FireEye

mzimerman
mzimerman used Ask the Experts™
on
I'm interested in FireEye. I know that they offer multiple products for protecting networks. What do the various products provide to the Network Admins? How finely detailed are the reports that are generated? Can they show what software is running on individual computers? Are files visible? Are files visible only on the domain, or on the local machine also? Points awarded for helpful information. Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Exec Consultant
Distinguished Expert 2018
Commented:
FireEye has suite of product and it is best spoken with their tech sales on your interested use case. But the main solution is on breach detection device which they covers the following in briefly - their website has more info

- AX: Malware analysis sandbox which is for offline in depth dissecting and evaluating the malicious code (trojan, worms etc) behaviours in an infected virtual machine running Windows. Overall, it will have replayed the traffic, executed the file, seen the payload, identified the changes to the infected machine and, if you allow it to, blackholed the call backs to any C&C servers on the web whilst generating a signature for the file to prevent other machines downloading the file.  

- NX : Similarly as AX to do the analysis but it is not in depth as it will be inspecting the Web traffic that go through it and decide if action can be taken to block or drop etc based on the checks of indicator of compromise and attacks. It is able to block attacks and its content library is updated daily (if you have the box connected to internet) to include new exploits, which most would have been verified with zero-day vulnerabilities.

The appliance based boxes are usually placed at the gateway in a DMZ taking a span of the traffic.  It adds a bit of latency.

The report will include identification reading of your infected machine since it "read" the traffic and given you a breakdown of the changes that is conducted within its "sandbox" to surface the indicator of compromise that covers the registry, file changes, privilege escalations, DNS calls made etc. Such IOC can be used for further threat hunting as it may not necessary be only that machine that is targeted. included a sample dashboard (below) for info, there are more and better to check further.

Others key one include in brief
- HX: Endpoint security solution that has agent in machine to surface root cause of alerts, with conduct of deep analyses of threats within machine and does Data Acquisition/Forensic.
- iSight: cyber intelligence feed service of emerging threats and analysis of threat actor
- Orchestrator: Central management of the FE devices and will cycle through the analysis and threat hunting based on derived or collected IoC from infected device or traffic inspected

Dashboard sample of NX
Rich RumbleSecurity Samurai
Top Expert 2006
Commented:
You can't rely on the whiz-bang products to secure your environment, but you can use evaluations of these products to drive home the points you've probably mentioned or talked about, but haven't been able to get fixed. We encourage clients to evaluate these products, looks that the problems in the network, and use the PoC's to help give you "teeth". If your mgmt doesn't listen to you, they may listen to one of these vendors coming in and saying you need to buy our product to help fix your x-y-z problems. Thing is, it's probably cheaper and arguably better to fix them at the root, rather than some fancy and expensive band-aid on a cancer.
There are a ton of vendors in this space:
Carbon Black  (formerly Bit9)
Check Point Software Technologies  
Cisco  
CounterTack  
CrowdStrike  
Cyberbit  
Cybereason  
Cynet  
Digital Guardian  
Endgame  
F-Secure  
Fidelis  
FireEye  
Guidance  
WatchGuard (Hexis Cyber Solutions' HawkEye G)  
Infocyte  
Invincea  
LightCyber  
McAfee, an Intel company  
Nehemiah Security (Triumfant)  
Nuix  
Outlier Security  
Panda Security  
Red Canary  
RSA  
SecureWorks  
SentinelOne  
Symantec  
Tanium  
Trend Micro  
Tripwire  
Verint  
Ziften
-rich
btanExec Consultant
Distinguished Expert 2018
Commented:
Indeed for defense in depth, FireEye is just one potential candidate in breach detection, and there are also the application aware firewall, next generation firewall, unified threat mgm etc...

See more of rhe breacj detection comparison https://www.nsslabs.com/research-advisory/library/infrastructure-security/breach-detection-systems/
btanExec Consultant
Distinguished Expert 2018

Commented:
As per advice given.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial