Log In
vendor-logo

FireEye Cybersecurity Comparison, Review, Use Cases, News, Pros & Cons

Schedule a Zoom demo
Local sales contact
Request contact

All the tools you need to compare SD WAN vendors. Here's how to start using them now.

  • Use the quick assessment tool and find your perfect SD WAN match
  • View the Marketplace and read extensive research across 30+ solutions
  • Book a Zoom call with an advisor

Learn more about the SD WAN Marketplace, quick assessment and free advisory.

Get everything you need →

Focus

Proposition Focus

25%
35%
15%
25%
Managed Services
Extended Detection and Response
Portal
Cloud

Cloud Focus

40%
40%
20%
AWS
Azure
Google Cloud

Other Focus

30%
20%
30%
20%
Remote Users
FWaaS
CASB
SWG

Summary

Analyst: Abigail Sturt Contact: asturt@netify.co.uk 

If you have questions about FireEye and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com 

(Please use the UK email for ROW - Rest of the World - questions or enquiries)

Categories: 

  • Extended Detection and Response Provider 
  • Network Security Provider 

Sub-categories:

  • Multi-Cloud Security 
  • Endpoint Security 
  • Email Security 
  • Security Platform 
  • Forensics

Pros:

  • FireEye secures remote users via their partnership with iBoss to provide cloud security with threat and breach detection. 
  • FireEye offer a strong Extended Detection and Response (XDR) service, which leverages machine-learning and AI, along with Multi-Vector Virtual Execution (MVX) engines, to detect and block malicious traffic in real-time. 

Cons:

  • Since parting ways from Mandiant, care must be taken as we are unable to identify to what extent FireEye has retained Threat Intelligence Services as part of their offering. 
  • FireEye do not offer Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) services - businesses requiring such services may be cautioned. 

Netify Review:

FireEye are a network security and XDR provider. They offer strong network detection and response capabilities which leverage their AI, machine-learning and MVX technologies, to block security breaches in real-time. The service is feature-rich, offering a broad range of on-premises and cloud-based deployment options to secure operating systems such as Apple OS X, Windows and Microsoft, as well as SaaS and cloud applications (Openstack, Azure, AWS, Kubernetes and Google Cloud Platform). They offer CASB (Cloud Access Security Broker) services through a partnership with CipherCloud, and an array of cloud security options via a collaboration with iBoss. 

Netify recommends FireEye to clients looking for detailed XDR and network security, with multiple deployment options and security for remote users. However, for businesses requiring SASE and ZTNA technologies, FireEye may not be a suitable fit. 

Contents:

  • About FireEye
  • FireEye Products and Services
  • What is the FireEye SASE Solution
  • What Zero Trust Network Access (ZTNA) Solution is Supported by FireEye?
  • What CASB (Cloud Access Security Broker) Solution is Supported by FireEye?
  • What SWG (Secure Web Gateway) Solution is Supported by FireEye?
  • What FWaaS (Firewall as a Service) Solution is Supported by FireEye?
  • What XDR (Extended Detection and Response) Solution is Supported by FireEye?
  • How does FireEye Deliver Cloud Security? 
  • What is the FireEye Managed, Co-managed and DIY Services Solution?
  • What Reporting and Management is Available via the FireEye Portal?
  • How Does FireEye Support Remote Users?
  • What is the FireEye SLA?
  • Which Service Providers and Partners do FireEye Support?

About FireEye: 

FireEye are a privately held security company, whose headquarters are based in Milpitas, California, North America. The company was founded in 2004 by Ashar Aziz, and its parent company is the Symphony Technology Group. FireEye have received awards from Infosec Awards 2020 Best Product: FireEye Network and Security Management, AI ATAC 2020 Award: FireEye Network Security and CyberSecurity Excellence Awards 2021 for FireEye Cloudvisory, FireEye Email Security and FireEye Endpoint Security. FireEye currently hold a Net Promoter Score of 54. As of 8th October 2021, FireEye was merged with McAfee Enterprise through an acquisition by Symphony Technology Group creating a portfolio to protect customers across applications, endpoints, infrastructure and the cloud. The company was also featured as a future vendor in the Gartner “Innovation Insight for Extended Detection and Response” report. 

