Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Anyone here running fireeye? What are your thougts, opinions, suggestions

Posted on 2013-11-05
5
Medium Priority
?
1,656 Views
Last Modified: 2013-11-13
I recently came across Fireeye and think that it may be a good addition to our existing security infrastructure. We are currently running the standard Client AV (symantec), email spam and virus (cisco ironport), web filtering (websense), etc.

From what I have been reading I like how fireeye protects at the gateway. So far everything I have read seems like this is a very good product/technology and looks like a lot of large companies are running it.

I would like to hear from any of you that are running it your thoughts. Has it actually helped or improved your defenses? Is it worth the cost/steup? Would you purchase it again if you had the choice or some other product?

Thanks
0
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 65

Assisted Solution

by:btan
btan earned 2000 total points
ID: 39626378
Depends on what you are really drilling into and wanted to achieve from placing this appliance inline or tap in your network perimeter or strategic points. Most enterprise started off with detection using SIEMS which logs are not enough to give the additional dep dive visibility on the threats incoming and outgoing. I referring to surfacing known and persistent threats and indicator of compromise which only packet can shed out more.

FireEye run static and dynamic scan of the packets and that surface anomalies pretty much quite a lot. NSS lab has breach detection system criteria and FireEye is one of the many candidates. You can easily google using "bds nss lab" ... they shared buyer guide

But really the threat does not stop there, there are areas where ssl encrypted or encrypted payload can be challenges to all these system. You just creating layer just like other organisations putting it the layer especially in critical zones and DMZ.

FE does have web and file with cloud intelligence, it does have another sandbox engine that can be standalone or connected to scan and create signature for the discover threat so that it widen the coverage with the signature indicator with other deployed FE. And even sharing back to the cloud....

Look at your requirements and if performance is one area you may need to talk to them more and they also cover mobile malware scanning..the cost will of course be steep so do plan wisely and not have it be a white elephant. Consider ssl decryption ( via capable application delivery controller, nips etc) so the scanning is more worthwhile..

Lat point is FE popularity may also indirectly to have it interface (REST) with other netowrk forensic appliance like bluecoat acqusition such as solera, etc. It support Siems to share their logs...
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 39627145
Did you actually notice that it was catching malware/exploits or is that just hopeful marketing. When i read the briefings on the product i was really excited to find something that would fill in the gaps in our existing protections.

Out of curiosity what does your security suite look like currently, vendors or products. Im just trying to see what other options we may have to strengthen our systems.
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39627262
Sure - it can be evident from their blog (http://www.fireeye.com/blog/) as well where researchers share their analysis and using their technologies. Some of the specific title to catch include

Analysis base
- Evasive Tactics: Terminator RAT
- Needle in a Haystack: Detecting Zero-Day Attacks
- Now You See Me – H-worm by Houdini
- Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Evasive Tactics: Taidoor
- Poison Ivy: Assessing Damage and Extracting Intelligence

Threat intelligence report
- - New FireEye Report: World War C

Techniques based
- - “Be the Change.” Test Methodologies for Advanced Threat Prevention Products
http://www.fireeye.com/blog/corporate/2013/10/be-the-change-test-methodologies-for-advanced-threat-prevention-products.html

- Hot Knives Through Butter: Bypassing File-based Sandboxes
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
- Knowing Your Attacker — Clues Embedded in the Infection Life Cycle
http://www.fireeye.com/blog/corporate/2013/06/knowing-your-attacker-clues-embedded-in-the-infection-life-cycle.html#more-2383


As mentioned there will not be an all-in-one solution, partnership is critical, catch this
- Verdasys (endpoint agent) and FE (http://www.prweb.com/releases/2013/9/prweb11132932.htm)
- Solera (Network forensic) and FE
(http://www.securityweek.com/fireeye-and-solera-networks-partner-network-forensics-solution)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question