Trellix Network Detection and Response Reviews and Pricing

PreSales Director at a marketing services firm with 51-200 employees

Nov 11, 2018

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security. The one thing that needs to improve is that they use guidance or FDK for max data.

Pros and Cons

"The features that I find most valuable are the MIR (Mandiant Incident Response) for checks on our inbound security."

"The world is currently shifting to AI, but FIreEye is not following suit."
"The one thing that needs to improve is that they use guidance or FDK for max data."

What is our primary use case?

My primary use case for this solution is world gateway or an email gateway for forensic tools.

What is most valuable?

The feature that I find most valuable is the MIR (Mandiant Incident Response) for checks on our inbound security.

What needs improvement?

The one thing that needs to improve is that they use guidance or FDK for max data. They don't have their own tools, that is a weakness in the Mandiant.

For how long have I used the solution?

Three to five years.

Buyer's Guide

Trellix Network Detection and Response

May 2026

Free Report: Trellix Network Detection and Response Reviews and More

Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.

DOWNLOAD NOW

900,747 professionals have used our research since 2012.

What do I think about the stability of the solution?

I find this product stable.

What do I think about the scalability of the solution?

I find this product scalable for our needs.

How are customer service and support?

We have our own qualified tech support team, and we do not find a need for the tech support from FireEye IT.

What's my experience with pricing, setup cost, and licensing?

We looked into other forensic options in the past. We used to use RSA in the past, but it is not the same as FireEye.

What other advice do I have?

The world is currently shifting to AI, Artificial Intelligence engines. FireEye, now has nothing in the road map to shifting to AI. Other companies do have a roadmap for AI integration. Now the hacker is more intelligent. The hacker is going to hack the laptop for example, and an AI engine could be an excellent prevention mechanism.

Disclosure: My company has a business relationship with this vendor other than being a customer. I am a reseller.

SeniorNe6c94

Security Engineer at Tenece Professional services

Jan 22, 2018

Download

Alert Dashboard is easy to navigate, but detection, reporting, policy management need improvement

Pros and Cons

"The simplified Alert Dashboard is straightforward to navigate."

"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
"It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives."
"Stability issues manifested in terms of throughput maximization."

What is most valuable?

Simplified Alert Dashboard is straightforward to navigate.

What needs improvement?

1. Granular reporting

Need more attributes for each alert; e.g. protocol, time, type of attack, etc. These attributes could be used for report generation or to aid as search criteria.

2. Rule base

Create an option to create/add/edit rules in the existing policy. Most importantly, create room to add exceptions to false positive alerts.

3. Use one appliance for both Web detection and email detection to reduce the cost of shipping and delivery.

4. Detection of .zip and .rar files.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Stability issues manifested in terms of throughput maximization.

What do I think about the scalability of the solution?

There were scalability issues for the appliance-based solution, but not for the cloud-based solution.

How are customer service and technical support?

I rate it eight out of 10.

Which solution did I use previously and why did I switch?

I was not using anything previously.

How was the initial setup?

Straightforward.

What's my experience with pricing, setup cost, and licensing?

Use cloud solution; pricing is a bit high.

Which other solutions did I evaluate?

Palo Alto.

What other advice do I have?

I rate this solution at six out of 10. There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management. It would be great if we could create granular reports based on the protocols, types of attacks, regions of attack, etc. Also we would like to easily be able to add exceptions to rules in cases of false positives.

Disclosure: My company has a business relationship with this vendor other than being a customer. Value-added reseller.

Buyer's Guide

Trellix Network Detection and Response

May 2026

Free Report: Trellix Network Detection and Response Reviews and More

Learn what your peers think about Trellix Network Detection and Response. Get advice and tips from experienced pros sharing their opinions. Updated: May 2026.

DOWNLOAD NOW

900,747 professionals have used our research since 2012.

it_user792615

Security Consultant at a tech services company with 51-200 employees

Jan 16, 2018

Download

Improves defense against zero-day threats and network security, but management of the appliance could be greatly improved

Pros and Cons

"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."
"The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive."

"Management of the appliance could be greatly improved."

What is our primary use case?

Implementing at customer sites. Conducting pre-sales and PoC demos for customers and providing technical support to customers on behalf of FireEye.

How has it helped my organization?

Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security.

What is most valuable?

The MVX Engine seems to be very capable against threats and the way it handles APTs is impressive. It has helped FireEye be the first ones to announce zero-days on many occasions.

