FireEye

I'm interested in FireEye. I know that they offer multiple products for protecting networks. What do the various products provide to the Network Admins? How finely detailed are the reports that are generated? Can they show what software is running on individual computers? Are files visible? Are files visible only on the domain, or on the local machine also? Points awarded for helpful information. Thanks.
mzimermanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
FireEye has suite of product and it is best spoken with their tech sales on your interested use case. But the main solution is on breach detection device which they covers the following in briefly - their website has more info

- AX: Malware analysis sandbox which is for offline in depth dissecting and evaluating the malicious code (trojan, worms etc) behaviours in an infected virtual machine running Windows. Overall, it will have replayed the traffic, executed the file, seen the payload, identified the changes to the infected machine and, if you allow it to, blackholed the call backs to any C&C servers on the web whilst generating a signature for the file to prevent other machines downloading the file.  

- NX : Similarly as AX to do the analysis but it is not in depth as it will be inspecting the Web traffic that go through it and decide if action can be taken to block or drop etc based on the checks of indicator of compromise and attacks. It is able to block attacks and its content library is updated daily (if you have the box connected to internet) to include new exploits, which most would have been verified with zero-day vulnerabilities.

The appliance based boxes are usually placed at the gateway in a DMZ taking a span of the traffic.  It adds a bit of latency.

The report will include identification reading of your infected machine since it "read" the traffic and given you a breakdown of the changes that is conducted within its "sandbox" to surface the indicator of compromise that covers the registry, file changes, privilege escalations, DNS calls made etc. Such IOC can be used for further threat hunting as it may not necessary be only that machine that is targeted. included a sample dashboard (below) for info, there are more and better to check further.

Others key one include in brief
- HX: Endpoint security solution that has agent in machine to surface root cause of alerts, with conduct of deep analyses of threats within machine and does Data Acquisition/Forensic.
- iSight: cyber intelligence feed service of emerging threats and analysis of threat actor
- Orchestrator: Central management of the FE devices and will cycle through the analysis and threat hunting based on derived or collected IoC from infected device or traffic inspected

Dashboard sample of NX
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rich RumbleSecurity SamuraiCommented:
You can't rely on the whiz-bang products to secure your environment, but you can use evaluations of these products to drive home the points you've probably mentioned or talked about, but haven't been able to get fixed. We encourage clients to evaluate these products, looks that the problems in the network, and use the PoC's to help give you "teeth". If your mgmt doesn't listen to you, they may listen to one of these vendors coming in and saying you need to buy our product to help fix your x-y-z problems. Thing is, it's probably cheaper and arguably better to fix them at the root, rather than some fancy and expensive band-aid on a cancer.
There are a ton of vendors in this space:
Carbon Black  (formerly Bit9)
Check Point Software Technologies  
Cisco  
CounterTack  
CrowdStrike  
Cyberbit  
Cybereason  
Cynet  
Digital Guardian  
Endgame  
F-Secure  
Fidelis  
FireEye  
Guidance  
WatchGuard (Hexis Cyber Solutions' HawkEye G)  
Infocyte  
Invincea  
LightCyber  
McAfee, an Intel company  
Nehemiah Security (Triumfant)  
Nuix  
Outlier Security  
Panda Security  
Red Canary  
RSA  
SecureWorks  
SentinelOne  
Symantec  
Tanium  
Trend Micro  
Tripwire  
Verint  
Ziften
-rich
0
btanExec ConsultantCommented:
Indeed for defense in depth, FireEye is just one potential candidate in breach detection, and there are also the application aware firewall, next generation firewall, unified threat mgm etc...

See more of rhe breacj detection comparison https://www.nsslabs.com/research-advisory/library/infrastructure-security/breach-detection-systems/
0
btanExec ConsultantCommented:
As per advice given.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.