If you were talking to someone whose organization is considering FireEye Endpoint Security, what would you say?
How would you rate it and why? Any other tips or advice?
I will rate this solution an eight out of ten. In the next version I would like to see an improvement in the scalability and stability.
It offers protection from the latest threats.
I like FireEye products, and they have a huge portfolio for this solution. However, this is not a magic bullet where you can install it and your problems will disappear. The problem is with the people, rather than the tool. From my perspective, you can install every tool, but you need to have a security operations team involved in the process of analyzing, sorting, and eliminating threats. When we started our project, we had very few people and we have realized that this had to change. The system without human intervention is useless. We needed to build more complex security operation centers to handle false positives, the triage process, and eliminating threats. The biggest lesson that I have learned from this solution is that people need to be ready and the business needs to be ready to use it. This is not a toy. It is a very mature solution to protect the internals of the organization and it should be treated in this way. This is not the worse product that I have seen. I've seen many, many bad products. At the same time, this is not the best product that I have seen. I would rate this solution an eight out of ten.
First, implement it. Then, see what is going on in your company. You will see that there are many risks which you have never seen. The product is not bad, but there may be somethings that need to be modified. The solution is very precise for detecting risks, but the operational quality has some issues.