What needs improvement?

Management of the appliance could be greatly improved.

They should take a leaf out of the book of Symantec's (Formerly Blue Coat) MAA appliances. The management is super-easy, most features are available through the GUI, and the administrator has an easy to navigate interface that helps in faster threat analysis.

For how long have I used the solution?

One to three years.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner of FireEye selling their products to customers.

it_user494931

Master Consultant (Network Security) at a tech services company with 1,001-5,000 employees

Aug 31, 2016

Download

It added a layer of inspection that might be missed by traditional IPS or antivirus products. Features such as IPS are lacking.

Pros and Cons

"For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before."

"FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors."

What is most valuable?

FireEye's virtual execution engine is designed to catch 0-day or targeted malware files.

How has it helped my organization?

I work for a managed services provider, so we don't deploy the product internally but deploy it in customers’ environments. For our customers, it added a layer of inspection that might be missed by traditional IPS or antivirus products, and that is the capability of catching new malware that might not have been identified or seen in the wild before.

What needs improvement?

FireEye’s main feature is its sandboxing or threat emulation capabilities to detect malware with extra add-ons such as signature-based IPS or endpoint protection, but these features are lacking compared to most IPS or endpoint vendors. FireEye would need to work on these capabilities to have a fuller product offering (especially when all the other major NGFW vendors such as Check Point or Palo Alto offer similar threat emulation capabilities to FireEye).

For how long have I used the solution?

I have been using it for 3-4 years.

What was my experience with deployment of the solution?

Deployment is extremely easy, and we haven't run into any issues.

Which solution did I use previously and why did I switch?

We also use the same capabilities that come in other products such as Palo Alto (wildfire) or CheckPoint (threat prevention). I don't think there is much difference in the capabilities between either of the products.

How was the initial setup?

Initial setup was very straightforward.

What about the implementation team?

We implement and provide continued managed services coverage for the product.

What other advice do I have?

Currently, I think if you have another product that can provide the same functionality (such as Palo Alto or CheckPoint), and that device is capable of handling the extra load of running these features, then I would consider using those products instead of adding a new product to the network.

Disclosure: My company has a business relationship with this vendor other than being a customer. My company is a vendor partner.

it_user298434

NetworkEngineer informaton security at a tech services company with 51-200 employees

Aug 27, 2015

Download

It helps to detect and prevent zero day attacks.

Pros and Cons

"It is a good product to implement, especially where the existing technology fails to detect zero day attacks."

"Cluster option is not available in NX, and for false positives we need some customization configuration available, such as a whitelist."

What is most valuable?

Call back
Zero day attack

How has it helped my organization?

We have discovered different malware which was basically a zero day attack and call back.

What needs improvement?

Cluster option is not available in NX, and for false positives we need some customization configuration available, such as a whitelist.

For how long have I used the solution?

I've used it for one year.

What was my experience with deployment of the solution?

No issues encounter.

What do I think about the stability of the solution?

No issues encounter.

What do I think about the scalability of the solution?

No issues encounter.

How are customer service and technical support?

Customer Service:

It's very good.

Technical Support:

It's very good.

Which solution did I use previously and why did I switch?

Different IPS and end point products were used. FireEye has a different concept for the handling of ATP and malware with a virtual machine which resides in their box.

How was the initial setup?

It was simple and straightforward.

What about the implementation team?

We have implemented it ourselves on customer premises.

What other advice do I have?

It is a good product to implement, especially where the existing technology fails to detect zero day attacks.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user221841

IT Security Manager with 51-200 employees

May 12, 2015

Provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support for high-severity issues.

Pros and Cons

"Once we had a chance to do our own due diligence, it was clear that there is really nothing else that compares with the FireEye appliance."

After the release of our first product we had a lot more exposure with the public and we knew we would attract some unwanted attention. We started looking at solutions for network hardening and intrusion protection.

We engaged The Herjavec Group to perform a network penetration test. THG offers a comprehensive suite of security and network services to organizations around the world, supported by Canada’s largest group of certified security professionals. Although the initial findings from the test showed the existing network to be robust, through practical experience with other similar clients, THG recommended implementing a FireEye Network Threat Prevention Platform. We felt comfortable after seeing the early results of the penetration test but decided to do an in-house demo of the FireEye Network Threat Prevention Platform to see how it would add to the protection of our internal systems and R&D network. As part of the overall evaluation of similar technologies, along with THG’s recommendation to evaluate FireEye, we also looked at several other competitive offerings. Once we had a chance to do our own due diligence, it was clear that there is really nothing else that compares with the FireEye appliance. After the proof of concept, I really didn’t have to do much to justify the investment. We immediately purchased the FireEye Network Threat Prevention Platform.

