5 Things To Know About The Improvements To FireEye Helix
Here's a look the orchestration and compliance capabilities partners and customers should be most excited about in the updated version of Helix as FireEye looks to take on incumbent SIEM players.
What To Expect From Helix
The FireEye Helix central platform has had rigid or canned orchestration playbooks for the first two years of its existence, according to Grady Summers, FireEye's EVP and chief technology officer. But Helix is now being opened up completely to custom orchestrations and 158 plug-ins, Summers said, bringing the full set of capabilities available through FireEye Security Orchestrator to Helix.
Enhanced orchestration and compliance reporting capabilities should make it possible for FireEye to compete and win against incumbent SIEM (security information and event management) providers, which Summers said currently have many dissatisfied customers.
Specifically, Summers said legacy SIEM customers can't believe they're paying hundreds of thousands - or even millions - of dollars to maintain infrastructure that's only being used at this point by the company's compliance team. Helix is looking to bring the security back to SIEM, Summers said, without breaking the customer's wallet.
Here's a look at what partners and customers should be most excited about in the updated version of FireEye Helix.
5. More Compliance Reporting Should Win Over Legacy SIEM Holdouts
Customers looking to migrate from the legacy SIEM players to FireEye love Helix's next-generation workflow, orchestration and hunting capabilities, Summers said, but still need to be able to access those good old compliance reports.
In response, Summers said FireEye is launching several new compliance reports. Although this feels like more of a perfunctory or 'check the box' action, Summers said it's an important step forward for addressing a common concern of legacy SIEM customers looking to make a move.
"We're excited about this," Summers said. "It's amazing the high level of dissatisfaction among customers of the incumbent SIEM providers."
4. Helix Is Ready To Go After The Incumbent SIEM Market
Over the past 1.5 years, Summers said FireEye has had a number of very successful SIEM replacements when customers are looking to renew or upgrade their existing infrastructure.
Helix is cloud native and completely managed by FireEye, Summers said, meaning that customers no longer need to dedicate personnel to maintaining the SIEM servers or running it on-premise. As a result, Summers said these employees can be freed up to do incident response, threat hunting, or something else more interesting.
Legacy SIEM products force users to write their own rules and tend to be very clunky with slow searching capabilities, Summers said. Helix's ability to maintain a rules set, integrate threat intelligence and provide context around every alert has resulted in snowballing success replacing incumbent SIEM vendors, according to Summers.
3. FireEye Wants To Partner With Rather Than Displace Splunk
Summers expect the company to partner and co-exist wherever there's a Splunk implementation in place since they have a much broader set of SIEM-related capabilities than FireEye. But FireEye is very comfortable going after the legacy SIEM players, Summers said, and has found that it does very well competing against them.
"Our mission is to put the security back into SIEM," Summers said. For years, it's drifted toward this compliance or log archival space."
The company has a significant backlog of SIEM takeout projects that have been queuing up as the company prepared to launch improved compliance reporting and improved orchestration, Summers said. As a result, Summers expects the new pieces in Helix to have a more significant financial impact.
2. Helix Offers Full Orchestration At A Fraction Of What Others Charge
The entry-level Helix package provides full orchestration capabilities and costs less than $10,000, Summers said. That's in stark contrast to other pure-play orchestration platforms that can cost between $200,000 and $500,000 just to get started, according to Summers.
Helix offers not only next-generation SIEM capabilities but also full orchestration built in for less than a tenth the price of the competition, according to Summers. Summers said he could think of at least a dozen cases where improvements to the Helix orchestrator should cause the proverbial adoption dam to break a little bit.
"We completely believe that orchestration is going to be a feature, a capability in next-gen SIEM products," Summers said. "It's not a standalone product, and it's certainly not a standalone company. It's just something that customers are expecting in a security operations platform."
1. Helix Will Be In AWS GovCloud And On-Premise In The Future
FireEye hopes to have an on-premise version of Helix by mid-2019 since being 100 percent cloud-based is a deal-breaker for public sector customers, especially outside of the United States, Summers said.
The company definitely won't build its own cloud, Summers said, but is looking to run in AWS GovCloud in the U.S. where that type of arrangement is more appealing. FireEye has its email product running efficiently in GovCloud and has obtained FedRAMP certification for that, Summers said; Helix is the next product FireEye wants to get running in the GovCloud environment.
FireEye looked into Commercial Cloud Services (C2S) for AWS – which brings products into the U.S. intelligence community – but found that it would require a lot of process changes the company wasn't ready for, Summers said. Specifically, Summers said having the ability to reach out into the company's intel databases following an alert would be pretty touch to replicate in the air-gapped C2S environment.