FireEye Helix improves upon SIEM by combining security orchestration and cloud security with threat intelligence, case management, compliance reporting



FireEye announced on Wednesday a new release of FireEye Helix that moves toward automating security operations by combining integrated security information and event management (SIEM) capabilities with advanced security orchestration. Delivered through the cloud, FireEye Helix offers customers one central platform to detect threats, automate response, and simplify compliance reporting.

To protect against fast-moving threats, organizations need the right mix of technology, expertise and processes. FireEye Helix integrates customers’ disparate security tools into a single, automated security operations platform.

By applying User Behavior Analytics (UBA), Helix surfaces threats missed by legacy tools and non-malware attacks. With integrated frontline threat intelligence, users have access to FireEye expertise and the context to improve threat awareness, and integrated case management and investigative workflow to empower all SOC processes from one interface.

Legacy SIEM vendors take a static rule approach to detection, often leaving customers with an excess of alerts and no adequate tools available to cloud users to respond to them. For organizations concerned about efficient response, the platform now applies pre-built playbooks, helping analysts minimize manual, repetitive and error-prone steps, such as alert validation or enrichment.

These new orchestration capabilities of FireEye Helix encompass over 150 integrations and 400 playbooks, and let users create their own unique playbooks, and modify existing ones, allowing for greater flexibility and continuous improvement of security processes.

Visibility and detection don’t end with the data stored on-premise. For organizations that are adopting cloud infrastructures, such as AWS, Microsoft Azure and Oracle Cloud, the cloud can be as vulnerable to attack as on-premise technology, but with fewer tools available to protect it. Poorly configured authentication, ineffective key management and unsecured APIs are just a few of the ways threat actors gain access to these infrastructures.

FireEye Helix provides centralized visibility, configuration monitoring and user behavior analytics to detect advanced attacks both in the cloud and on-premise.

Over 150 Integrations and 400 Playbooks to Make Better Security Simpler

The combination of SIEM capabilities with advanced orchestration and cloud security makes FireEye Helix a compelling detection and response solution for a security operation of any complexity and scale. These additions provide greater customer value with no changes to Helix’s pricing.

With over 300 plug-ins, the platform integrates with FireEye’s own and other companies’ security tools to bring FireEye’s leading frontline intelligence to data sent into the platform. The streamlined case management system is purpose built for security operators with a focus on displaying the right level of information to help organizations surface unseen threats and empower expert decisions.

Customers can now also monitor their cloud infrastructure with FireEye Helix. This provides a dashboard for visibility and response capabilities across cloud platforms such as Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud.

“Legacy SIEM tools have lost focus on detection and response. FireEye Helix brings true security back to SIEM,” said Paul Nguyen, VP of product strategy and product management at FireEye. “We’re on the frontlines of the cyberwar and to keep pace with the adversaries, we have to automate as much as possible and give analysts the intel to make smarter decisions at key points in the response. These insights and capabilities are built into Helix to close the gap from detection to resolution and mitigate the impact of an attack.”

 

Leave a Reply

WWPI – Covering the best in IT since 1980