FAQ: FireEye HELIX

Version 2

     

     

    What is FireEye Helix?

     

    FireEye Helix is a security operations platform – a SOC operating system – that makes it simple to deliver advanced security to any organization. FireEye Helix surfaces unseen threats and empowers expert decisions with frontline intelligence – to help organizations take back control and capture the untapped potential of their security investments.

     

     

    How does FireEye Helix work?

     

    FireEye Helix connects FireEye and third-party solutions and augments them with contextual intelligence, automation, and case management capabilities in a unified security operations platform.

     

     

    What problems does FireEye Helix solve?

     

    FireEye Helix addresses numerous challenges that stem from a reactive approach to cybersecurity:

    • Lack of visibility across the environment due to numerous unintegrated tools
    • Inability to prioritize critical alerts due to high alert volume
    • Lack of context to determine exposure to risk and make necessary decisions
    • Lack of skills to determine the necessary steps required to respond to an incident
    • Long time to respond due to manual, repetitive, error-prone processes
    • Lack of time to perform critical tasks like investigation and hunting

     

     

    What are the main capabilities of FireEye Helix?

     

    • Investigative workbench: Facilitates all SOC functions including alert management, search, analysis, investigations and reporting from a single interface.
    • Contextual intelligence: Infuses frontline intelligence and rules onto existing alert and event data for greater visibility into threat actors and their TTPs.
    • Automation: Automates response with pre-built playbooks created by frontline practitioners.
    • Rules & Analytics: Discovers hidden patterns and anomalies in data from existing security investments.
    • Case management: Allows security teams to collaborate, assign and monitor investigative process tasks.

     

     

    What product category does FireEye Helix fit in?

     

    While embracing the capabilities of multiple existing categories, FireEye Helix is most closely aligned with the Security Orchestration, Automation and Response (SOAR) market.

     

    What makes FireEye Helix superior to other similar security solutions?

     

    FireEye Helix exceeds the capabilities of a typical SOAR solution with FireEye’s leading threat intelligence, codified practices of FireEye’s incident responders, and case management capabilities. Further, with the addition of the FireEye Threat Analytics app, FireEye Helix adds advanced SIEM capabilities (e.g., non-malware detection, behavior analytics, compliance reporting, and hunting) not seen in any single solution currently available in the market.

     

     

    Does FireEye Helix only work with cloud products?

     

    FireEye Helix offers flexible deployment options, working with cloud, virtual, and on-premise devices.

     

     

    Who is an ideal customer for FireEye Helix?

     

    While we find FireEye Helix working well across a very broad spectrum of customers, there are several characteristics that typically indicate a good customer fit:

    • Have a SOC or a dedicated security team
    • Struggle to get the most of existing security investments
    • Lack necessary skills and/or people
    • Work across multiple consoles
    • Have not operationalized threat intelligence, automation, or orchestration
    • Seek simplicity and/or technology consolidation

     

     

    How can a new customer buy FireEye Helix?

     

    There are three main ways a customer can get access to FireEye Helix:

     

    • Buy an Enterprise Security Solution (FireEye Network, Email, or Endpoint), where an entitlement to FireEye Helix is included
    • Buy the FireEye Threat Analytics app, which works on FireEye Helix
    • Buy a FireEye Security Suite (FireEye Network + Email + Endpoint + Helix)

     

    See more information on FireEye Helix website.

     

    How can an existing FireEye customer buy FireEye Helix?

     

    There are multiple ways to buy Helix for an existing customer:

     

    • Upgrade/renew any current FireEye product to an Enterprise Security Solution, which includes an entitlement for FireEye Helix
    • Buy an additional Enterprise Security Solution product, which includes an entitlement for FireEye Helix
    • Buy the FireEye Threat Analytics app, which works on FireEye Helix

     

     

    What is FireEye Threat Analytics?

     

    FireEye Threat Analytics is a next-generation security information and event management (SIEM) solution that simplifies security operations by applying analytics and intelligence to detect, investigate, and enable hunting for unknown and emerging threats.

     

     

    How is FireEye Threat Analytics different from FireEye Helix?

     

    FireEye Threat Analytics is an application on top of the FireEye Helix platform that provides advanced detection capabilities, guidance for security teams investigations, and compliance reporting features. FireEye Helix works with alerts, while FireEye Threat Analytics focuses on event and log data.

     

     

    What product category does FireEye Threat Analytics fit in?

     

    Because of its advanced analytics and hunting capabilities, FireEye Threat Analytics can be viewed as a next-generation Security Information and Event Management (SIEM) solution.

     

     

    What makes FireEye Threat Analytics superior to other similar security solutions?

     

    • Investigation and hunting capabilities not available in other SIEM solutions
    • Leading frontline intelligence working in conjunction with behavior analytics
    • Integrated SOAR capabilities and case management available through FireEye Helix
    • Easy to deploy and scale