FireMon vs. Trellix Endpoint Security ENS

FireMon is best used in a large environment (for example, I have >100
firewalls in my environment). It's best used when trying to improve
security posture and showing changes in firewall security over time. It
might not be the best choice for smaller environments or those that aren't concerned about security management.

Incentivized

It provides great web security and will protect your devices against viruses and malware when paired with other security software and hardware. For instance, we have multiple layers of security set up so if McAfee misses something then one of our other barriers will catch the infection or intrusion before it reaches the network. I would not suggest using this product as a standalone agent because I do not think it will be as effective when working by itself. The dashboard also makes it convenient to manage devices, policies, and settings from wherever you are so it's an ideal solution for any IT department to use. I would just suggest using something else as a backup so your network isn't left vulnerable.

Incentivized

• Give good real time reporting for anyone making a change to any of our firewalls
• Provides good reporting tools that are out of box
• Provide good customization tools that is specific to our needs
• Upgrades are a simple process and support does relatively well with assisting us.

Incentivized

• Provides high fidelity alerting.
• Allows CSOC analysts to perform forensic triage and alert investigations through containment from a single pane of glass.
• Provides alert telemetry across on-disk and in-memory attacks.
• Supports many additional 'bolt-on' modules to provide additional alert context or capabilities.

Incentivized

• Some features could be added to the existing functionality which include NAT rules usage
• Rule expiration normalization from firewalls rather than entering them in rule documentation
• .csv exports of the files from the firewall pane only gives usage for 30 days by default and that should be increased

Incentivized

• The amount of false detections especially the negative ones needed to be reduced.
• It requires more optimization. It tends to make the PCs slower.
• It almost doesn't have the ability to heal. This is very important as we need our sensitive data to be recoverable.
• It doesn't have any free scanning functionality. Our users using personal machines cannot scan in case of an incident. This could be added like Malwarebytes.

Incentivized

The shell is locked out and we can't run any general centos commands. The implementation and maintainence of the arch is very complex. Even with the right identifiers on log messages the log collection keeps failing. The warning messages on the device are ambiguous. The log messages on firemon are a bit confusing and don't show the exact issue.

Incentivized

It save me time and I'm able to have the review - review the rule independently with using my time.

Incentivized

FireMon has been relatively stable overall. However, there have been a handful of times where we had issues with the console. For example, we couldn't update which devices to include in a security assessment. The initial suggestion from support was to just reboot it. It seems like there weren't many other options available such as to restart services before going to the extreme of a complete reboot.

Incentivized

I'm not sure we have the largest implementation of FireMon out there but we do have a few 1000 devices being probed by FireMon. Overall, the system's performance has been rock solid. The console refreshes quickly and reports are generated within an expected timeframe.

Incentivized

FireMon technical support is awesome! They respond quickly to our requests and they are well trained and very knowledgeable about the tool. Some issues have to be referred to the development team, but technical support largely provides solutions for any issues that we may have.

Incentivized

The support of product was very good when we initially implemented the solution. We were getting fats replies and could see the customer approach. After a while the level of support was not following the SLA's and the replies were getting very confusing and late.

Incentivized

Implementation is fairly simple. Most issues can be resolved by referencing manuals.

Incentivized

I has worked with AlgoSec and while they are very similar product, I find the FireMon is easier to understand and get rolling with. While both require some learning, FireMon is by far the easier one. Once you have an understanding of how things are arranged and labeled you can easily import firewalls and begin to work on them to improve them

Incentivized

Unlike Trellix Endpoint Security Symantec Endpoint provides less information about events on the user side. Trellix give an opportunity to see information about virus detection on a user machine as quick as it possible, so we were able to catch the signs of virus propagation early and prevent the spread of damage

Incentivized

Firemon Is easily scalable and maintainable with any size team. Although it requires some tech debt, it is well worth the time to invest to ensure compliance is visible and reports are accurate. Although our environment is very large we do not fully utilize the scalability of the Firemon product.

Incentivized

• FireMon's Compliance Reporting provided an immediate and tangible benefit
• FireMon helps identify egregious or erroneous rules quickly across multiple platforms
• FireMon took our audit process from an Excel spreadsheet into a far more advanced process with readily available context for reviewers

Incentivized

• From an auditing standpoint, we can show that our workstations/servers are protected.
• Even though it cant identify more advanced/targeted malware, it is still good to identify the more obvious malware which occurs daily in my enterprise.
• Since it can be easily deployed, the products can easily get deployed on all systems in the environment for optimal anti-malware protection.

Incentivized