FireEye Products and Services: 

  • Helix Security Platform: A SaaS security operations platform, offering clients the ability to control incidents in all areas. The product comes with automated alert validation to help manage false positives and alert volume. The Security Information Event Management (SIEM) service procures big data from remote systems and uses it to provide clients with a view into their organisations IT security. User and entity behaviour analytics leverages machine-learning, statistical analysis and algorithms to detect internal and external security threats. FireEye Helix also uses machine-learning to baseline what a business’ normal behaviour is like, allowing for alerts to be created when anomalies and deviations occur. Real-time threat intelligence and customisable threat detections are able to detect multi-vector threats. Integrated Security Orchestration, Automation and Response (SOAR) is offered to create quick response times, reduced risk exposure and process consistency. Clients have the ability to prioritise alerts, focusing on true threats whilst customising dashboards and accessing incident response playbooks. 
  • Multi-Vector Virtual Execution (MVX) engine: Designed to detect evasive attacks such as multi-flow and zero-day using dynamic and signature-less analysis, preventing infection and compromise phases of cyber-attack kill chains and identifying new exploits and malware.
  • FireEye Network Security: Secures operating systems such as Apple OS X, Windows and Microsoft. The solution leverages MVX, dynamic machine-learning and artificial intelligence (AI) technologies, which inspect suspicious network traffic, detecting and blocking malicious activity in real-time. Intrusion Prevention System (IPS) detects attacks using conventional signature matching. The appliance is designed to sit behind next-generation firewalls (NGFW), secure web gateways (SWG) and IPS, aiding these solutions by detecting known and unknown attacks. The solution is able to analyse over 160 file types which include portable executables (PEs), active web content, Java, Adobe, Microsoft archives and media, applications and multimedia. The solution can be deployed in a number of different ways: 
  • Integrated Network Security, a comprehensive hardware-appliance with MVX service secures internet access points at a single site; 
  • Distributed Network Security, a set of extensible appliances which use an MVX service, securing Internet access points throughout an organisation; 
  • Network Smart Node, which are physical or virtual appliances designed to analyse internet traffic and detect and block malicious traffic whilst sending suspicious activity to the MVX service for definitive verdict analysis. 
  • MVX Smart Grid: MVX service located on-premises offering transparent scalability, built-in N+1 fault tolerance and automated load balancing. 
  • FireEye Cloud MVX: An MVX subscription service, that offers security by analysing traffic on the Network Smart Node. Any suspicious objects are sent to the MVX service to be filtered. 
  • Protection On-Premise or in the Cloud: Network Security in the Public Cloud, available in both AWS and Azure.
  • Multiple, Dynamic Machine Learning, AI and Correlation Engines: Designed to detect and block targeted, obfuscated and customised attacks using contextual, rule-based analysis with real-time insights which are gathered using hours of previous incident response experience. The product identifies malicious exploits such as malware, Command and Control (CnC) callbacks and phishing attacks and blocks them by preventing infection, compromise and intrusion phases of the cyber attack kill chain. Suspicious network traffic is extracted and submitted to the MVX engine for further analysis. 
  • Network Forensics: Network Forensics allows clients to use signatureless detection and protection from threats such as zero-days. The service includes code analysis, heuristics, emulation, statistical analysis and machine-learning in one sandbox solution. Includes high-fidelity alters, enhanced threat awareness from FireEye security practitioners and improves analyst efficiency by reducing alert volume. Integrated Intrusion Prevention System (IPS) and Dynamic Threat Intelligence are also available. Clients can choose to deploy the service in a variety of ways including on-premises, in-line and out of band, public and private cloud, hybrid and virtual offerings. In order to create a comprehensive end-to-end advanced threat protection security stack, clients can combine this service with FireEye Helix, FireEye Endpoint and Email Security. FireEye Network Forensics also has the ability to integrate with FireEye Network Security to provide packet captures associated with an alert, for in-depth investigations. 
  • FireEye Detection On Demand: Threat detection delivered as an Application Programming Interface (API) with capabilities to integrate with Security Operations Centre (SOC) workflows, data repositories, SIEM analytics and client web applications, with flexible file and content analysis capabilities. 
  • Endpoint Security: Uses multi-engine protection to secure endpoints in a single modular agent, blocking advanced threats with machine-learning engine MalwareGuard, common malware using a signature-based engine, application exploits with behaviour analysis engine ExploitGuard and protects from new vectors using Endpoint Security Modules. Endpoint Security also leverages threat detection and response to identify threat activity using a real-time indicator of compromise (IOC) engine, tools and techniques to enable response to breaches, logged activity timelines to be used in forensic analysis, and the ability to stream alerts and information to the FireEye Helix XDR. Real-time forensics investigation is also available, allowing clients to assign severity and priority to alerts using triage, investigate and determine threat artefacts using deep-dive, and find threat artefacts across endpoints using Enterprise hunting. FireEye Network Security detects and contains security compromises, which are sent to FireEye Endpoint Security for remediation. 
  • Email Security: FireEye secure email gateway allows clients to protect against advanced email threats such as spear-phishing and impersonation.  The solution uses machine-learning to minimise risks, identify false positives, block phishing attempts and track attack activity. Because threats are blocked in-line, alert fatigue is minimised which allows security teams to manage policies and customise responses depending on the severity of an attack. FireEye email security is available in two packages: FireEye Email Security- Cloud Edition, which integrates with cloud email platforms such as Microsoft 365; and FireEye Email Security - Server Edition, which is located on-premises as an appliance or virtual sensor, with the capability to block malware and spear-phishing emails. FireEye Central Management is available to correlate alerts form FireEye Network security with FireEye Email Security, providing a clear view of any attacks. 
  • CloudVisory: A multi-cloud security solution providing ad-hoc Cloud Security Audits, Single-pane-of-glass Cloud Security, Continuous Cloud Security Analytics and Network Flow Visualisation. The platform also offers protection from exposure and compliance violation by reducing the risk of cloud security misconfiguration using Extendable Compliance Framework, Cloud Vulnerability Management, Cloud Security Compliance Guardrails and Risk Analysis and Remediation. Finally, the solution uses machine-learning to detect anomalies, with Cloud Security Policy Management, Threat Detection and Response, Intelligent Micro-segmentation and Automated Policy Governance. 
  • Detection On Demand: A threat detection service designed to discover security threats in the cloud, SIEM, SOC or files that are uploaded to web applications. The service can detect both known and unknown threats by inspecting cloud infrastructure and business-logic of data in cloud applications, and is deployable across the entire cloud ecosystem, including with solutions such as Dropbox, Slack and Salesforce. The solution also leverages threat intelligence from the FireEye SOC. Detection On Demand can be embedded in a clients products, using their API. 
  • FireEye + iBoss Cloud Security: FireEye have collaborated with SASE and security provider iBoss to create a network and cloud security platform with advanced threat protection and data breach prevention. The solution is deployed via the cloud and is able to secure any endpoint regardless of the end-user’s location or form factor- anything from laptop, desktop, tablet, IoT, server or any other mobile device, securing remote users. (See, How does FireEye support remote users?). 

