Please share with the community what you think needs improvement with FireEye Network Security.
What are its weaknesses? What would you like to see changed in a future version?
It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto. They should be sharing their threat database and information. For example, if something is discovered by FortiSandbox or the Palo Alto Sandbox, it should be announced to all of the vendors so that they can take action and block these files. FireEye can be improved in terms of network visibility. Some minor enhancements are needed.
It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment. I would also like to be able to block an email based on the content of the subject line. Similarly, if I could block based on a specific hash value then it would be very good.
There are three things that can be improved: * Protection testing. When it comes to the protections, it requires a lot of testing to implement. * Local support. They need to beef up the capabilities of local support. * Pricing. The price is a bit high though it is an adequate product. As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web).
Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard.
I would like to see a smoother dashboard so I could monitor it better. A better depth of view, being able to see deeper into the management process, is what I'd like to see.
I would love to see better reporting. Because you can't export some of the reports in proper formats, it is hard to extract the data from reports. It could use more user-friendly navigation around the tool.
Many organizations industry-wide are moving more workloads to cloud providers, whether it is AWS, Azure, or Google. We don't yet see the same type of malware analysis in the cloud in terms of being able to identify malicious code or taking place. We would like to see FireEye begin to provide the same type of service in a parameterless environment, very similar to what they are currently doing in their traditional parameter-based network.
The problem with FireEye is that they don't allow VM or sandbox customization. The user doesn't have control of the VMs that are inside the box. It comes from the vendor as-is. Some users like to have control of it, like what type of Windows and what type of applications they use, and they have zero control over this. I would like to see more customization of the VMs.
Cybersecurity posture has room for improvement.
Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier. They should develop something similar to the feature that Palo Alto has called Traps. Then it will be an all-encompassing security solution.
It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning.
The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.