FireEye SD-WAN Netify Review

Netify Review

FireEye are a network security and XDR provider. They offer strong network detection and response capabilities which leverage their AI, machine-learning and MVX technologies, to block security breaches in real-time. The service is feature-rich, offering a broad range of on-premises and cloud-based deployment options to secure operating systems such as Apple OS X, Windows and Microsoft, as well as SaaS and cloud applications (Openstack, Azure, AWS, Kubernetes and Google Cloud Platform). They offer CASB (Cloud Access Security Broker) services through a partnership with CipherCloud, and an array of cloud security options via a collaboration with iBoss. 

Netify recommends FireEye to clients looking for detailed XDR and network security, with multiple deployment options and security for remote users. However, for businesses requiring SASE and ZTNA technologies, FireEye may not be a suitable fit.

About FireEye

FireEye are a privately held security company, whose headquarters are based in Milpitas, California, North America. The company was founded in 2004 by Ashar Aziz, and its parent company is the Symphony Technology Group. FireEye have received awards from Infosec Awards 2020 Best Product: FireEye Network and Security Management, AI ATAC 2020 Award: FireEye Network Security and CyberSecurity Excellence Awards 2021 for FireEye Cloudvisory, FireEye Email Security and FireEye Endpoint Security. FireEye currently hold a Net Promoter Score of 54. As of 8th October 2021, FireEye was merged with McAfee Enterprise through an acquisition by Symphony Technology Group creating a portfolio to protect customers across applications, endpoints, infrastructure and the cloud. The company was also featured as a future vendor in the Gartner “Innovation Insight for Extended Detection and Response” report. 

What are the Pros & Cons of FireEye Cybersecurity?

List of the pros and cons associated with FireEye cybersecurity.

FireEye Pros & Cons

wdt_ID wdt_created_by wdt_created_at wdt_last_edited_by wdt_last_edited_at Pros Cons
1 hyelland 04/11/2024 03:18 PM hyelland 04/11/2024 03:18 PM ✓ Cloud security for remote users: FireEye secures remote users via their partnership with iBoss to provide cloud security with threat and breach detection. ❌ Uncertainty in Threat Intelligence Services: Since parting ways from Mandiant, care must be taken as we are unable to identify to what extent FireEye has retained Threat Intelligence Services as part of their offering.
2 hyelland 04/11/2024 03:18 PM hyelland 04/11/2024 03:18 PM ✓ Extended Detection and Response (XDR): FireEye offers a strong XDR service, which leverages machine-learning and AI, along with Multi-Vector Virtual Execution (MVX) engines, to detect and block malicious traffic in real-time. ❌ Lack of ZTNA and SASE services: FireEye do not offer Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) services - businesses requiring such services may be cautioned.
Pros Cons

FireEye Pros & Cons

wdt_ID wdt_created_by wdt_created_at wdt_last_edited_by wdt_last_edited_at FireEye Pros FireEye Cons
1 hyelland 30/10/2024 11:59 AM hyelland 30/10/2024 11:59 AM Lightweight Expensive
2 hyelland 30/10/2024 11:59 AM hyelland 30/10/2024 11:59 AM Forensics enablement is second to none, thanks to FireEye / Mandiant collaboration Learning curve
3 hyelland 30/10/2024 11:59 AM hyelland 30/10/2024 11:59 AM Great reporting and analytics
FireEye Pros FireEye Cons

FireEye Managed CyberSecurity Pros & Cons

wdt_ID wdt_created_by wdt_created_at wdt_last_edited_by wdt_last_edited_at Pros Cons
1 hyelland 01/11/2024 03:17 PM hyelland 01/11/2024 03:17 PM Comprehensive security portfolio backed by threat intelligence and expertise  Expensive product 
2 hyelland 01/11/2024 03:17 PM hyelland 01/11/2024 03:17 PM Tons of integrations Expensive services 
3 hyelland 01/11/2024 03:17 PM hyelland 01/11/2024 03:17 PM World-class SIEM (Helix)  Expensive support 
Pros Cons

Comparison: FireEye vs Crowdstrike vs Palo Alto cybersecurity

Consider the points below to compare FireEye vs Crowdstrike vs Palo Alto cybersecurity.

