Solved

Anyone here running fireeye? What are your thougts, opinions, suggestions

Posted on 2013-11-05
5
1,530 Views
Last Modified: 2013-11-13
I recently came across Fireeye and think that it may be a good addition to our existing security infrastructure. We are currently running the standard Client AV (symantec), email spam and virus (cisco ironport), web filtering (websense), etc.

From what I have been reading I like how fireeye protects at the gateway. So far everything I have read seems like this is a very good product/technology and looks like a lot of large companies are running it.

I would like to hear from any of you that are running it your thoughts. Has it actually helped or improved your defenses? Is it worth the cost/steup? Would you purchase it again if you had the choice or some other product?

Thanks
0
Comment
Question by:Joseph Daly
  • 2
5 Comments
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points
ID: 39626378
Depends on what you are really drilling into and wanted to achieve from placing this appliance inline or tap in your network perimeter or strategic points. Most enterprise started off with detection using SIEMS which logs are not enough to give the additional dep dive visibility on the threats incoming and outgoing. I referring to surfacing known and persistent threats and indicator of compromise which only packet can shed out more.

FireEye run static and dynamic scan of the packets and that surface anomalies pretty much quite a lot. NSS lab has breach detection system criteria and FireEye is one of the many candidates. You can easily google using "bds nss lab" ... they shared buyer guide

But really the threat does not stop there, there are areas where ssl encrypted or encrypted payload can be challenges to all these system. You just creating layer just like other organisations putting it the layer especially in critical zones and DMZ.

FE does have web and file with cloud intelligence, it does have another sandbox engine that can be standalone or connected to scan and create signature for the discover threat so that it widen the coverage with the signature indicator with other deployed FE. And even sharing back to the cloud....

Look at your requirements and if performance is one area you may need to talk to them more and they also cover mobile malware scanning..the cost will of course be steep so do plan wisely and not have it be a white elephant. Consider ssl decryption ( via capable application delivery controller, nips etc) so the scanning is more worthwhile..

Lat point is FE popularity may also indirectly to have it interface (REST) with other netowrk forensic appliance like bluecoat acqusition such as solera, etc. It support Siems to share their logs...
0
 
LVL 35

Author Comment

by:Joseph Daly
ID: 39627145
Did you actually notice that it was catching malware/exploits or is that just hopeful marketing. When i read the briefings on the product i was really excited to find something that would fill in the gaps in our existing protections.

Out of curiosity what does your security suite look like currently, vendors or products. Im just trying to see what other options we may have to strengthen our systems.
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39627262
Sure - it can be evident from their blog (http://www.fireeye.com/blog/) as well where researchers share their analysis and using their technologies. Some of the specific title to catch include

Analysis base
- Evasive Tactics: Terminator RAT
- Needle in a Haystack: Detecting Zero-Day Attacks
- Now You See Me – H-worm by Houdini
- Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Evasive Tactics: Taidoor
- Poison Ivy: Assessing Damage and Extracting Intelligence

Threat intelligence report
- - New FireEye Report: World War C

Techniques based
- - “Be the Change.” Test Methodologies for Advanced Threat Prevention Products
http://www.fireeye.com/blog/corporate/2013/10/be-the-change-test-methodologies-for-advanced-threat-prevention-products.html

- Hot Knives Through Butter: Bypassing File-based Sandboxes
http://www.fireeye.com/blog/technical/malware-research/2013/08/hot-knives-through-butter-bypassing-file-based-sandboxes.html
- Knowing Your Attacker — Clues Embedded in the Infection Life Cycle
http://www.fireeye.com/blog/corporate/2013/06/knowing-your-attacker-clues-embedded-in-the-infection-life-cycle.html#more-2383


As mentioned there will not be an all-in-one solution, partnership is critical, catch this
- Verdasys (endpoint agent) and FE (http://www.prweb.com/releases/2013/9/prweb11132932.htm)
- Solera (Network forensic) and FE
(http://www.securityweek.com/fireeye-and-solera-networks-partner-network-forensics-solution)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security risks of IM, RM & messaging systems 2 94
What is harden windows 10 for security? 5 99
Sonicwall blocks a site 49 58
CPU at 100% usage, why? 27 84
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now