With any new solution the deployment effort and ongoing management overhead is always a consideration. We’ve been really pleased with how straightforward the FireEye solution is to manage. Installation was very simple, and the solution requires little-to-no ongoing maintenance. Because threat protection is a mission-critical function, we opted for the FireEye Platinum Support program. This level of support provides a target response time of one minute for both hardware and software issues— and immediate escalation to level-two advanced support engineering for any high-severity issues encountered. Our board of directors are very conscious about the value of the intellectual property that we are constantly creating and very sensitive to security concerns—especially cyber-based threats. You can’t put a price on an attack, especially when it’s your company’s underlying IP at risk. FireEye gives us leading edge protection.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user229392

Senior Network Security Analyst at a manufacturing company with 5,001-10,000 employees

Apr 27, 2015

Download

Provides us with better malware, intrusion and incident detection.

Pros and Cons

"It has provided us with better malware, intrusion and incident detection."

"A lot of false positives."

What is most valuable?

Ability to edit the Yara rules
Malware analysis tool

How has it helped my organization?

It has provided us with better malware, intrusion and incident detection.

What needs improvement?

A lot of false positives.

For how long have I used the solution?

I've been using FireEye NX with web, email, and the malware analysis sandbox tool for two years.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

8/10.

Technical Support:

8/10.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

It wasn't bad, the technical support team walked us through it.

What about the implementation team?

We used a vendor who was 8/10.

What other advice do I have?

Get training with editing Yara rules.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user229368

Sr. Network Engineer at a tech services company with 1,001-5,000 employees

Apr 26, 2015

Download

I like how it detects zero day attacks, APT’s, and other types of malware.

Pros and Cons

"Both for our clients and for ourselves, ROI was almost 200% more than we expected."

What is most valuable?

I like the ability to detect zero day attacks, APT’s, and other types of malware which almost every other security device in the world is unable to detect.

How has it helped my organization?

One of the projects where we were deploying was a POC. When it was tested, it detected one of the world’s most dangerous APTs, like KABA, that was specially designed to target the telecommunication industry. This was one of the many thousands of findings that we were proud of.

What needs improvement?

Almost every feature of the product is on a high level.

For how long have I used the solution?

I have worked on these products from FireEye for three different projects, and I found them wonderful.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

9/10.

Technical Support:

10/10.

Which solution did I use previously and why did I switch?

Our clients have used almost all of the best solutions available but most of them were unable to detect about 90% of the threats that FireEye NX can detect.

How was the initial setup?

The initial setup was quite straightforward and easy.

What about the implementation team?

We had implemented it in-house and in fact, I deployed the NX 2400 and NX 7400 devices myself.

What was our ROI?

Both for our clients and for ourselves, ROI was almost 200% more than we expected. We were satisfied.

What's my experience with pricing, setup cost, and licensing?

The initial setup and day-to-day cost is almost the same as other security devices available. However, others fail about 90% of the time to detect threats, APT’s & most importantly zero day attacks, while FireEye can detect them.

Which other solutions did I evaluate?

Of course, we had to check all other products available in the market, research their features, and then we had to compare these products based on benefits to our clients, and the expected ROI.

What other advice do I have?

It's one of the best products around based on its features like detection of almost all types of malware, APT’s, virus and zero day attacks, reporting, and its integration with other FireEye products like CMS, IPS etc.

Disclosure: My company has a business relationship with this vendor other than being a customer. The company I previously worked for iwas the only partner of FireEye for almost one and half years in our country

it_user229368Sr. Network Engineer at a tech services company with 1,001-5,000 employees

Report as inappropriate

Aug 30, 2015

Thanks

See all 2 comments

it_user221847

Senior Vice President & CIO with 51-200 employees

Apr 12, 2015

We needed a solution which would allow us to proactively address threats.

Pros and Cons

"FireEye has placed us in the position to proactively counter malicious threats; we now don’t have to take a user offline in order to rebuild their PC following an attack."

We previously relied on a firewall for application-level blocking, an email gateway, and an anti-virus solution to protect our infrastructure. The existing combination was capable of identifying certain malware activity but we found we were always reactively responding to attacks. We were never in a position to proactively address the threats.

