FireEye combines SIEM with orchestration and cloud security in Helix security operations platform
FireEye announced a new release of FireEye Helix. With the new release, FireEye Helix moves toward automating security operations by combining integrated security information and event management (SIEM) capabilities with security orchestration. Delivered via the cloud, FireEye Helix offers customers platform to detect threats, automate response, and simplify compliance reporting.
Also new, customers can now monitor their cloud infrastructure with FireEye Helix. This provides one dashboard for visibility and response capabilities across cloud platforms such as Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud.
“Legacy SIEM tools have lost focus on detection and response. FireEye Helix brings true security back to SIEM,” said Paul Nguyen, VP of product strategy and product management at FireEye.
“We’re on the frontlines of the cyberwar and to keep pace with the adversaries, we have to automate as much as possible and give analysts the intel to make smarter decisions at key points in the response. These insights and capabilities are built into Helix to close the gap from detection to resolution and mitigate the impact of an attack.”
Detection and investigation
To protect against threats, organizations need the mix of technology, expertise and processes. FireEye Helix integrates customers’ disparate security tools into a security operations platform.
By applying User Behavior Analytics (UBA), Helix surfaces threats missed by legacy tools and non-malware attacks. With integrated frontline threat intelligence, users have access to FireEye expertise and the context to improve threat awareness, and integrated case management and investigative workflow to empower all SOC processes from one interface.
Legacy SIEM vendors take a static rule approach to detection, often leaving customers with an excess of alerts and no adequate tools available to cloud users to respond to them.
For organizations concerned about efficient response, the platform now applies pre-built playbooks, helping analysts minimize manual, repetitive and error-prone steps, such as alert validation or enrichment.
These new orchestration capabilities of FireEye Helix encompass over 150 integrations and 400 playbooks, and let users create their own playbooks, and modify existing ones, allowing flexibility and improvement of security processes.
Centralized visibility in the cloud
Visibility and detection don’t end with the data stored on-premise. For organizations that are adopting cloud infrastructures, such as AWS, Microsoft Azure and Oracle Cloud, the cloud can be as vulnerable to attack as on-premise technology, but with fewer tools available to protect it.
Poorly configured authentication, ineffective key management and unsecured APIs are just a few of the ways threat actors gain access to these infrastructures. FireEye Helix provides centralized visibility, configuration monitoring and user behavior analytics to detect attacks both in the cloud and on-premise.
Over 150 integrations and 400 playbooks to make security simpler
The combination of SIEM capabilities with orchestration and cloud security makes FireEye Helix a detection and response solution for a security operation of any complexity and scale.
The new additions provide greater customer value with no changes to Helix’s pricing. With more than 300 plug-ins, the platform integrates with FireEye’s own and other companies’ security tools to bring FireEye’s frontline intelligence to data sent into the platform.
The streamlined case management system is purpose built for security operators with a focus on displaying the right level of information to help organizations surface unseen threats and empower expert decisions.