Educause Security Discussion mailing list archives
Re: FireEye?
From: "Keller, Alex" <axkeller () STANFORD EDU>
Date: Thu, 7 Nov 2013 05:23:18 +0000
Hi Omen, I was a consumer of FireEye reports at a previous job. It looks like their product line has evolved and expanded (as expected), but at that time (2 years ago) we were using their egress filtering appliance to identify known malicious sites and command and control servers. It is promising technology and my general impression was that the process of 'intelligent' network blacklisting has significant potential to be effective. As with many security services/appliances of this nature, part of the value question is related to what extent your org is institutionally ready to incorporate the technology into your workflow. In my experience you can have great tools and instrumentation, but in order to be successful you must establish proven methods for investigation, remediation, and of course the human resources to back that up. Please keep us posted on your research. Best, alex Alex Keller Information Technology Stanford School of Engineering axkeller () stanford edu (650) 736-6421 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Omen Wild Sent: Wednesday, November 06, 2013 6:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] FireEye? Any thoughts on the FireEye devices? We have a chance to test one, but it would require some network ... rework ... to test optimally. Assuming they're awesome, does anyone have a business case they used to pitch it to management? I could use a head start. Thanks -- Omen Wild Security Administrator (530) 752-1700
Current thread:
- FireEye? Omen Wild (Nov 06)
- Re: FireEye? Keller, Alex (Nov 06)