Earlier this month I saw a post on Investor’s Business Daily outlining why FireEye was important to the company’s shareholders. The article got me thinking about the low awareness that Helix has with security buyers. In my opinion, it’s one of the more under-rated security tools.
For better or worse, FireEye has strong association with the sandboxing market. This has been a critical security tool for almost all businesses but many companies, even FireEye customers, don’t look to the vendor for other security functions. Its Sandbox will be the core product for FireEye into the foreseeable future, but Helix will be an important adjacent market for the company and its customers.
Helix is an end-to-end detection and response system designed to surface unseen threats and empower expert decisions with frontline intelligence. It collects event data from FireEye and non-FireEye components of a security infrastructure and overlays frontline intelligence, rules and analytics to give organizations the context to determine which threats present the greatest risk and how to subsequently respond. From within a single interface, Helix facilitates all SOC functions including alert management, search, analysis, investigations and reporting.
Understanding the value of the platform requires believing the following statements about how things have changed and why a different type of intelligence solution is needed.
1. Most security teams have a lack of visibility into new attack vectors and the blind spot is getting bigger. Traditional security is based on a bigger and stronger moat to keep the bad guys out. This sounds reasonable, but today fewer breaches are occurring at the perimeter. One telling stat from a ZK Research survey of 1,500 technical and business decision makers and influencers in the U.S. and Europe is that 90% of security spend is for perimeter protection but only 27% of breaches happen at that point. (Disclaimer: I am the founder and principal analyst of ZK Research). The bad guys aren’t stupid and they know that breaking through a state of the art, next generation firewall is very difficult, so why try? Instead it’s easier to focus on more targeted attacks and focusing on applications or users. If you’re looking for more proof, consider all of the highly publicized breaches over the past few years. Target, Sony, Ashley Madison and others were all non-perimeter based breaches. Better visibility would likely have caught these or at least minimized the “blast radius”.
2. Security is becoming exponentially more difficult. I call this the “asymmetric security challenge” where businesses need to protect an increasing number of entry points but cyber criminals only need to find one way in. Reactive, signature-based systems were effective in the past but are too slow today. However, most threats are slight variations on past ones, so a solution built on the right intelligence should be able to spot new threats much faster than a reactive system can.
Sign up for Computerworld eNewsletters.