FireEye

  • FireEye is a suitable choice for clients looking for Extended Detection and Response and network security solutions.
  • Does not offer full SASE.
  • Offers cloud security for AWS, Azure, and Google Cloud.

Palo Alto vs Fortinet vs FireEye vs Forcepoint Comparison

wdt_ID wdt_created_by wdt_created_at wdt_last_edited_by wdt_last_edited_at Palo Alto Fortinet FireEye Forcepoint
1 hyelland 04/11/2024 03:50 PM hyelland 04/11/2024 03:50 PM Palo Alto's main product focus is a converged SD WAN and SASE platform, delivered from the cloud. The solution supports remote and home workers as well as those on-premises. Fortinet offers hardware-based SASE and SD WAN, with offerings for Extended Detection and Response (XDR). FireEye offers XDR and cloud security services, with a range of managed security solutions. Forcepoint offers SASE with options for integrated data protection services.
2 hyelland 04/11/2024 03:50 PM hyelland 04/11/2024 03:50 PM Palo Alto offers fully featured SD WAN via their acquisition of CloudGenix. Fortinet's SD WAN offering was built internally from the ground up as a component of their overall solution. FireEye does not offer SD WAN or SASE services. Forcepoint does not have an SD WAN offering.
3 hyelland 04/11/2024 03:50 PM hyelland 04/11/2024 03:50 PM Palo Alto supports remote users with the Okyo Garde appliance, which works as an extension of the corporate network avoiding the need to configure VPNs. Fortinet supports users with cloud-delivered threat protection, which removes the need for legacy VPN technologies. FireEye offers security for remote users via a technology partnership with iBoss. The solution features authentication and SSL decryption, with intelligence-driven technologies to detect and protect against zero-day attacks. Forcepoint offers security for remote users via a cloud-delivered security gateway, Data Loss Prevention (DLP), and private access to applications.
Palo Alto Fortinet FireEye Forcepoint

Checkpoint vs FireEye Comparison

wdt_ID wdt_created_by wdt_created_at wdt_last_edited_by wdt_last_edited_at Check Point FireEye
1 hyelland 04/11/2024 03:10 PM hyelland 04/11/2024 03:10 PM Check Point is a good choice for large multinational corporations looking for granular security services. FireEye is a suitable choice for clients looking for Extended Detection and Response and network security solutions.
2 hyelland 04/11/2024 03:10 PM hyelland 04/11/2024 03:10 PM Check Point offers granular SASE services. Does not offer full SASE.
3 hyelland 04/11/2024 03:10 PM hyelland 04/11/2024 03:10 PM Offers security for AWS, Azure, and Google Cloud. Offers cloud security for AWS, Azure, and Google Cloud.
Check Point FireEye

What are FireEye's Solutions?

Helix Security Platform:

A SaaS security operations platform, offering clients the ability to control incidents in all areas. The product comes with automated alert validation to help manage false positives and alert volume. The Security Information Event Management (SIEM) service procures big data from remote systems and uses it to provide clients with a view into their organizations IT security. User and entity behavior analytics leverages machine-learning, statistical analysis and algorithms to detect internal and external security threats. FireEye Helix also uses machine-learning to baseline what a business’ normal behaviour is like, allowing for alerts to be created when anomalies and deviations occur. Real-time threat intelligence and customisable threat detections are able to detect multi-vector threats. Integrated Security Orchestration, Automation and Response (SOAR) is offered to create quick response times, reduced risk exposure and process consistency. Clients have the ability to prioritize alerts, focusing on true threats whilst customizing dashboards and accessing incident response playbooks.

