Educause Security Discussion
mailing list archives
From: "Keller, Alex" <axkeller () STANFORD EDU>
Date: Thu, 7 Nov 2013 05:23:18 +0000
I was a consumer of FireEye reports at a previous job. It looks like their product line has evolved and expanded (as
expected), but at that time (2 years ago) we were using their egress filtering appliance to identify known malicious
sites and command and control servers. It is promising technology and my general impression was that the process of
'intelligent' network blacklisting has significant potential to be effective.
As with many security services/appliances of this nature, part of the value question is related to what extent your org
is institutionally ready to incorporate the technology into your workflow. In my experience you can have great tools
and instrumentation, but in order to be successful you must establish proven methods for investigation, remediation,
and of course the human resources to back that up.
Please keep us posted on your research.
Stanford School of Engineering
axkeller () stanford edu
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Omen Wild
Sent: Wednesday, November 06, 2013 6:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FireEye?
Any thoughts on the FireEye devices? We have a chance to test one, but it
would require some network ... rework ... to test optimally.
Assuming they're awesome, does anyone have a business case they used to
pitch it to management? I could use a head start.
- FireEye? Omen Wild (Nov 07)
- Re: FireEye? Keller, Alex (Nov 07)