Trellix Network Detection and Response Reviews

We previously relied on a firewall for application-level blocking, an email gateway, and an anti-virus solution to protect our infrastructure. The existing combination was capable of identifying certain malware activity but we found we were always reactively responding to attacks. We were never in a position to proactively address the threats.

Following a recommendation by an independent security consultant, we performed a detailed evaluation of the FireEye platform. The inherent intelligence of FireEye’s solution was immediately evident and we felt that our purchase of the FireEye Network Threat Prevention Platform represented the final piece in the puzzle to lock down our infrastructure. The FireEye Network Threat Prevention Platform is deployed inline between the firewall and Internet gateway; preventing malicious multi-protocol callbacks and blocking inbound Web exploits that elude our other security measures. As an integral component of the FireEye Network Threat Prevention Platform, the FireEye Multi-Vector Virtual Execution engine confirms zero-day attacks and captures callback destinations to dynamically prevent users from accessing a malicious channel. The signature-less FireEye MVX engine executes suspicious binaries and Web objects against a broad range of browsers, plug-ins, applications, and operating environments to determine the true intent of the malicious code. 

The FireEye Network Threat Prevention Platform not only protects our users when they visit websites but also when they receive email with malicious attachments or links: having both levels of protection is absolutely critical to us. The whole banking industry is subjected to a huge variety of very sophisticated attacks that exploit both Web and email weaknesses. We see many spear phishing attacks in which malicious emails disguise themselves as coming from legitimate business partners. If users click on a bad link or attachment that initiates a callback, the FireEye Network Threat Prevention Platform blocks it every time. 

Several of our employees recently received an email that appeared to come from a trusted business partner. Five users tried to open an apparently innocuous attachment but the FireEye Network Threat Prevention Platform detected that it included embedded malware and immediately started blocking the approximately 200 callbacks each machine tried to generate. If any of these reached their intended target they could have severely compromised the bank’s systems but the FireEye solution just doesn’t allow this type of data to leave our network. FireEye has placed us in the position to proactively counter malicious threats; we now don’t have to take a user offline in order to rebuild their PC following an attack. We’re better protected and more productive! Cybercriminals grow smarter all the time, that’s why our use of the FireEye next-generation security platform is now mandatory throughout the bank’s infrastructure.

The old approach to security—assigning lots of people to the problem—was no longer feasible. It was very time intensive and employee intensive. It took up so much of our time that it became very unproductive. I was desperately looking to automate whatever layers of security we had in place. The issue came to a head when I spotted suspicious network activity but could not get to the bottom of the problem with legacy signature-based security tools. My staff spent hours manually blocking suspicious connections. We were a sitting duck. Our existing infrastructure left my team blind to a constant stream of attacks. We tested several IPS/IDS type of solutions, including Symantec, Palo Alto Networks, and Cisco—and found them all inadequate for the security challenge we faced. 

I decided to try the FireEye Network Threat Prevention Platform. We piloted a proof-of-concept trial. Installation took less than an hour, and almost immediately, the FireEye Network Threat Prevention Platform began providing valuable insight into what was going on in the network —no heavy administration required. We had planned to test the FireEye Network Threat Prevention Platform for 15 days; I knew within the first 24 hours that the solution delivered on its promise. I realized that I can’t get any better bang for the buck. 

Used in-line, the FireEye Network Threat Prevention Platform provides the insight we need to stay ahead of advanced threats. The platform monitors Web traffic, by far the most common threat vector used in malware attacks. We are alerted to zero-day exploits and fast-morphing malware to keep sensitive data and systems safe. At the same time, the Network Threat Prevention Platform is capable of shutting down communications with malicious URLs used in targeted attacks. Thanks to the FireEye Multi-Vector Virtual Execution architecture, our security team can spot malware hidden in malicious images, PDFs, Flash, and ZIP/RAR/TNEF archives. Easy-to-digest email alerts validate true threats and help guide our incident response. And a browser-based dashboard cuts through the clutter with clear, actionable information about malware activity. 

By every measure, the FireEye Network Threat Prevention Platform has exceeded our expectations. The platform requires little ongoing administration and does not waste the security team’s time with false positives. Instead of chasing down every ambiguous alert, I can spend more time on long-term preparedness and nurturing the security staff. For us, that means better service at a lower cost. FireEye is one of my few “go-to” products when I start my day. The business benefits are far reaching.

To fend off a growing wave of cyber attacks, the clinic had built up a multilayered defense-in-depth security infrastructure. We went as far as blocking out traffic from entire countries known for a high volume of attacks—a step we could take because of our exclusively local customer base.