Multi-Vector Virtual Execution (MVX) engine:

Designed to detect evasive attacks such as multi-flow and zero-day using dynamic and signature-less analysis, preventing infection and compromise phases of cyber-attack kill chains and identifying new exploits and malware.

FireEye Network Security:

Secures operating systems such as Apple OS X, Windows and Microsoft. The solution leverages MVX, dynamic machine-learning and artificial intelligence (AI) technologies, which inspect suspicious network traffic, detecting and blocking malicious activity in real-time. Intrusion Prevention System (IPS) detects attacks using conventional signature matching. The appliance is designed to sit behind next-generation firewalls (NGFW), secure web gateways (SWG) and IPS, aiding these solutions by detecting known and unknown attacks. The solution is able to analyze over 160 file types which include portable executables (PEs), active web content, Java, Adobe, Microsoft archives and media, applications and multimedia.

The solution can be deployed in a number of different ways:

Integrated Network Security, a comprehensive hardware-appliance with MVX service secures internet access points at a single site; 
Distributed Network Security, a set of extensible appliances which use an MVX service, securing Internet access points throughout an organization; 
Network Smart Node, which are physical or virtual appliances designed to analyze internet traffic and detect and block malicious traffic whilst sending suspicious activity to the MVX service for definitive verdict analysis. 
MVX Smart Grid: MVX service located on-premises offering transparent scalability, built-in N+1 fault tolerance and automated load balancing.

FireEye Cloud MVX:

An MVX subscription service, that offers security by analyzing traffic on the Network Smart Node. Any suspicious objects are sent to the MVX service to be filtered. 
Protection On-Premise or in the Cloud: Network Security in the Public Cloud, available in both AWS and Azure.
Multiple, Dynamic Machine Learning, AI and Correlation Engines: Designed to detect and block targeted, obfuscated and customized attacks using contextual, rule-based analysis with real-time insights which are gathered using hours of previous incident response experience. The product identifies malicious exploits such as malware, Command and Control (CnC) callbacks and phishing attacks and blocks them by preventing infection, compromise and intrusion phases of the cyber attack kill chain. Suspicious network traffic is extracted and submitted to the MVX engine for further analysis.

Network Forensics:

Network Forensics allows clients to use signature detection and protection from threats such as zero-days. The service includes code analysis, heuristics, emulation, statistical analysis and machine-learning in one sandbox solution. Includes high-fidelity alters, enhanced threat awareness from FireEye security practitioners and improves analyst efficiency by reducing alert volume. Integrated Intrusion Prevention System (IPS) and Dynamic Threat Intelligence are also available. Clients can choose to deploy the service in a variety of ways including on-premises, in-line and out of band, public and private cloud, hybrid and virtual offerings. In order to create a comprehensive end-to-end advanced threat protection security stack, clients can combine this service with FireEye Helix, FireEye Endpoint and Email Security. FireEye Network Forensics also has the ability to integrate with FireEye Network Security to provide packet captures associated with an alert, for in-depth investigations.

FireEye Detection On Demand:

Threat detection delivered as an Application Programing Interface (API) with capabilities to integrate with Security Operations Center (SOC) workflows, data repositories, SIEM analytics and client web applications, with flexible file and content analysis capabilities.

Endpoint Security:

Uses multi-engine protection to secure endpoints in a single modular agent, blocking advanced threats with machine-learning engine MalwareGuard, common malware using a signature-based engine, application exploits with behavior analysis engine ExploitGuard and protects from new vectors using Endpoint Security Modules. Endpoint Security also leverages threat detection and response to identify threat activity using a real-time indicator of compromise (IOC) engine, tools and techniques to enable response to breaches, logged activity timelines to be used in forensic analysis, and the ability to stream alerts and information to the FireEye Helix XDR. Real-time forensics investigation is also available, allowing clients to assign severity and priority to alerts using triage, investigate and determine threat artefacts using deep-dive, and find threat artefacts across endpoints using Enterprise hunting. FireEye Network Security detects and contains security compromises, which are sent to FireEye Endpoint Security for remediation. 
Email Security: FireEye secure email gateway allows clients to protect against advanced email threats such as spear-phishing and impersonation.  The solution uses machine-learning to minimize risks, identify false positives, block phishing attempts and track attack activity. Because threats are blocked in-line, alert fatigue is minimized which allows security teams to manage policies and customize responses depending on the severity of an attack. FireEye email security is available in two packages: FireEye Email Security- Cloud Edition, which integrates with cloud email platforms such as Microsoft 365; and FireEye Email Security - Server Edition, which is located on-premises as an appliance or virtual sensor, with the capability to block malware and spear-phishing emails. FireEye Central Management is available to correlate alerts form FireEye Network security with FireEye Email Security, providing a clear view of any attacks. 

