Please share with the community what you think needs improvement with FireEye Network Security.
What are its weaknesses? What would you like to see changed in a future version?
There isn't something missing - even with HX. HX was in the box and was working EDR and antivirus. They just need to keep the updates running and the features stable, and that's it. No new thing is required. The initial setup is not exactly easy. It is an expensive solution.
FireEye Network Security should have better integration with other vendors' firewalls or proxies, such as Palo Alto and Fortinet. Files that are being submitted should happen through the API or automatically. In the next release, they should add a multiple virtual context feature.
The support is somewhat lacking with long response times. The expectation is that when it comes to security response, technical support should be readily available.
Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone. They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules.
I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet.
It is very expensive, the price could be better.
Technical packaging could be improved. It would be helpful to receive access to the administration of the product.
It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files. FireEye can be improved in terms of network visibility. Some minor enhancements are needed.