It is used as our primary in-line IDS/IPS system, replacing FireEye NX. It catches more, looks at more ports than Fireeye NX, and is a scalable appliance, unlike our NX which was saturated and shut itself down.
Fidelis Elevate Review
IPS security, originally from the GOVT space, now commerical
What is our primary use case?
How has it helped my organization?
Increased our ability to stop malware before it hits workstations. That ability increased by 200% due to the number of ports it monitors, over the FireEye NX product.
It has also improved our hunt ability with quick search tools, to zone in on malware or other anomalies. It is able to link items to incidents from other consoles, and works natively with the SIEM.
What is most valuable?
IPS and reporting. It catches more inline than the FireEye NX even looked at. It has a rating system now so you can rate things up or down, depending on your environment. This means alerting can be customized, yet still pick up anomalies.
Reporting has been great and it is easy to do a quick search through 45 days of data for something of interest.
What needs improvement?
Update: The interface bug issue hasn't happened in last three months. This may be solved now, we hope. Support seems better.
For how long have I used the solution?
Four years
What do I think about the stability of the solution?
There was a bug issue for more than a year, but seems resolved with last patch, last reboot occured over 3 months ago.
What do I think about the scalability of the solution?
No issues with scalability. In fact, we’ve added a datacenter, purchased new gear, and scaled out two more units for the active/standby site to take over the load, should a DR be required.
How are customer service and technical support?
Tech support is competent, usually responds within a few hours, can escalate anything urgent to technical account rep for immediate handling.
Which solution did I use previously and why did I switch?
We used a different solution. We switched due to flexibility, expandability, and cost. Limitation in old hardware appliance would not scale without major costs.
How was the initial setup?
A breeze. After rack and stack, devices were up and running base configurations within two hours. As with any IPS, tuning is required to stop false positives. This is no different, but the ease of use of the interface allowed my team to start making adjustments within a few hours. With the latest version this is even easier, given the new rating system. You can tweak your environment on the fly, as your ops look at alerts to lower thresholds, raise them, or reduce false positives.
What about the implementation team?
we always use 1 of 2 partner implementer. I rate our partner a 9/10.
What was our ROI?
More visibility at the north-south network layer, automation of security event/incident handling.
What's my experience with pricing, setup cost, and licensing?
Company came from government space. You license by the number of days of logs you need to maintain visibility for. Forty-five days is a good solid number for a company with around a 10k user base.
Which other solutions did I evaluate?
Tipping Point, Cisco
What other advice do I have?
The product itself works fine, support is pretty good.
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jun 04 2019
Find out what your peers are saying about Cynet vs. Fidelis Elevate and other solutions. Updated: January 2021.
455,301 professionals have used our research since 2012.
Add a Comment
1 Comment
ITSecuri7cfd (IT Security Coordinator at a healthcare company with 10,001+ employees)Top 5LeaderboardReal User
Account people have moved around and support has taken a small hit but still getting quick responses, although resolutions are taking a bit longer.
Author
ITSecuri7cfd
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5LeaderboardHighlights
Pros
It has also improved our hunt ability with quick search tools, to zone in on malware or other anomalies. It is able to link items to incidents from other consoles, and works natively with the SIEM.
It has a rating system now so you can rate things up or down, depending on your environment. This means alerting can be customized, yet still pick up anomalies.
Reporting is great, it is easy to do a quick search through 45 days of data for something of interest.
After rack and stack, devices were up and running base configurations within two hours. As with any IPS, tuning is required to stop false positives. This is no different, but the ease of use of the interface allowed my team to start making adjustments within a few hours.
Cons
The interface bug needs to be squashed once and for all. This has been the predominant issue with an otherwise stellar product. It reboots itself unscheduled, about once a month, due to a memory buffer flaw in the interface.
Pricing Advice
You license by the number of days of logs you need to maintain visibility for. Forty-five days is a good solid number for a company with around a 10k user base.
Product Categories
Extended Detection and Response (XDR)Popular Comparisons
CrowdStrike Falcon
Attivo Networks
Vectra AI
Carbon Black CB Response
Darktrace
Cortex XDR by Palo Alto Networks
FireEye Endpoint Security
Cisco Stealthwatch
Symantec Data Loss Prevention
Carbon Black CB Defense
ExtraHop Reveal(x)
SentinelOne
Proofpoint Threat Response
Microsoft Defender for Endpoint
RSA NetWitness Endpoint