FireEye Cybersecurity Solutions

FireEye Cybersecurity Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about FireEye and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

FireEye are a network security and XDR provider. They offer strong network detection and response capabilities which leverage their AI, machine-learning and MVX technologies, to block security breaches in real-time. The service is feature-rich, offering a broad range of on-premises and cloud-based deployment options to secure operating systems such as Apple OS X, Windows and Microsoft, as well as SaaS and cloud applications (Openstack, Azure, AWS, Kubernetes and Google Cloud Platform). They offer CASB (Cloud Access Security Broker) services through a partnership with CipherCloud, and an array of cloud security options via a collaboration with iBoss. 

Netify recommends FireEye to clients looking for detailed XDR and network security, with multiple deployment options and security for remote users. However, for businesses requiring SASE and ZTNA technologies, FireEye may not be a suitable fit.

About FireEye

FireEye are a privately held security company, whose headquarters are based in Milpitas, California, North America. The company was founded in 2004 by Ashar Aziz, and its parent company is the Symphony Technology Group. FireEye have received awards from Infosec Awards 2020 Best Product: FireEye Network and Security Management, AI ATAC 2020 Award: FireEye Network Security and CyberSecurity Excellence Awards 2021 for FireEye Cloudvisory, FireEye Email Security and FireEye Endpoint Security. FireEye currently hold a Net Promoter Score of 54. As of 8th October 2021, FireEye was merged with McAfee Enterprise through an acquisition by Symphony Technology Group creating a portfolio to protect customers across applications, endpoints, infrastructure and the cloud. The company was also featured as a future vendor in the Gartner “Innovation Insight for Extended Detection and Response” report. 

What are FireEye's Solutions?

• Integrated Network Security, a comprehensive hardware-appliance with MVX service secures internet access points at a single site; 
• Distributed Network Security, a set of extensible appliances which use an MVX service, securing Internet access points throughout an organization; 
• Network Smart Node, which are physical or virtual appliances designed to analyze internet traffic and detect and block malicious traffic whilst sending suspicious activity to the MVX service for definitive verdict analysis. 
• MVX Smart Grid: MVX service located on-premises offering transparent scalability, built-in N+1 fault tolerance and automated load balancing. 
• FireEye Cloud MVX: An MVX subscription service, that offers security by analyzing traffic on the Network Smart Node. Any suspicious objects are sent to the MVX service to be filtered. 
• Protection On-Premise or in the Cloud: Network Security in the Public Cloud, available in both AWS and Azure.

• Multiple, Dynamic Machine Learning, AI and Correlation Engines: Designed to detect and block targeted, obfuscated and customized attacks using contextual, rule-based analysis with real-time insights which are gathered using hours of previous incident response experience. The product identifies malicious exploits such as malware, Command and Control (CnC) callbacks and phishing attacks and blocks them by preventing infection, compromise and intrusion phases of the cyber attack kill chain. Suspicious network traffic is extracted and submitted to the MVX engine for further analysis. 
• Network Forensics: Network Forensics allows clients to use signatureless detection and protection from threats such as zero-days. The service includes code analysis, heuristics, emulation, statistical analysis and machine-learning in one sandbox solution. Includes high-fidelity alters, enhanced threat awareness from FireEye security practitioners and improves analyst efficiency by reducing alert volume. Integrated Intrusion Prevention System (IPS) and Dynamic Threat Intelligence are also available. Clients can choose to deploy the service in a variety of ways including on-premises, in-line and out of band, public and private cloud, hybrid and virtual offerings. In order to create a comprehensive end-to-end advanced threat protection security stack, clients can combine this service with FireEye Helix, FireEye Endpoint and Email Security. FireEye Network Forensics also has the ability to integrate with FireEye Network Security to provide packet captures associated with an alert, for in-depth investigations. 
• FireEye Detection On Demand: Threat detection delivered as an Application Programing Interface (API) with capabilities to integrate with Security Operations Center (SOC) workflows, data repositories, SIEM analytics and client web applications, with flexible file and content analysis capabilities. 
• Endpoint Security: Uses multi-engine protection to secure endpoints in a single modular agent, blocking advanced threats with machine-learning engine MalwareGuard, common malware using a signature-based engine, application exploits with behavior analysis engine ExploitGuard and protects from new vectors using Endpoint Security Modules. Endpoint Security also leverages threat detection and response to identify threat activity using a real-time indicator of compromise (IOC) engine, tools and techniques to enable response to breaches, logged activity timelines to be used in forensic analysis, and the ability to stream alerts and information to the FireEye Helix XDR. Real-time forensics investigation is also available, allowing clients to assign severity and priority to alerts using triage, investigate and determine threat artefacts using deep-dive, and find threat artefacts across endpoints using Enterprise hunting. FireEye Network Security detects and contains security compromises, which are sent to FireEye Endpoint Security for remediation. 
• Email Security: FireEye secure email gateway allows clients to protect against advanced email threats such as spear-phishing and impersonation.  The solution uses machine-learning to minimize risks, identify false positives, block phishing attempts and track attack activity. Because threats are blocked in-line, alert fatigue is minimized which allows security teams to manage policies and customize responses depending on the severity of an attack. FireEye email security is available in two packages: FireEye Email Security- Cloud Edition, which integrates with cloud email platforms such as Microsoft 365; and FireEye Email Security - Server Edition, which is located on-premises as an appliance or virtual sensor, with the capability to block malware and spear-phishing emails. FireEye Central Management is available to correlate alerts form FireEye Network security with FireEye Email Security, providing a clear view of any attacks. 
• CloudVisory: A multi-cloud security solution providing ad-hoc Cloud Security Audits, Single-pane-of-glass Cloud Security, Continuous Cloud Security Analytics and Network Flow Visualization. The platform also offers protection from exposure and compliance violation by reducing the risk of cloud security misconfiguration using Extendable Compliance Framework, Cloud Vulnerability Management, Cloud Security Compliance Guardrails and Risk Analysis and Remediation. Finally, the solution uses machine-learning to detect anomalies, with Cloud Security Policy Management, Threat Detection and Response, Intelligent Micro-segmentation and Automated Policy Governance. 
• Detection On Demand: A threat detection service designed to discover security threats in the cloud, SIEM, SOC or files that are uploaded to web applications. The service can detect both known and unknown threats by inspecting cloud infrastructure and business-logic of data in cloud applications, and is deployable across the entire cloud ecosystem, including with solutions such as Dropbox, Slack and Salesforce. The solution also leverages threat intelligence from the FireEye SOC. Detection On Demand can be embedded in a clients products, using their API. 
• FireEye + iBoss Cloud Security: FireEye have collaborated with SASE and security provider iBoss to create a network and cloud security platform with advanced threat protection and data breach prevention. The solution is deployed via the cloud and is able to secure any endpoint regardless of the end-user’s location or form factor- anything from laptop, desktop, tablet, IoT, server or any other mobile device, securing remote users. (See, How does FireEye support remote users?).

