FireEye Helix Updates Advance Security Automation, Cloud Monitoring

FireEye has unveiled a new Helix release that will help customers automate security operations and monitor cloud infrastructure on platforms like AWS, Azure, and Oracle Cloud.

The Milpitas, Calif.-based platform security vendor said the new version of FireEye Helix will combine integrated security information and event management (SIEM) capabilities with advanced security orchestration to help automate security operations. Helix offers customers a single platform to detect threats, automate response, and simplify compliance reporting, according to the company.

"To keep pace with adversaries, we have to automate as much as possible and give analysts the intel to make smarter decisions at key points in the response," Paul Nguyen, FireEye's VP of product strategy and product management, said in a statement.

[Related: FireEye Looks To Gain Traction In Midmarket Through Simplified Pricing, Packaging Models]

Helix's pricing remains unchanged and is well-suited for security operations of any complexity and scale, according to the company. The enhancements were announced at the FireEye Cyber Defense Summit in Washington D.C.

Legacy SIEM vendors often take a static approach to detection, the company said, leaving customers with too many alerts and no adequate tool for cloud users to respond to them. In response, FireEye Helix now applies pre-built playbooks to help analysts minimize manual, repetitive or error-prone steps such as alert validation or enrichment, according to the company.

"Legacy SIEM tools have lost focus on detection and response," Nguyen said in a statement. "FireEye Helix brings true security back to SIEM."

Helix's new orchestration capabilities encompass more than 150 integrations and 400 users, according to FireEye, making it possible for users to both create their own playbooks or modify existing ones. This allows for greater flexibility and continuous improvement of security processes, according to the company.

In addition, FireEye said Helix now provides centralized visibility, configuration monitoring and user behavior analytics to detect advanced attacks both in the cloud and on-premise.

Threat actors can gain access to cloud infrastructure like AWS, Microsoft Azure and Oracle Cloud due to poorly configured authentication, ineffective key management or unsecured APIs, according to FireEye, but fewer tools are available to protect the cloud as compared with on-premise technology.

All told, FireEye said Helix integrated customers' disparate security tools into a single, automated security operations platform. By applying user behavior analytics, FireEye said Helix is able to surface threats missed by legacy tools and non-malware attacks.

Users of FireEye Helix have access to both the expertise and context needed to improve threat awareness as well as the integrated case management and investigative workflow needed to facilitate all security operations center (SOC) processes from a single interface.

Helix has more than 300 plug-ins and integrates with FireEye's own and other companies' security tools to allow for the application of more frontline intelligence to the data being sent into the platform. The case management system is focused on displaying the right level of information to help organizations surface unseen threats, according to FireEye.

FireEye debuted the Helix platform at its November 2016 Cyber Defense Summit, saying at the time that Helix would be distinguished from other security platforms through a high degree of automation capabilities and threat intelligence. Less than a year later, FireEye debuted an endpoint security offering with a traditional antivirus engine, behavior and exploit analysis, and machine learning capabilities.