FAQ: FireEye Helix

Version 7

     

     

    What is FireEye Helix?

     

    FireEye HELIX is an intelligence-led security operations platform that makes it simple to deliver advanced security to any organization.

     

     

    What are FireEye Helix’s key benefits?

     

    Key benefits include:

    • Expand Visibility:
      • Prioritize threats hidden in existing alert volume by overlaying intelligence, rules and analytics onto existing alerts and event data from both FireEye solutions and the rest of your security infrastructure
    • Accelerate Response:
      • Respond to threats faster with automated workflows, pre-built playbooks, and best practices from Mandiant Security to quickly pivot from detection to remediation
      • Simplify threat alert monitoring with a single console across major SOC use cases
    • Enhance Existing Investments / Reduce Operational Costs:
      • Streamline operations and reduce infrastructure and management cost to get the most out of existing but disconnected tools
      • Make a log source more valuable with broad support for hundreds of solutions
      • Prevent costly manual errors and maintain operational consistency with automated correlations

     

    What is included with Helix?

     

    The Helix subscription includes access to:

    • Cloud-Based Unified Console with containment and automatic triage
    • Virtual Network Security Smart Nodes
    • Cloud-based Endpoint Security

     

    You can further enhance Helix by adding on:

    • FireEye iSight Intelligence
    • Integrated Email Security
    • FireEye as a Service

     

     

    What are the key features of FireEye Helix?

     

    • Visibility:
      • Custom dashboards: visual tracking capabilities across the entire security environment
      • Role-based access control: role-based groups and granular permissions to access the console
      • Device and policy management: FireEye devices, endpoint configurations, policies, and health status management capabilities across the entire security environment
    • Speed:
      • Workflow management: organization and collaboration through the investigative process in a single UI
      • Context: intelligence, alerts, host and user data coalescence to drive faster decisions
      • Analytics: facilitates discovery of hidden patterns and anomalies in data from existing security investments
      • Investigative tips: User guidance through the investigative process with recommended next steps
      • Orchestration: automated response with pre-built playbooks created by frontline practitioners
      • Investigative workbench: full index, archive, and search to support flexible pivoting and active hunting
      • Intelligence matching: Threat intelligence and rules and latest intelligence from FireEye in existing alert and event data
    • Costs:
      • Tool consolidation: integration of data and capabilities across the diverse security environment
      • Investment protection: as-a-Service model for security that regularly delivers new capabilities to solution subscribers without requiring additional CAPEX purchases as the security program evolves.
      • APIs: support for open and flexible APIs for integration with 3rd party products
      • Compliance: predefined or custom dashboards and widgets to visually aggregate, present and explore the most important information while meeting compliance requirements