Re: FireEye?

["Keller, Alex" <axkeller () STANFORD EDU>]

Hi Omen,

I was a consumer of FireEye reports at a previous job. It looks like their product line has evolved and expanded (as 
expected), but at that time (2 years ago) we were using  their egress filtering appliance to identify known malicious 
sites and command and control servers.  It is promising technology and my general impression was that the process of 
'intelligent' network blacklisting has significant potential to be effective.

As with many security services/appliances of this nature, part of the value question is related to what extent your org 
is institutionally ready to incorporate the technology into your workflow.  In my experience you can have great tools 
and instrumentation, but in order to be successful you must establish proven methods for investigation, remediation, 
and of course the human resources to back that up.

Please keep us posted on your research.

Best,
alex

Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu  
(650) 736-6421



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Omen Wild
Sent: Wednesday, November 06, 2013 6:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FireEye?

Any thoughts on the FireEye devices? We have a chance to test one, but it
would require some network ... rework ... to test optimally.

Assuming they're awesome, does anyone have a business case they used to
pitch it to management? I could use a head start.

Thanks

-- 
Omen Wild
Security Administrator
(530) 752-1700