What is the FireEye SASE security solution?

FireEye do not currently offer a full SASE solution. However, their partnership with iBoss provides a cloud network security solution with advanced threat protection and the ability to secure devices both on-premises and in a remote setting (see, FireEye Products and Services: FireEye + iBoss Cloud Security). 

What Zero Trust Network Access (ZTNA) Solution is Supported by FireEye?

FireEye do not currently offer a ZTNA solution. 

What CASB Solution is Supported by FireEye?

FireEye does not offer CASB directly. However, they recently collaborated with CipherCloud, a leading cloud security provider offering a zero-trust CASB solution. The collaboration offers clients FireEye Detection On Demand, which reviews any content found across a SaaS or cloud application, whilst CipherCloud CASB secures the cloud environment. This data can be viewed in the CipherCloud dashboard via the FireEye Helix. 

What SWG Solution is Supported by FireEye?

FireEye do not offer SWG solutions directly, however the FireEye Network Security product is designed to sit behind SWG appliances, aiding them by detecting both known and unknown attacks (See, FireEye Products and Services: FireEye Network Security). 

What FWaaS Solution is Supported by FireEye?

FireEye do not offer their own Firewall as a Service (FWaaS) solution, but their FireEye Network Security product offers added detection and response capabilities when deployed with a FWaaS solution or NGFW.

What XDR Solution is Supported by FireEye?

FireEye offers detection, protection and response technology via their cloud-based XDR platform. This offers clients increased visibility and detection abilities, leveraging security expertise from their SOC, best practice security playbooks and security analytics. All FireEye products have the capability to work alongside existing third-party solutions. FireEye XDR combines FireEye Helix, FireEye Email, FireEye Cloud, FireEye Network, FireEye Endpoint and Third Party Tools (see, FireEye products and services).

How does FireEye deliver cloud security?

FireEye offer a range of cloud security products, designed to replace legacy security tools by combining protection and visibility into their services. (See, FireEye products and services: FireEye + iBoss Cloud Security). 

Cloud Security Products:

• FireEye Cloudvisory: A designated control center for cloud security, designed to offer increased visibility, and with the capability to comply with a number of security environments, including Kubernetes, AWS, Azure, Google Cloud Platform and Openstack. 
• FireEye Email Security: A secure email gateway that offers protection from email-borne threats. 
• FireEye Helix: Designed to integrate disparate security tools and augment them with SIEM services, threat intelligence capabilities and orchestrators. Presents as a security operations platform. 
• FireEye Detection On Demand: Threat detection service with content scanning and flexible file capabilities, which identifies file-borne threats in client web applications and cloud. 
• FireEye Network Security and Forensics: A threat and breach detection solution which offers visibility into sophisticated attacks to protect assets, users and networks from potential security threats.

How does FireEye support remote users?

FireEye supports remote users via their collaboration with iBoss, providing a cloud-based advanced threat and breach detection platform which offers threat visibility and network protections to protect users regardless of location. The solution leverages patented FireEye MVX analysis and intelligence-driven technologies to detect and protect against threats such as zero-days, utilizing intelligence to provide high-fidelity alerts. The solution leverages authentication and SSL decryption from iBoss and proxy and SSL Re-Encrypt from FireEye.

What is the FireEye managed, co-managed and DIY services solution?

FireEye offer FireEye as a Service as their fully managed security offering. This solution provides managed detection, investigation and response by FireEye experts. Individual FireEye products can also be integrated into new or existing DIY networks through its Bring Your Own Network (BYON), network agnostic functionality.

What Reporting and Management is available via the FireEye Portal?

FireEye Threat Intelligence Portal: Provides access to Helix: Intelligence, Helix EU: Intelligence and FireEye Threat Intelligence via a web browser. Allows access to intelligence reports and FireEye Threat Intelligence resources as per chosen subscription. Caution should be taken on the exact features of the FireEye portal, since splitting with Mandiant some information may be inaccurate or outdated. 

• FireEye Customer Portal: FireEye offer a browser based portal for customer account management, access to network reporting and analytics is available through the FireEye platform itself. 
• Documentation Portal: Customer access to technical documents, offers interactive multimedia to ensure customers make the most out of their product such as, guides, instructional and hardware videos.

What is the FireEye SLA?

Below is a table displaying the main focus points of the FireEye Service Level Agreement (SLA). 

FireEye Helix Portal:

FireEye Email Security - Cloud Edition / FireEye Email Threat Prevention (ETP):

(FireEye, 2021) Find out more at: https://www.fireeye.com/company/legal/service-levels.html