What is the FireEye SASE Solution? 

FireEye do not currently offer a full SASE solution. However, their partnership with iBoss provides a cloud network security solution with advanced threat protection and the ability to secure devices both on-premises and in a remote setting (see, FireEye Products and Services: FireEye + iBoss Cloud Security). 

What Zero Trust Network Access (ZTNA) Solution is Supported by FireEye?

FireEye do not currently offer a ZTNA solution. 

What CASB Solution is Supported by FireEye?

FireEye does not offer CASB directly. However, they recently collaborated with CipherCloud, a leading cloud security provider offering a zero-trust CASB solution. The collaboration offers clients FireEye Detection On Demand, which reviews any content found across a SaaS or cloud application, whilst CipherCloud CASB secures the cloud environment. This data can be viewed in the CipherCloud dashboard via the FireEye Helix. 

What SWG Solution is Supported by FireEye?

FireEye do not offer SWG solutions directly, however the FireEye Network Security product is designed to sit behind SWG appliances, aiding them by detecting both known and unknown attacks (See, FireEye Products and Services: FireEye Network Security). 

What FWaaS Solution is Supported by FireEye?

FireEye do not offer their own Firewall as a Service (FWaaS) solution, but their FireEye Network Security product offers added detection and response capabilities when deployed with a FWaaS solution or NGFW.

What XDR Solution is Supported by FireEye?

FireEye offers detection, protection and response technology via their cloud-based XDR platform. This offers clients increased visibility and detection abilities, leveraging security expertise from their SOC, best practice security playbooks and security analytics. All FireEye products have the capability to work alongside existing third-party solutions. FireEye XDR combines FireEye Helix, FireEye Email, FireEye Cloud, FireEye Network, FireEye Endpoint and Third Party Tools (see, FireEye products and services).

How does FireEye Deliver Cloud Security?

FireEye offer a range of cloud security products, designed to replace legacy security tools by combining protection and visibility into their services. (See, FireEye products and services: FireEye + iBoss Cloud Security). 

Cloud Security Products:

FireEye Cloudvisory: A designated control centre for cloud security, designed to offer increased visibility, and with the capability to comply with a number of security environments, including Kubernetes, AWS, Azure, Google Cloud Platform and Openstack. 

