See the complete list of top 10 Endpoint Detection and Response solutions.
Company description: FireEye bills itself as the intelligence-led security company. It offers a single platform that blends security technologies, threat intelligence, and consulting. It has more than 5,800 customers across 67 countries, including more than 40 percent of the Forbes Global 2000. FireEye has been in business for more than ten years and is a public company.
Product description: FireEye Endpoint Security supports the investigation of sophisticated breaches, as well as detection and prevention capabilities to help respond to threats that bypass traditional endpoint defenses. It also includes AV through an OEM partnership. What it terms nation-state grade threat intelligence is characterized as a differentiator. It also harnesses multiple detection engines and contextual enterprise search. FireEye Endpoint is a standalone endpoint product. It integrates with the FireEye Helix security operations platform, which includes endpoint and network detection, ingests third-party alerts from firewalls, and enables automation back to the endpoint.
Markets and use cases: FireEye Endpoint is strong in the financial, government, manufacturing, healthcare and aerospace industries. Dan Wire, FireEye’s senior director of Marketing Communications, said it is sold into organizations from 250 to 350,000 endpoints, with the average in the 2,000 range. It is also beginning to penetrate smaller companies with a network security endpoint product called CloudHX.
Agents: The FireEye agent can be tuned to adjust resource consumption. The agent can use APIs to add functionality without performance or overhead impact. The agent is delivered as software for the endpoint, which can be done through the cloud. There is also a controller that all agents link to that is also a manager station. This can be operated on premises via appliance or in the cloud. All updates are fed via the cloud for threat intelligence updates, any updated software via the Dynamic Threat Intelligence feed.
Applicable metrics: FireEye has more than 1,000 experts responding to incident and researching attacks. In tests, its network scanning appliances boosted throughput to more than 1,000 Mbps.
Security qualifications: FIPS, Common Criteria, Department of Homeland Security Safety Act Certification
Intelligence: Machine learning, artificial intelligence (AI), on the ground threat intelligence based on human incident response activities, as well as threat research from FireEye analysts are included. Automated threat detection and prevention deals with known and unknown threats based on computing process analysis as well as threat identity comparisons against a threat database constantly refreshed from other resources.
Delivery: FireEye Endpoint is available through the cloud or on premises as an appliance. There’s a lightweight agent on the endpoint and a controller available on premises, virtual appliance or in the cloud.
“Highly targeted organizations such as financial institutions, governments and health care, don’t want cloud solutions, so a customer using a cloud-only vendor is missing out on the threat intelligence gathered by vendors onsite,” said Wire
Pricing: Pricing is based on a per endpoint basis and starts at about $30 per endpoint. It scales down based on increased endpoints purchased. There is also a requirement for the intelligence feed which is a percentage of the cost of total endpoints purchased, and is around 20%. And then there is cost for the appliance, based on whether it supports in corporate endpoints the appliance is around $29,995 and supports 100k endpoints, or an out of network DMV appliance costs $19,995 to support the same number of endpoints. CloudHX is priced lower than on premises and supports approximately the same number of endpoints, whether in corporate network or outside.