Trend Micro TippingPoint Threat Protection System (TPS)
Likelihood to Recommend
Trellix (FireEye + McAfee)
It’s a dedicated Network Advanced Threat Detection and Prevention solution. Easy maintenance and low operating costs fit perfectly for SMEs. Variety of appliance selection makes NX the perfect choice for large enterprises. As it’s a dedicated solution with its own appliance, price is higher compared to NGTP add on solutions. FireEye is an ecosystem therefore when you’ve the EX or HX vice versa, you should be looking to NX. Otherwise, you’re missing the threat intel exchange on the network side reverse is the true. Sizing is important before the purchase, if you select a low end model for a busy network you lose your initial investment. For multiple NX deployments I highly recommend CMS. Without CMS you’ll lose the threat intel exchange and this will negatively reduce the risk scores.
Great for large enterprises 10k users or more and as part of defense in depth. Medium and small business you are better off looking for a cheaper UTM solution that does it all in one. It comes down to cost, are you willing to fund the cost of breaking out IPS functionality or moving towards a unified solution?
Tipping point had a very nice GUI interface that sat on top of snort rules. It was easy to access, had nice customization of dashboards and output to syslog for SIEM solutions.
It was easy to configure rule sets, allow groups or singular allow/blocks or white-listing.
Security rule sets could be tweaked up or down and allow/drops signatures could be configured to help increase performance.
Biggest qualms I had with TippingPoint was that it was just a tad on the expensive side for what you get. Nowadays everything has gone UTM in firewalls and they do it all including IPS as part of the basic functionality so really, TP is losing a massive market share.
Don't see a future in the roadmap with so many other vendors getting onto the "unified" wagon and adding IPS as part of their service and at a cheaper price.
FireEye NX is a solid product. It gives you sustainable security throughout the organization. NX detection engines are more capable compared to others. Its catch rate is higher, FP rate is lower, [and] speed is awesome. NX can work for highly regulated environments with 1 way solution. Operation costs are much lower. Software quality is very good. It may have bugs, but these bugs do not compromise the security in general. SOC team loves the FireEye NX for its pinpoint detection capabilities. Local and partner support is exceptional.
As [a] financial company on the digital markets, we need to be safeguard for 0days and targeted attacks. FireEye NX provides the best updated protection with its enhanced capabilities.
Security score based on detection/prevention metrics [is] very high ensuring the highest level of security.
APTs in our region successfully detected and mitigated by the NX.
For the ROI, in a six month period FireEye is paying off its [investment].
One negative thing, especially with increasing network bandwidths, [is that] you need to make [the] investment every two or three years.
