Solved

Anyone here running fireeye? What are your thougts, opinions, suggestions

Posted on 2013-11-05
5
1,585 Views
Last Modified: 2013-11-13
I recently came across Fireeye and think that it may be a good addition to our existing security infrastructure. We are currently running the standard Client AV (symantec), email spam and virus (cisco ironport), web filtering (websense), etc.

From what I have been reading I like how fireeye protects at the gateway. So far everything I have read seems like this is a very good product/technology and looks like a lot of large companies are running it.

I would like to hear from any of you that are running it your thoughts. Has it actually helped or improved your defenses? Is it worth the cost/steup? Would you purchase it again if you had the choice or some other product?

Thanks
0
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points
ID: 39626378
Depends on what you are really drilling into and wanted to achieve from placing this appliance inline or tap in your network perimeter or strategic points. Most enterprise started off with detection using SIEMS which logs are not enough to give the additional dep dive visibility on the threats incoming and outgoing. I referring to surfacing known and persistent threats and indicator of compromise which only packet can shed out more.

FireEye run static and dynamic scan of the packets and that surface anomalies pretty much quite a lot. NSS lab has breach detection system criteria and FireEye is one of the many candidates. You can easily google using "bds nss lab" ... they shared buyer guide

But really the threat does not stop there, there are areas where ssl encrypted or encrypted payload can be challenges to all these system. You just creating layer just like other organisations putting it the layer especially in critical zones and DMZ.

FE does have web and file with cloud intelligence, it does have another sandbox engine that can be standalone or connected to scan and create signature for the discover threat so that it widen the coverage with the signature indicator with other deployed FE. And even sharing back to the cloud....

Look at your requirements and if performance is one area you may need to talk to them more and they also cover mobile malware scanning..the cost will of course be steep so do plan wisely and not have it be a white elephant. Consider ssl decryption ( via capable application delivery controller, nips etc) so the scanning is more worthwhile..

Lat point is FE popularity may also indirectly to have it interface (REST) with other netowrk forensic appliance like bluecoat acqusition such as solera, etc. It support Siems to share their logs...
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 39627145
Did you actually notice that it was catching malware/exploits or is that just hopeful marketing. When i read the briefings on the product i was really excited to find something that would fill in the gaps in our existing protections.

Out of curiosity what does your security suite look like currently, vendors or products. Im just trying to see what other options we may have to strengthen our systems.
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39627262
Sure - it can be evident from their blog (http://www.fireeye.com/blog/) as well where researchers share their analysis and using their technologies. Some of the specific title to catch include

Analysis base
- Evasive Tactics: Terminator RAT
- Needle in a Haystack: Detecting Zero-Day Attacks
- Now You See Me – H-worm by Houdini
- Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Evasive Tactics: Taidoor
- Poison Ivy: Assessing Damage and Extracting Intelligence

Threat intelligence report
- - New FireEye Report: World War C

Techniques based
- - “Be the Change.” Test Methodologies for Advanced Threat Prevention Products
http://www.fireeye.com/blog/corporate/2013/10/be-the-change-test-methodologies-for-advanced-threat-prevention-products.html

- Hot Knives Through Butter: Bypassing File-based Sandboxes
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
- Knowing Your Attacker — Clues Embedded in the Infection Life Cycle
http://www.fireeye.com/blog/corporate/2013/06/knowing-your-attacker-clues-embedded-in-the-infection-life-cycle.html#more-2383


As mentioned there will not be an all-in-one solution, partnership is critical, catch this
- Verdasys (endpoint agent) and FE (http://www.prweb.com/releases/2013/9/prweb11132932.htm)
- Solera (Network forensic) and FE
(http://www.securityweek.com/fireeye-and-solera-networks-partner-network-forensics-solution)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question