FireEye SD-WAN Netify Review

What are FireEye's Solutions?

Helix Security Platform:

A SaaS security operations platform, offering clients the ability to control incidents in all areas. The product comes with automated alert validation to help manage false positives and alert volume. The Security Information Event Management (SIEM) service procures big data from remote systems and uses it to provide clients with a view into their organizations IT security. User and entity behavior analytics leverages machine-learning, statistical analysis and algorithms to detect internal and external security threats. FireEye Helix also uses machine-learning to baseline what a business’ normal behaviour is like, allowing for alerts to be created when anomalies and deviations occur. Real-time threat intelligence and customisable threat detections are able to detect multi-vector threats. Integrated Security Orchestration, Automation and Response (SOAR) is offered to create quick response times, reduced risk exposure and process consistency. Clients have the ability to prioritize alerts, focusing on true threats whilst customizing dashboards and accessing incident response playbooks.

Multi-Vector Virtual Execution (MVX) engine:

Designed to detect evasive attacks such as multi-flow and zero-day using dynamic and signature-less analysis, preventing infection and compromise phases of cyber-attack kill chains and identifying new exploits and malware.

FireEye Network Security:

Secures operating systems such as Apple OS X, Windows and Microsoft. The solution leverages MVX, dynamic machine-learning and artificial intelligence (AI) technologies, which inspect suspicious network traffic, detecting and blocking malicious activity in real-time. Intrusion Prevention System (IPS) detects attacks using conventional signature matching. The appliance is designed to sit behind next-generation firewalls (NGFW), secure web gateways (SWG) and IPS, aiding these solutions by detecting known and unknown attacks. The solution is able to analyze over 160 file types which include portable executables (PEs), active web content, Java, Adobe, Microsoft archives and media, applications and multimedia.

The solution can be deployed in a number of different ways:

Integrated Network Security, a comprehensive hardware-appliance with MVX service secures internet access points at a single site; 
Distributed Network Security, a set of extensible appliances which use an MVX service, securing Internet access points throughout an organization; 
Network Smart Node, which are physical or virtual appliances designed to analyze internet traffic and detect and block malicious traffic whilst sending suspicious activity to the MVX service for definitive verdict analysis. 
MVX Smart Grid: MVX service located on-premises offering transparent scalability, built-in N+1 fault tolerance and automated load balancing.

FireEye Cloud MVX:

An MVX subscription service, that offers security by analyzing traffic on the Network Smart Node. Any suspicious objects are sent to the MVX service to be filtered. 
Protection On-Premise or in the Cloud: Network Security in the Public Cloud, available in both AWS and Azure.
Multiple, Dynamic Machine Learning, AI and Correlation Engines: Designed to detect and block targeted, obfuscated and customized attacks using contextual, rule-based analysis with real-time insights which are gathered using hours of previous incident response experience. The product identifies malicious exploits such as malware, Command and Control (CnC) callbacks and phishing attacks and blocks them by preventing infection, compromise and intrusion phases of the cyber attack kill chain. Suspicious network traffic is extracted and submitted to the MVX engine for further analysis.

Network Forensics:

Network Forensics allows clients to use signature detection and protection from threats such as zero-days. The service includes code analysis, heuristics, emulation, statistical analysis and machine-learning in one sandbox solution. Includes high-fidelity alters, enhanced threat awareness from FireEye security practitioners and improves analyst efficiency by reducing alert volume. Integrated Intrusion Prevention System (IPS) and Dynamic Threat Intelligence are also available. Clients can choose to deploy the service in a variety of ways including on-premises, in-line and out of band, public and private cloud, hybrid and virtual offerings. In order to create a comprehensive end-to-end advanced threat protection security stack, clients can combine this service with FireEye Helix, FireEye Endpoint and Email Security. FireEye Network Forensics also has the ability to integrate with FireEye Network Security to provide packet captures associated with an alert, for in-depth investigations.

FireEye Detection On Demand:

Threat detection delivered as an Application Programing Interface (API) with capabilities to integrate with Security Operations Center (SOC) workflows, data repositories, SIEM analytics and client web applications, with flexible file and content analysis capabilities.

Endpoint Security:

Uses multi-engine protection to secure endpoints in a single modular agent, blocking advanced threats with machine-learning engine MalwareGuard, common malware using a signature-based engine, application exploits with behavior analysis engine ExploitGuard and protects from new vectors using Endpoint Security Modules. Endpoint Security also leverages threat detection and response to identify threat activity using a real-time indicator of compromise (IOC) engine, tools and techniques to enable response to breaches, logged activity timelines to be used in forensic analysis, and the ability to stream alerts and information to the FireEye Helix XDR. Real-time forensics investigation is also available, allowing clients to assign severity and priority to alerts using triage, investigate and determine threat artefacts using deep-dive, and find threat artefacts across endpoints using Enterprise hunting. FireEye Network Security detects and contains security compromises, which are sent to FireEye Endpoint Security for remediation. 
Email Security: FireEye secure email gateway allows clients to protect against advanced email threats such as spear-phishing and impersonation.  The solution uses machine-learning to minimize risks, identify false positives, block phishing attempts and track attack activity. Because threats are blocked in-line, alert fatigue is minimized which allows security teams to manage policies and customize responses depending on the severity of an attack. FireEye email security is available in two packages: FireEye Email Security- Cloud Edition, which integrates with cloud email platforms such as Microsoft 365; and FireEye Email Security - Server Edition, which is located on-premises as an appliance or virtual sensor, with the capability to block malware and spear-phishing emails. FireEye Central Management is available to correlate alerts form FireEye Network security with FireEye Email Security, providing a clear view of any attacks. 