  • FireEye Email Security: A secure email gateway that offers protection from email-borne threats. 
  • FireEye Helix: Designed to integrate disparate security tools and augment them with SIEM services, threat intelligence capabilities and orchestrators. Presents as a security operations platform. 
  • FireEye Detection On Demand: Threat detection service with content scanning and flexible file capabilities, which identifies file-borne threats in client web applications and cloud. 
  • FireEye Network Security and Forensics: A threat and breach detection solution which offers visibility into sophisticated attacks to protect assets, users and networks from potential security threats. 

What is the FireEye Managed, Co-managed and DIY Services Solution?

FireEye offer FireEye as a Service as their fully managed security offering. This solution provides managed detection, investigation and response by FireEye experts. Individual FireEye products can also be integrated into new or existing DIY networks through its Bring Your Own Network (BYON), network agnostic functionality.                                                         

What Reporting and Management is Available Via the FireEye Portal?

FireEye Threat Intelligence Portal: Provides access to Helix: Intelligence, Helix EU: Intelligence and FireEye Threat Intelligence via a web browser. Allows access to intelligence reports and FireEye Threat Intelligence resources as per chosen subscription. Caution should be taken on the exact features of the FireEye portal, since splitting with Mandiant some information may be inaccurate or outdated. 

  • FireEye Customer Portal: FireEye offer a browser based portal for customer account management, access to network reporting and analytics is available through the FireEye platform itself. 
  • Documentation Portal: Customer access to technical documents, offers interactive multimedia to ensure customers make the most out of their product such as, guides, instructional and hardware videos. 

How does FireEye Support Remote Users?

FireEye supports remote users via their collaboration with iBoss, providing a cloud-based advanced threat and breach detection platform which offers threat visibility and network protections to protect users regardless of location. The solution leverages patented FireEye MVX analysis and intelligence-driven technologies to detect and protect against threats such as zero-days, utilising intelligence to provide high-fidelity alerts. The solution leverages authentication and SSL decryption from iBoss and proxy and SSL Re-Encrypt from FireEye. 

What is the FireEye SLA?

Below is a table displaying the main focus points of the FireEye Service Level Agreement (SLA). 

FireEye Helix Portal:

Portal Availability per Calendar Month Service Credit
<99.9% 2%
<99.0% 5%
<98.0% 10%

 

FireEye Email Security - Cloud Edition / FireEye Email Threat Prevention (ETP):

System Availability of Email Subscription per Calendar Month Service Credit
<99.9% 25%
<99.0% 50%
<98.0% 100%

(FireEye, 2021) Find out more at: https://www.fireeye.com/company/legal/service-levels.html

Which Service Providers and Partners do FireEye Support?

FireEye Affinity Resellers:

Affinity Platinum Partners
  • Apollo
  • BT
  • CDW
  • ClearShark
  • Dimension data
  • DYNTEK
  • FCN Inc.
  • GuidePoint
  • Herjavek
  • IBM
  • Insight
  • KDDI
  • NTT
  • OPTIV
  • Presidio
  • rSolutions
  • Shi
  • Sirius 
  • Softchoice
Gold and Silver Affinity Partners not featured.

Global Services Providers:
  • Bell
  • BT
  • DXC Technology
  • ElevenPaths
  • Fujitsu
  • IBM
  • Macquarie Government 
  • Mphasis
  • NTT Communications / NTT Com Security 
  • NTT Ltd.
  • Singtel
Technology Solution Partners:

Cloud Providers 
  • Amazon Web Services 
  • Microsoft Azure 
FireEye Helix Security Platform 
  • ThreatConnect
Industrial Control Systems
  • Waterfall Security 
Insider Threat 
  • innerActiv
Integrated Security Solutions
  • F5
Network Access Control 
  • ForeScout
Network Cloud Security 
  • iBoss
Privileged Account Management 
  • CyberArk
Security Delivery Platform 
  • Gigamon 
  • Keysight

Additional Notes:

FireEye offers specific security services for the following:
  • Cloud
  • Education 
  • Financial Services 
  • Government 
  • Healthcare 
  • Industrial Control Systems 
  • Retail 

Comparisons

Current Vendor
FireEye

Add to Compare

Additional Vendors

Add to Compare

VeloCloud

Add to Compare

Aryaka

Add to Compare

FireEye

Once you have submitted, Netify will use your IP location to put you in touch with your local FireEye contact.

Once you have submitted, FireEye will be in contact to provide availability. Your data will not be shared outside of FireEye and you will not be added to any mailing lists.

Please provide the following details:

Compare Vendors
Compare
Remove All