Following a recommendation by an independent security consultant, we performed a detailed evaluation of the FireEye platform. The inherent intelligence of FireEye’s solution was immediately evident and we felt that our purchase of the FireEye Network Threat Prevention Platform represented the final piece in the puzzle to lock down our infrastructure. The FireEye Network Threat Prevention Platform is deployed inline between the firewall and Internet gateway; preventing malicious multi-protocol callbacks and blocking inbound Web exploits that elude our other security measures. As an integral component of the FireEye Network Threat Prevention Platform, the FireEye Multi-Vector Virtual Execution engine confirms zero-day attacks and captures callback destinations to dynamically prevent users from accessing a malicious channel. The signature-less FireEye MVX engine executes suspicious binaries and Web objects against a broad range of browsers, plug-ins, applications, and operating environments to determine the true intent of the malicious code.

The FireEye Network Threat Prevention Platform not only protects our users when they visit websites but also when they receive email with malicious attachments or links: having both levels of protection is absolutely critical to us. The whole banking industry is subjected to a huge variety of very sophisticated attacks that exploit both Web and email weaknesses. We see many spear phishing attacks in which malicious emails disguise themselves as coming from legitimate business partners. If users click on a bad link or attachment that initiates a callback, the FireEye Network Threat Prevention Platform blocks it every time.

Several of our employees recently received an email that appeared to come from a trusted business partner. Five users tried to open an apparently innocuous attachment but the FireEye Network Threat Prevention Platform detected that it included embedded malware and immediately started blocking the approximately 200 callbacks each machine tried to generate. If any of these reached their intended target they could have severely compromised the bank’s systems but the FireEye solution just doesn’t allow this type of data to leave our network. FireEye has placed us in the position to proactively counter malicious threats; we now don’t have to take a user offline in order to rebuild their PC following an attack. We’re better protected and more productive! Cybercriminals grow smarter all the time, that’s why our use of the FireEye next-generation security platform is now mandatory throughout the bank’s infrastructure.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user221844

City Information Security Officer at a government with 501-1,000 employees

Apr 12, 2015

I was desperately looking to automate whatever layers of security we had in place. Our existing infrastructure left my team blind to a constant stream of attacks.

Pros and Cons

"By every measure, the FireEye Network Threat Prevention Platform has exceeded our expectations."

The old approach to security—assigning lots of people to the problem—was no longer feasible. It was very time intensive and employee intensive. It took up so much of our time that it became very unproductive. I was desperately looking to automate whatever layers of security we had in place. The issue came to a head when I spotted suspicious network activity but could not get to the bottom of the problem with legacy signature-based security tools. My staff spent hours manually blocking suspicious connections. We were a sitting duck. Our existing infrastructure left my team blind to a constant stream of attacks. We tested several IPS/IDS type of solutions, including Symantec, Palo Alto Networks, and Cisco—and found them all inadequate for the security challenge we faced.

I decided to try the FireEye Network Threat Prevention Platform. We piloted a proof-of-concept trial. Installation took less than an hour, and almost immediately, the FireEye Network Threat Prevention Platform began providing valuable insight into what was going on in the network —no heavy administration required. We had planned to test the FireEye Network Threat Prevention Platform for 15 days; I knew within the first 24 hours that the solution delivered on its promise. I realized that I can’t get any better bang for the buck.

Used in-line, the FireEye Network Threat Prevention Platform provides the insight we need to stay ahead of advanced threats. The platform monitors Web traffic, by far the most common threat vector used in malware attacks. We are alerted to zero-day exploits and fast-morphing malware to keep sensitive data and systems safe. At the same time, the Network Threat Prevention Platform is capable of shutting down communications with malicious URLs used in targeted attacks. Thanks to the FireEye Multi-Vector Virtual Execution architecture, our security team can spot malware hidden in malicious images, PDFs, Flash, and ZIP/RAR/TNEF archives. Easy-to-digest email alerts validate true threats and help guide our incident response. And a browser-based dashboard cuts through the clutter with clear, actionable information about malware activity.

By every measure, the FireEye Network Threat Prevention Platform has exceeded our expectations. The platform requires little ongoing administration and does not waste the security team’s time with false positives. Instead of chasing down every ambiguous alert, I can spend more time on long-term preparedness and nurturing the security staff. For us, that means better service at a lower cost. FireEye is one of my few “go-to” products when I start my day. The business benefits are far reaching.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.