CloudVisory:

A multi-cloud security solution providing ad-hoc Cloud Security Audits, Single-pane-of-glass Cloud Security, Continuous Cloud Security Analytics and Network Flow Visualization. The platform also offers protection from exposure and compliance violation by reducing the risk of cloud security misconfiguration using Extendable Compliance Framework, Cloud Vulnerability Management, Cloud Security Compliance Guardrails and Risk Analysis and Remediation. Finally, the solution uses machine-learning to detect anomalies, with Cloud Security Policy Management, Threat Detection and Response, Intelligent Micro-segmentation and Automated Policy Governance. 

Detection On Demand:

A threat detection service designed to discover security threats in the cloud, SIEM, SOC or files that are uploaded to web applications. The service can detect both known and unknown threats by inspecting cloud infrastructure and business-logic of data in cloud applications, and is deployable across the entire cloud ecosystem, including with solutions such as Dropbox, Slack and Salesforce. The solution also leverages threat intelligence from the FireEye SOC. Detection On Demand can be embedded in a clients products, using their API. 

FireEye + iBoss Cloud Security:

FireEye have collaborated with SASE and security provider iBoss to create a network and cloud security platform with advanced threat protection and data breach prevention. The solution is deployed via the cloud and is able to secure any endpoint regardless of the end-user’s location or form factor- anything from laptop, desktop, tablet, IoT, server or any other mobile device, securing remote users. (See, How does FireEye support remote users?).

What is the FireEye SASE security solution?

FireEye do not currently offer a full SASE solution. However, their partnership with iBoss provides a cloud network security solution with advanced threat protection and the ability to secure devices both on-premises and in a remote setting (see, FireEye Products and Services: FireEye + iBoss Cloud Security). 

What Zero Trust Network Access (ZTNA) Solution is Supported by FireEye?

FireEye do not currently offer a ZTNA solution. 

What CASB Solution is Supported by FireEye?

FireEye does not offer CASB directly. However, they recently collaborated with CipherCloud, a leading cloud security provider offering a zero-trust CASB solution. The collaboration offers clients FireEye Detection On Demand, which reviews any content found across a SaaS or cloud application, whilst CipherCloud CASB secures the cloud environment. This data can be viewed in the CipherCloud dashboard via the FireEye Helix. 

What SWG Solution is Supported by FireEye?

FireEye do not offer SWG solutions directly, however the FireEye Network Security product is designed to sit behind SWG appliances, aiding them by detecting both known and unknown attacks.

What FWaaS Solution is Supported by FireEye?

FireEye do not offer their own Firewall as a Service (FWaaS) solution, but their FireEye Network Security product offers added detection and response capabilities when deployed with a FWaaS solution or NGFW.

What XDR Solution is Supported by FireEye?

FireEye offers detection, protection and response technology via their cloud-based XDR platform. This offers clients increased visibility and detection abilities, leveraging security expertise from their SOC, best practice security playbooks and security analytics. All FireEye products have the capability to work alongside existing third-party solutions. FireEye XDR combines FireEye Helix, FireEye Email, FireEye Cloud, FireEye Network, FireEye Endpoint and Third Party Tools (see, FireEye products and services).

How does FireEye deliver cloud security?

FireEye offer a range of cloud security products, designed to replace legacy security tools by combining protection and visibility into their services. (See, FireEye products and services: FireEye + iBoss Cloud Security). 

Cloud Security Products:

FireEye Cloudvisory: A designated control center for cloud security, designed to offer increased visibility, and with the capability to comply with a number of security environments, including Kubernetes, AWS, Azure, Google Cloud Platform and Openstack. 
FireEye Email Security: A secure email gateway that offers protection from email-borne threats. 

FireEye Helix: Designed to integrate disparate security tools and augment them with SIEM services, threat intelligence capabilities and orchestrators. Presents as a security operations platform.

FireEye Detection On Demand: Threat detection service with content scanning and flexible file capabilities, which identifies file-borne threats in client web applications and cloud. 

FireEye Network Security and Forensics: A threat and breach detection solution which offers visibility into sophisticated attacks to protect assets, users and networks from potential security threats.

How does FireEye support remote users?

FireEye supports remote users via their collaboration with iBoss, providing a cloud-based advanced threat and breach detection platform which offers threat visibility and network protections to protect users regardless of location. The solution leverages patented FireEye MVX analysis and intelligence-driven technologies to detect and protect against threats such as zero-days, utilizing intelligence to provide high-fidelity alerts. The solution leverages authentication and SSL decryption from iBoss and proxy and SSL Re-Encrypt from FireEye.

What is the FireEye managed, co-managed and DIY services solution?

FireEye offer FireEye as a Service as their fully managed security offering. This solution provides managed detection, investigation and response by FireEye experts. Individual FireEye products can also be integrated into new or existing DIY networks through its Bring Your Own Network (BYON), network agnostic functionality.

What Reporting and Management is available via the FireEye Portal?

FireEye Threat Intelligence Portal: Provides access to Helix: Intelligence, Helix EU: Intelligence and FireEye Threat Intelligence via a web browser. Allows access to intelligence reports and FireEye Threat Intelligence resources as per chosen subscription. Caution should be taken on the exact features of the FireEye portal, since splitting with Mandiant some information may be inaccurate or outdated. 

FireEye Customer Portal: FireEye offer a browser based portal for customer account management, access to network reporting and analytics is available through the FireEye platform itself. 
Documentation Portal: Customer access to technical documents, offers interactive multimedia to ensure customers make the most out of their product such as, guides, instructional and hardware videos.