then I would consider using those products instead of adding a new product to the network.

• Call back
• Zero day attack

We have discovered different malware which was basically a zero day attack and call back.

Cluster option is not available in NX, and for false positives we need some customization configuration available, such as a whitelist.

I've used it for one year.

No issues encounter.

No issues encounter.

No issues encounter.

It's very good.

It's very good.

Different IPS and end point products were used. FireEye has a different concept for the handling of ATP and malware with a virtual machine which resides in their box.

It was simple and straightforward.

We have implemented it ourselves on customer premises.

It is a good product to implement, especially where the existing technology fails to detect zero day attacks.

• Ability to edit the Yara rules
• Malware analysis tool

It has provided us with better malware, intrusion and incident detection.

A lot of false positives.

I've been using FireEye NX with web, email, and the malware analysis sandbox tool for two years.

No issues encountered.

No issues encountered.

8/10.

8/10.

No previous solution was used.

It wasn't bad, the technical support team walked us through it.

We used a vendor who was 8/10.

Get training with editing Yara rules.

I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.

One of the projects where we were deploying was a POC. When it was tested, it detected one of the world’s most dangerous APTs, like KABA, that was specially designed to target the telecommunication industry. This was one of the many thousands of findings that we were proud of.

Almost every feature of the product is on a high level.

I have worked on these products from FireEye for three different projects, and I found them wonderful.

No issues encountered.

No issues encountered.

No issues encountered.

9/10.

10/10.

Our clients have used almost all of the best solutions available but most of them were unable to detect about 90% of the threats that FireEye NX can detect.

The initial setup was quite straightforward and easy.

We had implemented it in-house and in fact, I deployed the NX 2400 and NX 7400 devices myself.

Both for our clients and for ourselves, ROI was almost 200% more than we expected. We were satisfied.

The initial setup and day-to-day cost is almost the same as other security devices available. However, others fail about 90% of the time to detect threats, APT’s & most importantly zero day attacks, while FireEye can detect them.

Of course, we had to check all other products available in the market, research their features, and then we had to compare these products based on benefits to our clients, and the expected ROI.

It's one of the best products around based on its features like detection of almost all types of malware, APT’s, virus and zero day attacks, reporting, and its integration with other FireEye products like CMS, IPS etc.