Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats. The IP devices played a crucial role in blocking and reducing the amount of malicious traffic entering our company. Its endpoint security, EDR, and insights are valuable. The automation functionality, particularly the ability to automatically handle and mitigate detected threats, has proven to be immensely beneficial for our security operations.

The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design.

The NTAP features are the most valuable aspects of the product. Other features, like ITS, are there, however, the primary value is in the NTAP protocols.

It is an easy product to set up.

The product has been quite stable. 

Support is very helpful and responsive. 

The feature that I have found most valuable is the ability to block someone. 

The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.

The server appliance is good.

It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye. 

I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went.

The most valuable features are the ability to detect intrusions and the user-friendly dashboard. The integration with our CM worked well. It gives visibility into what's going on at the user level.

There are sandbox capabilities. You can submit malicious files and great feedback, including if there is malware, what it is doing, et cetera.

The way it works is better than others thanks to the sandbox. It can give you simulations in different operating systems and applications and give your real insights from the perspective of a real environment.  You gain insights into evasion techniques. 

It's not just running in the background on an endpoint. You can do tests and learn. You can do behavior analysis. That's the main feature. 

The solution can scale. 

FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.

I think there are some very functional features in FireEye when you compare the solution to traditional SIEM solutions. Traditional SIEM solutions don't have their own IPS/IDS functionalities and they integrate with third party WANs. In contrast, FireEye has created an ecosystem of products integrated with their own SIEM, which is cloud-based and integrates with network security, email security, host security and the like. 

The zero-day vulnerabilities feature is the most valuable feature.

The most valuable features of the FireEye solution is the deep analysis for malicious software.

The most valuable feature is MVX, which tests all of the files that have been received in an email. It uses virtual machines to test the behavior of the files and determine whether they are malicious in nature. If there is any abnormal activity then the file will be blocked. The corresponding hash value will then be recorded, submitted to the cloud, and added to the blacklist.

The most valuable feature is FireEye NX.

Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities. 

The most valuable feature is the network security module. It is better than other solutions and it can make and find electrical movement.

Also, the attack vector is a feature that no one else offers.

Overall, it's a great solution.

Simplified Alert Dashboard is straightforward to navigate.

It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities.

• Ability to edit the Yara rules
• Malware analysis tool

I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.

The core functionality: It blocks what we need it to block.

• Call back
• Zero day attack

The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive. It has helped FireEye be the first ones to announce zero-days on many occasions.

The most valuable feature is the view into the application.