dcsimg

FireEye vs McAfee: Top EDR Solutions Compared

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

FireEye's and McAfee's endpoint security solutions have much to offer enterprise users. While FireEye appears on eSecurity Planet's list of top endpoint detection and response (EDR) solutions, McAfee's new MVISION EDR product is too new to have been included on that list. What follows is an examination of several key features and recent additions to each product, along a look at their strengths and weaknesses.

The Bottom Line

Because McAfee's MVISION EDR is just coming to market now, it's hard to compare the two, but each has some distinct benefits. FireEye's solution offers solid security through its Mandiant threat intelligence service and new MalwareGuard detection and prevention engine, along with a managed service option. McAfee's new solution offers the ease and flexibility of a full cloud-based deployment and will likely find favor among companies seeking value in a cloud deployment.

McAfee Product Highlights

Overview: McAfee MVISION EDR, the latest evolution of the company's EDR solution, uses advanced analytics to identify and prioritize suspicious behavior, helps guide and automate in-depth investigations to reduce the strain on security analysts, and enables rapid response with direct actions and broader integration into the security ecosystem. MVISION's cloud-based analytics leverage the MITRE ATT&CK framework to uncover and prioritize suspicious behavior, helping analysts assess risk severity and take appropriate next steps.

Recent developments: MVISION EDR was announced in October of last year. The new offering combines the functionality of McAfee Active Response and McAfee Investigator with enhancements such as expanded data collection, expanded detection analytics, guided investigations to tackle EDR alerts, and easy cloud-based deployment.

Analysts' take: MVISION is too new to have been covered yet by industry analysts, but in general, Gartner says McAfee remains one of the top three endpoint protection platform vendors by market share, and the company's investment in developing an EDR solution has resulted in an offering with a useful feature set. Still, the research firm says McAfee remains in the early stages of customer adoption compared to other EDR vendors.

FireEye Product Highlights

Overview: FireEye Endpoint Security leverages four engines to prevent, detect and respond to threats: a signature-based EPP engine, MalwareGuard for threats for which a signature doesn't yet exist, EDR functionality enabled through a behavior-based analytics engine, and a real-time indicators of compromise (IOC) engine that uses current intelligence to help find hidden threats.

Recent developments: The latest updates to FireEye Endpoint Security have added a signature-based prevention engine to filter out known malware, viruses and worms, and machine learning-based MalwareGuard to protect against previously unknown threats. MalwareGuard is the result of a two-year research project by FireEye data scientists, with a machine learning model trained with both public and private data sources, including data gathered from more than 15 million endpoint agents, attack analyses based on more than a million hours spent responding to attacks, and over 200,000 consulting hours each year. That data trains MalwareGuard to make intelligent malware classifications on its own and without human involvement.

Analysts' take: Gartner notes that FireEye's managed detection and response service is attractive to customers that are short on resources, and that the company's offering benefits from threat intelligence from subsidiary Mandiant's breach investigation team and iSIGHT Threat Intelligence service, as well as from FireEye products' shared threat indicators. Still, the research firm says some clients report high false-positive rates when the solution is first implemented.

EDR Product Ratings

With the caveat that McAfee's MVISION EDR product is only now reaching the market, here are eSecurity Planet's preliminary ratings of each solution's key features.

Performance

McAfee – TBD

FireEye – Very Good

While McAfee's new solution hasn't yet been rated, the most recent Forrester Wave report on EDR solutions gave FireEye a rating of 3.08 out of five. The rating is based on a range of criteria, including configurability, agent effectiveness, forensic capabilities, deployment options and response actions.

Detection and Response

McAfee – TBD

FireEye – Good

In recent testing, Forrester rated FireEye's detection capabilities at 3.0 out of five, and its response capabilities at 3.4 out of five. McAfee's detection and response capabilities have not yet been rated.

Value

McAfee – Very Good

FireEye – Good

Users of McAfee's previous products consistently reported satisfaction with the value provided for the cost of the solution. FireEye customers generally report satisfaction with pricing and value for the money, though some say the solution is more expensive than others.

Implementation and Management

McAfee – Very Good

FireEye – Good

FireEye users report relatively easy deployments, although McAfee's full cloud-based solution is likely to offer a particularly user-friendly experience.

Support

McAfee – Very Good

FireEye – Very Good

FireEye users report positive experiences with customer support, and reviewers generally reported good support experiences with McAfee's previous products.

Cloud Features

McAfee – Best

FireEye – Good

While FireEye offers a cloud-based option, McAfee's solution is now entirely cloud-based.

FireEye vs McAfee 

Deployment

McAfee MVISION EDR is a cloud-based solution offering flexible, streamlined agent deployment and management with McAfee ePO (on-premises) or McAfee MVISION ePO (cloud).

FireEye Endpoint Security supports cloud, on-premises and hybrid deployments, along with a managed service. Agents are available for Windows, Mac and Linux.

Pricing Structure

MVISION EDR will be licensed on a per-user subscription basis.

FireEye Endpoint Security is purchased through a subscription model based on the level of protection and investigation tools available. The Essential Edition starts at $39 per endpoint, and the more advanced Power Edition starts at $58.50 per endpoint, with volume discounts available for both. Free trials are available.

Other EDR product comparisons