FireEye Network Security Review

We are using the file security scanner. The solution is used to monitor network traffic for network-based malware.

It is very difficult for any organization to identify malicious software and code. With the FireEye product through its deep analysis, it is possible for malicious software to be identified across the network regardless of what the internal systems are. It gives you the ability to monitor the ingress and egress, then identify threats which are otherwise difficult to identify.

The increase in productivity has been about the same. One of the things that the FireEye product does is providing deep analysis. This gives you the detailed analytics about what it has detected. Whereas in a traditional environment with traditional tools, there is a tremendous amount of recovery and research involved to identify the details of the source and the indicators of the compromise. The FireEye product provides 80 to 90 percent of that information from a single pane of glass.

The most valuable features of the FireEye solution is the deep analysis for malicious software.

Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.

FireEye has been one of the market leaders in the stability space from what we have seen over the several years that we've been working with the vendor and the product. They continue to be leaders in this space.

The scalability has not been a problem. We have deployed the product in very high bandwidth networks. We have never had a problem with the FireEye product causing latency issues within our networks.

The technical support personnel for the FireEye platform has been very responsive, which is a critical factor when you're dealing with malicious software. They have also been very responsive when it comes to configuration and troubleshooting issues specific to the product.

It wasn't a case where we switched from another solution because we had been a long time customer. It wasn't a case of switching, as the company that I work for is a very mature organization with a staff of over 100 in information security with most of them as dedicated encryption service analysts.

Malicious actors have begun to identify when their code is being run in a simulator and are placing weights in their code so some of their malicious triggers don't take place immediately. This makes it more difficult to detect. An improvement that we would like to see is that the vendor continue to escalate their techniques and methods to match those that we are seeing as emerging threats.

The initial setup was complex because of the nature of our environment. When it comes to the type of applications and functions which we were looking at in terms of identifying malicious threats, there would be some level of complexity, if we were doing it right.

We have seen ROI.

Because of what the FireEye product does, it has significantly decreased our meantime in being able to identify and detect malicious threats. The company that I work with is a very mature organization, and we have seen the mean time to analysis decrease by at least tenfold.

There are some additional services that I understand the vendor provides, but our approach was to package all of the features that we were looking to use into the product.

FireEye was actually the only product that was doing what they were doing.

We did have other vendors on our shortlist.

It brings a tremendous amount of value to your network environment. In terms of what we asked them to do, which is to help us to identify malicious code and threats, their product has delivered.

It is one thing to have an advanced security tool, like FireEye, but equally important to have a staff and security program which puts themselves in positions to leverage the tool properly.

In terms of maturity of the organization that I work with, it has a very mature security posture, which is necessary in our space because we are part of the financial critical infrastructure. So, we've been doing security for a very long time.