Solved

Anyone here running fireeye? What are your thougts, opinions, suggestions

Posted on 2013-11-05
5
1,541 Views
Last Modified: 2013-11-13
I recently came across Fireeye and think that it may be a good addition to our existing security infrastructure. We are currently running the standard Client AV (symantec), email spam and virus (cisco ironport), web filtering (websense), etc.

From what I have been reading I like how fireeye protects at the gateway. So far everything I have read seems like this is a very good product/technology and looks like a lot of large companies are running it.

I would like to hear from any of you that are running it your thoughts. Has it actually helped or improved your defenses? Is it worth the cost/steup? Would you purchase it again if you had the choice or some other product?

Thanks
0
Comment
Question by:Joseph Daly
  • 2
5 Comments
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points
ID: 39626378
Depends on what you are really drilling into and wanted to achieve from placing this appliance inline or tap in your network perimeter or strategic points. Most enterprise started off with detection using SIEMS which logs are not enough to give the additional dep dive visibility on the threats incoming and outgoing. I referring to surfacing known and persistent threats and indicator of compromise which only packet can shed out more.

FireEye run static and dynamic scan of the packets and that surface anomalies pretty much quite a lot. NSS lab has breach detection system criteria and FireEye is one of the many candidates. You can easily google using "bds nss lab" ... they shared buyer guide

But really the threat does not stop there, there are areas where ssl encrypted or encrypted payload can be challenges to all these system. You just creating layer just like other organisations putting it the layer especially in critical zones and DMZ.

FE does have web and file with cloud intelligence, it does have another sandbox engine that can be standalone or connected to scan and create signature for the discover threat so that it widen the coverage with the signature indicator with other deployed FE. And even sharing back to the cloud....

Look at your requirements and if performance is one area you may need to talk to them more and they also cover mobile malware scanning..the cost will of course be steep so do plan wisely and not have it be a white elephant. Consider ssl decryption ( via capable application delivery controller, nips etc) so the scanning is more worthwhile..

Lat point is FE popularity may also indirectly to have it interface (REST) with other netowrk forensic appliance like bluecoat acqusition such as solera, etc. It support Siems to share their logs...
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 39627145
Did you actually notice that it was catching malware/exploits or is that just hopeful marketing. When i read the briefings on the product i was really excited to find something that would fill in the gaps in our existing protections.

Out of curiosity what does your security suite look like currently, vendors or products. Im just trying to see what other options we may have to strengthen our systems.
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39627262
Sure - it can be evident from their blog (http://www.fireeye.com/blog/) as well where researchers share their analysis and using their technologies. Some of the specific title to catch include

Analysis base
- Evasive Tactics: Terminator RAT
- Needle in a Haystack: Detecting Zero-Day Attacks
- Now You See Me – H-worm by Houdini
- Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Evasive Tactics: Taidoor
- Poison Ivy: Assessing Damage and Extracting Intelligence

Threat intelligence report
- - New FireEye Report: World War C

Techniques based
- - “Be the Change.” Test Methodologies for Advanced Threat Prevention Products
http://www.fireeye.com/blog/corporate/2013/10/be-the-change-test-methodologies-for-advanced-threat-prevention-products.html

- Hot Knives Through Butter: Bypassing File-based Sandboxes
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
- Knowing Your Attacker — Clues Embedded in the Infection Life Cycle
http://www.fireeye.com/blog/corporate/2013/06/knowing-your-attacker-clues-embedded-in-the-infection-life-cycle.html#more-2383


As mentioned there will not be an all-in-one solution, partnership is critical, catch this
- Verdasys (endpoint agent) and FE (http://www.prweb.com/releases/2013/9/prweb11132932.htm)
- Solera (Network forensic) and FE
(http://www.securityweek.com/fireeye-and-solera-networks-partner-network-forensics-solution)
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is the best password manager? 12 141
how to remove .wallet ransomware 8 94
Good external ports and external device scanner 6 29
PCI compliance 16 33
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question