dcsimg

FireEye vs Cisco: Top EDR Solutions Compared

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

FireEye's and Cisco's endpoint security solutions both made eSecurity Planet's list of top endpoint detection and response (EDR) solutions, and each product offers significant benefits to enterprise users. What follows is a look at each solution's key features and recent enhancements, along with an analysis of their strengths and weaknesses.

The Bottom Line

Both solutions have enthusiastic supporters, with the vast majority of users saying they'd recommend both products to others. Key strengths of FireEye's offering include the threat intelligence it receives from the company's Mandiant subsidiary, as well as the solution's new MalwareGuard detection and prevention engine. FireEye's managed detection and response service is one key differentiator for customers short on resources. Cisco's cloud-managed solution benefits from Talos threat intelligence, and many users cite the offering's ease of deployment as a key strength.

Cisco Product Highlights

Overview: Cisco AMP for Endpoints (Advanced Malware Protection for Endpoints) is a cloud-managed solution designed to prevent, detect and respond – preventing breaches and blocking malware at the point of entry, then detecting, containing and remediating advanced threats. The solution automatically correlates files, telemetry data, behavior and activity to simplify investigations and shorten mitigation time, and the AMP Cloud is constantly updated with information from Cisco Talos and Threat Grid to provide real-time threat intelligence.

Recent developments: Recent enhancements to AMP for Endpoints include an improved Device Trajectory feature that shows a more in-depth view of the endpoint and helps users locate spikes in endpoint activity. A new threat severity feature gives events severity tags of Critical, High, Medium or Low. A new Overview Page gives a quick overview of an organization's endpoint security state, and the Casebook integrated case management tool assists in gathering and pivoting on observables, assigning names to investigations, taking notes, and more.

Analysts' take: Gartner says the main strengths of Cisco AMP lie in threat intelligence and exploit prevention, with gradually improving integration and data sharing between AMP and other Cisco security offerings such as networks, firewalls, etc. Still, the research firm says that while the data it provides is relatively comprehensive, the solution requires multiple clicks across multiple screens to get a full understanding of the state of an endpoint or of the issues being caused by malware.

FireEye Product Highlights

Overview: FireEye Endpoint Security uses a signature-based endpoint protection platform (EPP) engine to block common malware, MalwareGuard machine learning to find threats for which a signature doesn't yet exist, a behavior-based analytics engine to enable EDR capabilities against advanced threats, and a real-time indicators of compromise (IOC) engine to find hidden threats.

Recent developments: Recent additions to the offering include a signature-based prevention engine to filter out known malware, viruses and worms; and the machine learning-based MalwareGuard to protect from previously unknown threats. The MalwareGuard machine learning model is trained with both private and public data sources, including data gathered from more than 15 million endpoint agents, attack analyses based on over a million hours spent responding to attacks, more than 200,000 consulting hours every year, and adversarial intelligence collected from a global network of analysts speaking 32 languages.

Analysts' take: Gartner reports that FireEye's offering benefits from threat intelligence from Mandiant's breach investigation team and iSIGHT Threat Intelligence service as well as from FireEye products' shared threat indicators, and that its managed detection and response service is attractive to customers that are short on resources. Still, the research firm says some clients report that the solution produces high false positive rates when first implemented.

EDR Product Ratings

Here are eSecurity Planet's ratings of each solution's key features.

Performance

Cisco – Good

FireEye – Very Good

Customers of both vendors report solid performance. The most recent Forrester Wave report on EDR solutions gave FireEye a rating of 3.08 out of five and Cisco a rating of 2.84 out of five. The rating is based on a range of criteria including configurability, agent effectiveness, forensic capabilities, deployment options and response actions.

Detection and Response

Cisco – Good

FireEye – Good

In recent testing, Forrester rated FireEye's detection capabilities at 3.0 out of five, and its response capabilities at 3.4 out of five. Cisco's detection capabilities received a rating of 1.8 out of five, and its response capabilities 2.2 out of five. Cisco also received a Recommended rating and 94.5% security effectiveness rating from NSS Labs. Any NSS results from FireEye have yet to be released.

Value

Cisco – Good

FireEye – Good

Customers of both Cisco and FireEye generally report satisfaction with pricing and value for money, though in both cases some say the solution is more expensive than others.

Implementation and Management

Cisco – Very Good

FireEye – Good

FireEye users report relatively easy deployments. Several Cisco reviewers specifically cited the installation process as a key strength, saying it was simple and straightforward.

Support

Cisco – Good

FireEye – Very Good

FireEye users report positive experiences with customer support. Some Cisco reviewers expressed frustration with the level of support received.

Cloud Features

Cisco – Very Good

FireEye – Good

Both solutions offer both cloud-based and on-premises deployment options.

FireEye vs Cisco EDR

User Reviews

Gartner Peer Insights users gave FireEye 4.4 stars out of five and Cisco 4.2 stars out of five, though 82 percent said they would recommend FireEye to others, and 88 percent said the same of Cisco.

IT Central Station reviewers were also positive on both FireEye and Cisco.

Cisco reviewers said "implementing AMP was simple," that it "generally doesn't impact performance in a very noticeable way," and that "the cloud management simplifies administration." Still, others said "bug fixes and enhancements are super slow," and that early on in the deployment, "the false positives were somewhat frustrating."

FireEye reviewers said the solution "provides an excellent toolkit for monitoring, detecting and responding to threats at the endpoint level across the enterprise," and that "support is very good." Still, others said the solution is "on the expensive side," and has caused some "difficulties with firmware updates and overall product bugs."

Deployment

Cisco AMP for Endpoints supports cloud and on-premises deployments. Agents are available for Windows, Mac and Linux, as well as Android and iOS.

FireEye Endpoint Security supports cloud, on-premises and hybrid deployments. Agents are available for Windows, Mac and Linux.

Pricing Structure

Cisco AMP for Endpoints is licensed on a one, three or five-year subscription term, with pricing based on the number of endpoints protected. The longer the subscription term and the more endpoints protected, the lower the cost per user.

FireEye Endpoint Security is purchased through a subscription model based on the level of protection and investigation tools available – the Essential Edition starts at $39 per endpoint, and the more advanced Power Edition starts at $58.50 per endpoint, with volume discounts available for both. Free trials are available.

Other EDR product comparisons