CloudVisory:

A multi-cloud security solution providing ad-hoc Cloud Security Audits, Single-pane-of-glass Cloud Security, Continuous Cloud Security Analytics and Network Flow Visualization. The platform also offers protection from exposure and compliance violation by reducing the risk of cloud security misconfiguration using Extendable Compliance Framework, Cloud Vulnerability Management, Cloud Security Compliance Guardrails and Risk Analysis and Remediation. Finally, the solution uses machine-learning to detect anomalies, with Cloud Security Policy Management, Threat Detection and Response, Intelligent Micro-segmentation and Automated Policy Governance. 

Detection On Demand:

A threat detection service designed to discover security threats in the cloud, SIEM, SOC or files that are uploaded to web applications. The service can detect both known and unknown threats by inspecting cloud infrastructure and business-logic of data in cloud applications, and is deployable across the entire cloud ecosystem, including with solutions such as Dropbox, Slack and Salesforce. The solution also leverages threat intelligence from the FireEye SOC. Detection On Demand can be embedded in a clients products, using their API. 

FireEye + iBoss Cloud Security:

FireEye have collaborated with SASE and security provider iBoss to create a network and cloud security platform with advanced threat protection and data breach prevention. The solution is deployed via the cloud and is able to secure any endpoint regardless of the end-user’s location or form factor- anything from laptop, desktop, tablet, IoT, server or any other mobile device, securing remote users. (See, How does FireEye support remote users?).

What is the FireEye SASE security solution?

FireEye do not currently offer a full SASE solution. However, their partnership with iBoss provides a cloud network security solution with advanced threat protection and the ability to secure devices both on-premises and in a remote setting (see, FireEye Products and Services: FireEye + iBoss Cloud Security). 

What Zero Trust Network Access (ZTNA) Solution is Supported by FireEye?

FireEye do not currently offer a ZTNA solution. 

What CASB Solution is Supported by FireEye?

FireEye does not offer CASB directly. However, they recently collaborated with CipherCloud, a leading cloud security provider offering a zero-trust CASB solution. The collaboration offers clients FireEye Detection On Demand, which reviews any content found across a SaaS or cloud application, whilst CipherCloud CASB secures the cloud environment. This data can be viewed in the CipherCloud dashboard via the FireEye Helix. 

What SWG Solution is Supported by FireEye?

FireEye do not offer SWG solutions directly, however the FireEye Network Security product is designed to sit behind SWG appliances, aiding them by detecting both known and unknown attacks.

What FWaaS Solution is Supported by FireEye?

FireEye do not offer their own Firewall as a Service (FWaaS) solution, but their FireEye Network Security product offers added detection and response capabilities when deployed with a FWaaS solution or NGFW.

What XDR Solution is Supported by FireEye?

FireEye offers detection, protection and response technology via their cloud-based XDR platform. This offers clients increased visibility and detection abilities, leveraging security expertise from their SOC, best practice security playbooks and security analytics. All FireEye products have the capability to work alongside existing third-party solutions. FireEye XDR combines FireEye Helix, FireEye Email, FireEye Cloud, FireEye Network, FireEye Endpoint and Third Party Tools (see, FireEye products and services).

