• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1694
  • Last Modified:

Anyone here running fireeye? What are your thougts, opinions, suggestions

I recently came across Fireeye and think that it may be a good addition to our existing security infrastructure. We are currently running the standard Client AV (symantec), email spam and virus (cisco ironport), web filtering (websense), etc.

From what I have been reading I like how fireeye protects at the gateway. So far everything I have read seems like this is a very good product/technology and looks like a lot of large companies are running it.

I would like to hear from any of you that are running it your thoughts. Has it actually helped or improved your defenses? Is it worth the cost/steup? Would you purchase it again if you had the choice or some other product?

Thanks
0
Joseph Daly
Asked:
Joseph Daly
  • 2
2 Solutions
 
btanExec ConsultantCommented:
Depends on what you are really drilling into and wanted to achieve from placing this appliance inline or tap in your network perimeter or strategic points. Most enterprise started off with detection using SIEMS which logs are not enough to give the additional dep dive visibility on the threats incoming and outgoing. I referring to surfacing known and persistent threats and indicator of compromise which only packet can shed out more.

FireEye run static and dynamic scan of the packets and that surface anomalies pretty much quite a lot. NSS lab has breach detection system criteria and FireEye is one of the many candidates. You can easily google using "bds nss lab" ... they shared buyer guide

But really the threat does not stop there, there are areas where ssl encrypted or encrypted payload can be challenges to all these system. You just creating layer just like other organisations putting it the layer especially in critical zones and DMZ.

FE does have web and file with cloud intelligence, it does have another sandbox engine that can be standalone or connected to scan and create signature for the discover threat so that it widen the coverage with the signature indicator with other deployed FE. And even sharing back to the cloud....

Look at your requirements and if performance is one area you may need to talk to them more and they also cover mobile malware scanning..the cost will of course be steep so do plan wisely and not have it be a white elephant. Consider ssl decryption ( via capable application delivery controller, nips etc) so the scanning is more worthwhile..

Lat point is FE popularity may also indirectly to have it interface (REST) with other netowrk forensic appliance like bluecoat acqusition such as solera, etc. It support Siems to share their logs...
0
 
Joseph DalyAuthor Commented:
Did you actually notice that it was catching malware/exploits or is that just hopeful marketing. When i read the briefings on the product i was really excited to find something that would fill in the gaps in our existing protections.

Out of curiosity what does your security suite look like currently, vendors or products. Im just trying to see what other options we may have to strengthen our systems.
0
 
btanExec ConsultantCommented:
Sure - it can be evident from their blog (http://www.fireeye.com/blog/) as well where researchers share their analysis and using their technologies. Some of the specific title to catch include

Analysis base
- Evasive Tactics: Terminator RAT
- Needle in a Haystack: Detecting Zero-Day Attacks
- Now You See Me – H-worm by Houdini
- Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Evasive Tactics: Taidoor
- Poison Ivy: Assessing Damage and Extracting Intelligence

Threat intelligence report
- - New FireEye Report: World War C

Techniques based
- - “Be the Change.” Test Methodologies for Advanced Threat Prevention Products
http://www.fireeye.com/blog/corporate/2013/10/be-the-change-test-methodologies-for-advanced-threat-prevention-products.html

- Hot Knives Through Butter: Bypassing File-based Sandboxes
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
- Knowing Your Attacker — Clues Embedded in the Infection Life Cycle
http://www.fireeye.com/blog/corporate/2013/06/knowing-your-attacker-clues-embedded-in-the-infection-life-cycle.html#more-2383


As mentioned there will not be an all-in-one solution, partnership is critical, catch this
- Verdasys (endpoint agent) and FE (http://www.prweb.com/releases/2013/9/prweb11132932.htm)
- Solera (Network forensic) and FE
(http://www.securityweek.com/fireeye-and-solera-networks-partner-network-forensics-solution)
0

Featured Post

The Growing Need for Data Analysts

As the amount of data rapidly increases in our world, so does the need for qualified data analysts. WGU's MS in Data Analytics and maximize your leadership opportunities as a data engineer, business analyst, information research scientist, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now