Still, malware was getting through. Clinic employees would sometimes visit malicious or compromised websites. Malware on these sites sidestepped the clinic’s security measures, leading to several infections and concerns that accounts could be compromised. I signed on to a proof-of-value trial of the FireEye Network Threat Prevention Platform for Web security. The trial soon uncovered malware that our existing security tools had not detected. And later during the test, someone at our clinic clicked on a malicious link—which FireEye immediately detected and blocked. At that point, justifying the purchase was easy. We looked for competitive products, and none were found. I don’t think anybody else had anything anywhere close to where FireEye is. Installation was a breeze, the FireEye platform integrated seamlessly with our legacy security tools. Those tools included a firewall, intrusion prevention system, and Web gateway. 

Today, FireEye plays a central role in our security infrastructure. Powered by the FireEye Multi-Vector Virtual Execution engine, the Network Threat Prevention Platform blocks inbound Web exploits and outbound multi-protocol callbacks to stop Web-based attacks. 

The FireEye platform does not rely on malware binary signatures, so it identifies attacks that traditional defenses miss. In a typical month, FireEye generated 23 alerts—malware that had slipped past our other defenses. Out of those, 17 required no action because FireEye blocked them automatically. The remaining six were easily thwarted, thanks to clear, actionable alerts from the FireEye platform. We came into this with our eyes wide open. And this solution is really doing what we expected it to do.

FireEye is so effective at blocking attacks that we were even able to defer an upgrade of our IPS solution, saving a significant amount of money. One of the largest benefits of the FireEye platform is less tangible: reputation enhancement. The product works; our overall threat environment is well managed.

At the core of the bank’s ability to meet our mandate is a substantial IT infrastructure that not only needs to run optimally, but must be protected. We have long embraced best practices when it came to cybersecurity, but recognized that advanced threats evolve over time and need to be well handled. 

We selected FireEye for a POV conducted over a period of three months. The POV soon discovered a number of previously undetected threats enabling system administrators to take action and make the system even more secure. As a result of the findings, we implemented FireEye to strengthen our IT infrastructure. The POV was up and running in less than a day and used actual traffic analysis to investigate what was occurring in our IT environment. 

This solution consists of FireEye Network Threat Prevention platform and FireEye Email Threat Prevention platform in operation alongside FireEye Central Management to coordinate intelligence gathering from the Web and email appliances in addition to the intelligence gathered by the FireEye Threat Intelligence. The POC quickly revealed areas for improvement and potential threats that the traditional defenses had utterly missed. 

The FireEye team remained in close contact with our key personnel throughout the process. FireEye proved very supportive both of the technical and business aspects of the POV and ultimately our implementation of their technology both in terms of cost and underscoring the difference between traditional defenses and the next-generation defense system. We are continually strengthening our IT infrastructure together with reinforcing policy and process on IT Security to achieve the highest productivity and lowest risks.

Our infrastructure contains an extensive amount of hardware, applications, networks, and online banking systems; each with their own characteristics and potential vulnerabilities. With an environment of this complexity it is imperative to deploy best-in-class security measures. However, with the escalating sophistication of multi-domain attacks it became very evident that traditional security technologies were becoming increasingly inadequate and easily bypassed.

We spoke with a number of security product providers and industry experts, and we began seeing a pattern of recommendations emerging from many sources for the FireEye suite of solutions. We contacted the company and collaborated to identify exactly what we needed to deploy to supplement our existing defenses.

We implemented the FireEye Network Threat Prevention Platform to guard against zero-day Web exploits and multi-protocol callbacks. The most critical success factor for us was the threat detection performance of the solution: After all of our testing was conducted we felt confident that this was the right approach to safeguard the bank from advanced malware, zero-day and targeted attacks. We especially liked the protection against blended attacks that had already evaded multiple layers of legacy security controls. 

Another key benefit was the FireEye platform’s ease of integration with our existing security information event management system. Compatibility with legacy components, such as the SIEM system, alleviates the need for additional investments in hardware, software, and training.

In addition to penetration testing, part of my role involves the analysis of malware that specifically targets Internet banking customers. The appliance’s use of the FireEye Multi-Vector Execution engine and the ability to archive suspected malware for later scrutiny have both been major pluses for this aspect of my job. We are continually investigating new security solutions; the FireEye technology has always been extremely compelling to us, and it has been very validating to see the company back this up with its continuously evolving expertise and innovation. The ever-expanding threatscape makes it a constant challenge to keep our environment protected, but FireEye continues to deliver.

What is our primary use case?

What is most valuable?

What needs improvement?

For how long have I used the solution?

What do I think about the stability of the solution?

What do I think about the scalability of the solution?

How was the initial setup?

What about the implementation team?

What's my experience with pricing, setup cost, and licensing?

What other advice do I have?

Which deployment model are you using for this solution?

What is our primary use case?

What is most valuable?

What needs improvement?

For how long have I used the solution?

What do I think about the stability of the solution?

Which solution did I use previously and why did I switch?

How was the initial setup?

What about the implementation team?

What other advice do I have?