Trellix Network Detection and Response Valuable Features
The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment.
That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried.
The detection itself is solid, and their sandboxing is powerful.
There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere.
The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file.
There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.
View full review »AS
Archie Scorgie
Information Security Senior Advisor at Eskom Ltd
Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats. The IP devices played a crucial role in blocking and reducing the amount of malicious traffic entering our company. Its endpoint security, EDR, and insights are valuable. The automation functionality, particularly the ability to automatically handle and mitigate detected threats, has proven to be immensely beneficial for our security operations.
View full review »The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design.
View full review »Buyer's Guide
Trellix Network Detection and Response
April 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
769,662 professionals have used our research since 2012.
KV
Kumar_V
Senior Manager at a financial services firm with 10,001+ employees
The NTAP features are the most valuable aspects of the product. Other features, like ITS, are there, however, the primary value is in the NTAP protocols.
It is an easy product to set up.
The product has been quite stable.
Support is very helpful and responsive.
View full review »SH
SenITCOn45
IT Senior Consultant at a manufacturing company with 1,001-5,000 employees
The feature that I have found most valuable is the ability to block someone.
View full review »MF
Mohd Fadhil
Sales engineer at Mavisco Resources Sdn Bhd
The product is very easy to configure. Most of it is automated. We don’t have to configure it manually. It does not have any issues so far.
View full review »PP
Philippe Panardie
ciso at SDIS49
The server appliance is good.
View full review »CS
Chandan-Singh
Sr Technical Consultant at a tech services company with 51-200 employees
It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye.
I also like its logging method. Its logging is very powerful and useful for forensic purposes. You can see the traffic or a specific activity or how something entered your network and where it went.
View full review »The most valuable features are the ability to detect intrusions and the user-friendly dashboard. The integration with our CM worked well. It gives visibility into what's going on at the user level.
View full review »There are sandbox capabilities. You can submit malicious files and great feedback, including if there is malware, what it is doing, et cetera.
The way it works is better than others thanks to the sandbox. It can give you simulations in different operating systems and applications and give your real insights from the perspective of a real environment. You gain insights into evasion techniques.
It's not just running in the background on an endpoint. You can do tests and learn. You can do behavior analysis. That's the main feature.
The solution can scale.
FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.
View full review »SB
reviewer1581882
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
I think there are some very functional features in FireEye when you compare the solution to traditional SIEM solutions. Traditional SIEM solutions don't have their own IPS/IDS functionalities and they integrate with third party WANs. In contrast, FireEye has created an ecosystem of products integrated with their own SIEM, which is cloud-based and integrates with network security, email security, host security and the like.
KR
DepAssist9876
Deputy Assistant Secretary with 201-500 employees
The zero-day vulnerabilities feature is the most valuable feature.
View full review »JG
CEO8280
CEO at a tech services company with 1-10 employees
The most valuable features of the FireEye solution is the deep analysis for malicious software.
View full review »YA
Yaser Aljohani
OT/ICS Information Security Specialist at SANS
The most valuable feature is MVX, which tests all of the files that have been received in an email. It uses virtual machines to test the behavior of the files and determine whether they are malicious in nature. If there is any abnormal activity then the file will be blocked. The corresponding hash value will then be recorded, submitted to the cloud, and added to the blacklist.
View full review »HK
Harneet Kaur
Information Security Consultant at a financial services firm with 1,001-5,000 employees
The most valuable feature is FireEye NX.
View full review »AE
Antonio El Khoury
System Engineer at IRIS
Application categorization is the most valuable feature for us. Application filtering is very interesting because other products don't give you full application filtering capabilities.
View full review »SZ
Sagi Zelinger
Professional Services Division Manager at 2Bsecure
The most valuable feature is the network security module. It is better than other solutions and it can make and find electrical movement.
Also, the attack vector is a feature that no one else offers.
Overall, it's a great solution.
View full review »RA
SeniorNe6c94
Security Engineer at Tenece Professional services
Simplified Alert Dashboard is straightforward to navigate.
SK
reviewer1420032
Lead Program Manager at a computer software company with 10,001+ employees
It is stable and quite protective. It has a lot of features to scan a lot of malicious things and vulnerabilities.
View full review »- Ability to edit the Yara rules
- Malware analysis tool
I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.
View full review »AK
Ala Khalil
PreSales Director at a marketing services firm with 51-200 employees
The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.
View full review »JR
Security4668
Security Analyst at a financial services firm with 201-500 employees
The core functionality: It blocks what we need it to block.
View full review »- Call back
- Zero day attack
The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive. It has helped FireEye be the first ones to announce zero-days on many occasions.
MS
Cpmef44
CPM at a comms service provider with 1,001-5,000 employees
The most valuable feature is the view into the application.
View full review »Buyer's Guide
Trellix Network Detection and Response
April 2024
Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
769,662 professionals have used our research since 2012.