FireEye Endpoint Security Review

A simple to use, yet effective solution for protecting us against malware and other threats


What is our primary use case?

We use this solution to enhance our internal defense system, protecting us against malware and advanced persistent threats.

We use the on-premises deployment model.

How has it helped my organization?

This solution has helped to protect our organization against security threats.

What is most valuable?

The most valuable feature of this solution is its simplicity. The triage process is quite effective, and it is compatible with many different systems.

What needs improvement?

We had a very large problem that has, unfortunately, not been solved. Simply put, when we start the computer the program will not start. We have encouraged FireEye to solve this problem because we have to manually start this product each and every time, and it affects almost thirty percent of our environment. From a security perspective, this is not stable.

After using various components in this solution, I get the feeling that not every part of the whole FireEye suite works perfectly with the other parts. Sometimes you have this functionality where the product has the ability to take data from one part of the solution and use it in different parts. Sometimes, however, you don't have this luxury. The solution needs more suitable dashboards that handle things from different perspectives. For example, a CEO and a technician from operations are completely different. The integration and display of the dashboards have to be done better.

For how long have I used the solution?

We have been using this solution for less than two years.

What do I think about the stability of the solution?

We have had trouble with stability because the program fails to start when the computer does. 

What do I think about the scalability of the solution?

This solution is very flexible and scalable.

How are customer service and technical support?

This solution needs stronger support in Eastern Europe because of the time difference between, for example, Poland and the United States. It makes it difficult to contact technical support. In order to receive good support, we have to wait until 5:00 pm before we call. Essentially, the vender needs a better presence in more time zones, and 24/7 support would help to fix this.

Technical support has another problem, where the support from the US is better than the support elsewhere. The training and knowledge should be the same, no matter which tech support group you contact. This might be accomplished using a better internal knowledge sharing system.

If you previously used a different solution, which one did you use and why did you switch?

We did use another solution prior to this, but because we have the entire FireEye suite, we decided to create a more monolithic approach to security using different products. These include FireEye EX and FireEye AX, which are used for malware protection, network protection, and sandboxing. We decided that if these were good enough then we would push more for the endpoints, which is why we adopted this solution.

How was the initial setup?

The installation of this solution is straightforward from my perspective.

What other advice do I have?

I like FireEye products, and they have a huge portfolio for this solution. However, this is not a magic bullet where you can install it and your problems will disappear. The problem is with the people, rather than the tool. From my perspective, you can install every tool, but you need to have a security operations team involved in the process of analyzing, sorting, and eliminating threats.

When we started our project, we had very few people and we have realized that this had to change. The system without human intervention is useless. We needed to build more complex security operation centers to handle false positives, the triage process, and eliminating threats.

The biggest lesson that I have learned from this solution is that people need to be ready and the business needs to be ready to use it. This is not a toy. It is a very mature solution to protect the internals of the organization and it should be treated in this way.

This is not the worse product that I have seen. I've seen many, many bad products. At the same time, this is not the best product that I have seen.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email