Blog credits: FireEye Inc.
Organizations have varying needs when it comes to cyber security, but at the end of the day, they’re all looking to address the same challenge: how to detect and respond to threats faster, and more effectively.
Our FireEye Helix mantra is to help customers achieve better security outcomes by enabling them to both identify and respond to threats faster. To this point, in 2018 we migrated the SIEM functionality of FireEye Threat Analytics into the Helix platform, providing customers with the seamless benefit of a SIEM in their Helix deployments. Since late last year, we also offer FireEye Security Orchestration with every Helix purchase, allowing our customers to extract even more value from both their FireEye and third-party security investments. At RSA Conference 2019 we unveiled Expertise On Demand, which provides Helix users access to FireEye’s world-class intelligence and services with the click of a button. With these platform enhancements, 2019 is off to an amazing start.
How FireEye Helix is Different From a Typical SIEM
FireEye Helix continues to deliver on its core objective of reducing the pain of security operations management. Customers are leveraging the Helix platform to provide better protection across more assets in ways that they never have before.
To understand why, you have to understand the fundamental problem Helix helps our customers solve. FireEye Helix is a dedicated security operations platform with SIEM capabilities. Of course, customers ask, “How is this different than a SIEM? Why would I want to deploy this alongside my existing SIEM?”
Unlike legacy SIEM products – most of which cut their teeth as dedicated data centralization tools – FireEye Helix was first developed as a tool to help incident response teams respond to and remediate threats. It was born from a common issue we encountered at nearly every breach our consultants responded to: clients drowning in volumes of alerts from security tools and struggling to get use out of them.
What they really needed was a better way to manage security by identifying the highest priority threats and responding to them quickly. The idea with FireEye Helix is to provide customers with all of the tools they need and a place to manage them. And to manage security operations – orchestration and automation, SIEM, and integrated threat intelligence – most effectively, organizations needed a single solution. With the introduction of Expertise On Demand in the Helix interface, users will now have instant click-to-chat access to the same consultants and experts at Mandiant that have been at the forefront of nearly every major breach investigation in the world.
Creative Ways Our Customers are Deploying FireEye Helix
It’s exciting to see our customers gaining value from Helix in so many different ways.
This year we’ve seen customers do a full replacement of their existing SIEMs by leveraging FireEye Helix to perform foundational SIEM functions such as compliance reporting and log retention. Here’s a few interesting examples:
In one case, we saw a client who was so swamped with alerts and useless data that security analysts were leaving the organization in droves out of frustration. The tool was dictating the outcome, so to speak. The company turned to FireEye Helix with Security Orchestration to serve as a single platform and to fit all of their security operations needs: cloud protection, SIEM, and the ability to manage all their tools with orchestration.
We’ve seen cases where customers leverage Helix to extract more value from their existing SIEM deployments. One of our customers, a payment processing firm, leveraged Helix alongside their existing SIEM to provide PCI compliance reporting for audits. With the addition of new user-behavior and misconfiguration detection across Azure and AWS, we’re also seeing customers leveraging Helix just to secure their cloud environments.
We had a Fortune 500 bank that was migrating all of their infrastructure to the cloud and needed a single solution to monitor cloud user access. Helix provides the customer with advanced cloud analytics, including monitoring for credential abuse and misconfigurations. The solution is able to centralize operations across the bank’s entire infrastructure. It increased the security team’s efficiency dramatically, providing them with roughly 50 to 60 actionable alerts derived from more than 800 million daily events.
We’re always thrilled to hear about how our customers are gaining value from FireEye Helix. We’re even seeing growing adoption in the mid-market where customers leverage Helix as a complete, intuitive solution for their small security teams. There’s no doubt 2019 will be an exciting year as we continue to develop new capabilities for the platform and extend our reach into the cloud, delivering advanced SIEM capabilities for our customers and addressing the core challenges of security operations management.