It is used as our primary in-line IDS/IPS system, replacing FireEye NX. It catches more, looks at more ports than Fireeye NX, and is a scalable appliance, unlike our NX which was saturated and shut itself down.
Fidelis Elevate Review
IPS security, originally from the GOVT space, now commerical
Jun 04 2019
What is our primary use case?
How has it helped my organization?
Increased our ability to stop malware before it hits workstations. That ability increased by 200% due to the number of ports it monitors, over the FireEye NX product.
It has also improved our hunt ability with quick search tools, to zone in on malware or other anomalies. It is able to link items to incidents from other consoles, and works natively with the SIEM.
What is most valuable?
IPS and reporting. It catches more inline than the FireEye NX even looked at. It has a rating system now so you can rate things up or down, depending on your environment. This means alerting can be customized, yet still pick up anomalies.
Reporting has been great and it is easy to do a quick search through 45 days of data for something of interest.
What needs improvement?
Update: The interface bug issue hasn't happened in last three months. This may be solved now, we hope. Support seems better.
For how long have I used the solution?
Four years
What do I think about the stability of the solution?
There was a bug issue for more than a year, but seems resolved with last patch, last reboot occured over 3 months ago.
What do I think about the scalability of the solution?
No issues with scalability. In fact, we’ve added a datacenter, purchased new gear, and scaled out two more units for the active/standby site to take over the load, should a DR be required.
How are customer service and technical support?
Tech support is competent, usually responds within a few hours, can escalate anything urgent to technical account rep for immediate handling.
Which solution did I use previously and why did I switch?
We used a different solution. We switched due to flexibility, expandability, and cost. Limitation in old hardware appliance would not scale without major costs.
How was the initial setup?
A breeze. After rack and stack, devices were up and running base configurations within two hours. As with any IPS, tuning is required to stop false positives. This is no different, but the ease of use of the interface allowed my team to start making adjustments within a few hours. With the latest version this is even easier, given the new rating system. You can tweak your environment on the fly, as your ops look at alerts to lower thresholds, raise them, or reduce false positives.
What about the implementation team?
we always use 1 of 2 partner implementer. I rate our partner a 9/10.
What was our ROI?
More visibility at the north-south network layer, automation of security event/incident handling.
What's my experience with pricing, setup cost, and licensing?
Company came from government space. You license by the number of days of logs you need to maintain visibility for. Forty-five days is a good solid number for a company with around a 10k user base.
Which other solutions did I evaluate?
Tipping Point, Cisco
What other advice do I have?
The product itself works fine, support is pretty good.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
1 Comment
Top 5LeaderboardReal User
Account people have moved around and support has taken a small hit but still getting quick responses, although resolutions are taking a bit longer.
2
Author
ITSecuri7cfd
IT Security Coordinator at a healthcare company with 1,001-5,000 employees
Real User
Top 5LeaderboardHighlights
Pros
It has also improved our hunt ability with quick search tools, to zone in on malware or other anomalies. It is able to link items to incidents from other consoles, and works natively with the SIEM.
It has a rating system now so you can rate things up or down, depending on your environment. This means alerting can be customized, yet still pick up anomalies.
Reporting is great, it is easy to do a quick search through 45 days of data for something of interest.
After rack and stack, devices were up and running base configurations within two hours. As with any IPS, tuning is required to stop false positives. This is no different, but the ease of use of the interface allowed my team to start making adjustments within a few hours.
Cons
The interface bug needs to be squashed once and for all. This has been the predominant issue with an otherwise stellar product. It reboots itself unscheduled, about once a month, due to a memory buffer flaw in the interface.
Pricing Advice
You license by the number of days of logs you need to maintain visibility for. Forty-five days is a good solid number for a company with around a 10k user base.