receives compensation from some of the companies listed on this page. Advertising Disclosure


FireEye Endpoint Security Review

Brian Nadel

By using several defensive layers, FireEye Endpoint Security provides a company effective cyber protection while keeping false positives to a minimum. Its combination of conventional viral signature scanning, advanced machine learning, feedback from the cloud, and monitoring for indications of a security compromise creates an effective guard against attack. FireEye doesn't have software for phones and tablets, but in the event of an attack, the company can follow up with trained staff and an investigation that tracks the event down to the microsecond.

FireEye Endpoint Security

FireEye Endpoint Security

The Verdict

FireEye Endpoint Security may not cover all the platforms that companies use these days, but it can defend a company's cybersecurity from all angles and track an attack minutely without overwhelming the IT staff.

View all of our endpoint detection and response software reviews on our best picks page. 

Endpoint Detection and Response Features

While other solutions provide a couple layers of protection, FireEye Endpoint Security has four that can counter just about any threat without burdening the administrator with a slew of alerts and false positives. The defenses start with a powerful signature-based malware scanner that FireEye licenses from Bitdefender to catch and neutralize conventional threats.

FireEye adds its machine-learning Malware Guard engine and a behavior-based Exploit Guard scanner to catch new and advanced attacks. It finishes up by keeping an eye out for breaches with its IoC (indicators of compromise) engine to detect a threat and marshal an effective response. Together these features protect your company's computers and servers from threats like worms, ransomware and fileless attacks. It lacks a firewall, though, relying instead on the one supplied by Microsoft or Apple; you can't adjust it or add rules via FireEye's dashboard.

The key to FireEye's success at spotting malware is the Malware Guard engine, which can discern anomalous behavior in the background and stop the movement of company data off a system. It responds to threats contained in scripts and can spot the danger that's the result of two safe actions.

Every aspect of the computer's operation is captured and archived as system telemetry by FireEye. All the data is available to the administrator.

With most of FireEye's techniques resident in the cloud, it is frequently updated to deliver up-to-the-minute protection. The FireEye Endpoint Security software uses a single-agent approach that is completely beneath the surface of the computer. In fact, the only part the end user will ever see of the FireEye interface is a popup warning that an attack was blocked. The user can't change any security settings.  


FireEye might specialize in enterprise customers, but it still caters to smaller businesses, some with fewer than 100 employees. Pricing starts at $39 per seat and includes all product and threat intelligence updates, support, and access to a cloud instance or a downloadable virtual appliance. Physical security appliances are available for purchase. 

The software is heavily discounted at high volumes, and there are options available for upgraded support and service for either continuous Managed Defense or as needed. Happily, unlike some of the competition, this includes the server software if it is situated in the cloud. There is a charge if you want to set up local servers.

A variety of third-party security vendors take this a step further with a cloud version of FireEye. Remotely hosted, it doesn't require any dedicated personnel at the company level. The supplier does all the setup and maintenance, freeing company employees to be more productive.

A free trial is available for you to test-drive the software and its capabilities. It lasts for a month.

Endpoint Protection

FireEye protects every computer with a multilayered defense around the company's computers and servers. It combines the best of traditional scanning, machine learning, exploit protection and IoCs.

On the downside, FireEye lacks the ability to plant decoys to gather information on the latest threats. The company's FireEye Labs Advanced Reverse Engineering (FLARE) group does the next best thing by seeking out new attacks to analyze and tear them apart before they can do any damage. FireEye shares this information with the cybersecurity community and competitors.

While many EDR packages protect against employees straying into the darker portions of the web, FireEye leaves it to its customers to provide this protection on their own. On the other hand, FireEye can utilize two-factor authentication to make remote logins to the management console safer. 

FireEye covers the basics with versions for PCs, Macs and a variety of Linux distributions. What's missing is software for iPhones, iPads and Androids.


FireEye's secure web-based dashboard is the place to go to see the current state of the company's cybersecurity. It shows individual systems but not an overall security score. 

The dashboard can search individual systems, groups or all your organization's systems at once. According to the company, it can go through 1,000 connected systems in a couple of minutes. Those that are offline will send their data when they reconnect.

Its dark dashboard shows lots of detail and is color-coded for quick visual response. Below the surface is a complete database of threats that administrators can consult after seeing something new. At any time, the administrator can contain a system or group that might be infected so that the contagion doesn't spread. Customers can request a FireEye analyst to help.

Setting up a new worker or deleting a leaving employee's system is quick, easy and done through the FireEye dashboard. FireEye sends out frequent updates to its software but can't deploy software from other companies. It lacks a mini-dashboard app that runs on phones, tablets or watches to show you alerts, although the full dashboard can run on an iPad.

Endpoint Response

The response phase of EDR is central to FireEye's security philosophy. The software can not only stop threats dead in their tracks but can automate a response once it has defined a new attack.

FireEye's investigation centers on the company's Triage Viewer. The viewer shows how an attack progressed, what portions of the system were affected and ultimately how to stop a similar attack. The time-coded bars across the top are read left to right, showing the infection's route: Green shows affected files, while orange is for registry keys. The prominent red dot is for the first indication of the attack. You can click on any aspect to get more details.

With 18 million users, FireEye can't directly compete with Microsoft or McAfee on sheer volume. Still, it can gather a good deal of threat intelligence with quick turnaround and frequent updates of the system's threats.


FireEye provides 24/7 support and help with stopping infections and limiting an attack's damage. The company's Mandiant response teams are on call to deal with severe infections or new exploits, but at an extra cost.

FireEye includes credits with its service plans that you can use for help responding to a cyber-crisis, training, and evaluations of the company's overall security. Small companies can supplement their cybersecurity expertise with FireEye Managed Defense consultants, who can assist with design, setup, management and investigations.

A new employee can get protection from the company's software on their computer within minutes. It can be accomplished with a single email, which contains a link with all the necessary licensing information to get the installer.

Editor's note: Looking for an endpoint detection and response solution for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.

Image Credit: Getty Images
FireEye Endpoint Security

FireEye Endpoint Security

The Verdict

FireEye Endpoint Security may not cover all the platforms that companies use these days, but it can defend a company's cybersecurity from all angles and track an attack minutely without overwhelming the IT staff.

Brian Nadel Contributing Writer
Brian is a technology writer based north of New York City. He writes stories for, Tom's Guide, ComputerWorld and Scholastic Magazines. He is the former editor-in-chief of Mobile Computing & Communications magazine.