How does FireEye deliver cloud security?

FireEye offer a range of cloud security products, designed to replace legacy security tools by combining protection and visibility into their services. (See, FireEye products and services: FireEye + iBoss Cloud Security). 

Cloud Security Products:

FireEye Cloudvisory: A designated control center for cloud security, designed to offer increased visibility, and with the capability to comply with a number of security environments, including Kubernetes, AWS, Azure, Google Cloud Platform and Openstack. 
FireEye Email Security: A secure email gateway that offers protection from email-borne threats. 

FireEye Helix: Designed to integrate disparate security tools and augment them with SIEM services, threat intelligence capabilities and orchestrators. Presents as a security operations platform.

FireEye Detection On Demand: Threat detection service with content scanning and flexible file capabilities, which identifies file-borne threats in client web applications and cloud. 

FireEye Network Security and Forensics: A threat and breach detection solution which offers visibility into sophisticated attacks to protect assets, users and networks from potential security threats.

How does FireEye support remote users?

FireEye supports remote users via their collaboration with iBoss, providing a cloud-based advanced threat and breach detection platform which offers threat visibility and network protections to protect users regardless of location. The solution leverages patented FireEye MVX analysis and intelligence-driven technologies to detect and protect against threats such as zero-days, utilizing intelligence to provide high-fidelity alerts. The solution leverages authentication and SSL decryption from iBoss and proxy and SSL Re-Encrypt from FireEye.

What is the FireEye managed, co-managed and DIY services solution?

FireEye offer FireEye as a Service as their fully managed security offering. This solution provides managed detection, investigation and response by FireEye experts. Individual FireEye products can also be integrated into new or existing DIY networks through its Bring Your Own Network (BYON), network agnostic functionality.

What Reporting and Management is available via the FireEye Portal?

FireEye Threat Intelligence Portal: Provides access to Helix: Intelligence, Helix EU: Intelligence and FireEye Threat Intelligence via a web browser. Allows access to intelligence reports and FireEye Threat Intelligence resources as per chosen subscription. Caution should be taken on the exact features of the FireEye portal, since splitting with Mandiant some information may be inaccurate or outdated. 

FireEye Customer Portal: FireEye offer a browser based portal for customer account management, access to network reporting and analytics is available through the FireEye platform itself. 
Documentation Portal: Customer access to technical documents, offers interactive multimedia to ensure customers make the most out of their product such as, guides, instructional and hardware videos.

Frequently Asked Questions

Which industries do FireEye deliver solutions for?

FireEye offers specific security services for the following:

  • Cloud
  • Education 
  • Financial Services 
  • Government 
  • Healthcare 
  • Industrial Control Systems 
  • Retail
FireEye Global Services Provider Partners
  • Bell
  • BT
  • DXC Technology
  • ElevenPaths
  • Fujitsu
  • IBM
  • Macquarie Government 
  • Mphasis
  • NTT Communications / NTT Com Security 
  • NTT Ltd.
  • Singtel
FireEye Technology Solution Partners

Cloud Providers 

  • Amazon Web Services 
  • Microsoft Azure 

FireEye Helix Security Platform 

  • ThreatConnect

Industrial Control Systems

  • Waterfall Security 

Insider Threat 

  • innerActiv

Integrated Security Solutions

  • F5

Network Access Control 

  • ForeScout

Network Cloud Security 

  • iBoss

Privileged Account Management 

  • CyberArk

Security Delivery Platform 

  • Gigamon 
  • Keysight
FireEye Affinity Resellers

Affinity Platinum Partners

  • Apollo
  • BT
  • CDW
  • ClearShark
  • Dimension data
  • DYNTEK
  • FCN Inc.
  • GuidePoint
  • Herjavek
  • IBM
  • Insight
  • KDDI
  • NTT
  • OPTIV
  • Presidio
  • rSolutions
  • Shi
  • Sirius 
  • Softchoice

Gold and Silver Affinity Partners not featured.