3. More isn’t better. In security, more isn’t a good thing, whether its more tools, alerts, data or whatever else. Another interesting factoid from the ZK Research survey cited above is that the average number of security vendors enterprises need to manage is 32, and I’ve never heard a CISO say that when they get to 33, they’ll feel more secure. Because security methodologies rely on manual processes, having more discrete tools just drives complexity up by adding to the volume of alerts and data that most security teams already can’t process fast enough.
How Helix helps
FireEye Helix integrates security information from FireEye’s own network and endpoint security products as well as third-party security products and uses machine learning to put that data in context. I understand that many security vendors are now using machine learning to “connect the dots” in the massive amounts of data that exist, but FireEye also has added expertise and analysis from the Mandiant team. Recall that Mandiant rose to prominence in 2013, prior to being acquired by FireEye, when it released a report that implicated China in cyber espionage targeting the U.S. and other countries. It’s this combination of machine learning and Mandiant expertise that FireEye claims gives it a competitive edge. The product looks for hidden patterns and anomalies in the data to find non-malware based threats. These are attacks in which the hacker uses existing software to execute malicious activities.
From a security operations perspective, Helix's value is derived from the unified console that shows everything that warrants a closer look. The possible threats can be diagnosed and forensics can be done directly from the console instead of having to send people out to visit each desktop, saving thousands of man hours over the course of the year. The dashboard can be customized for each environment as well so there’s no need to view extraneous information. This is significantly different than some of the SIEMs that show pages and pages of data that take Ph.D.-level skills to decipher. The visual dashboard also makes it easier to comply with regulations like PCI and HIPAA.
As the Investors Business Daily article pointed out, Helix is important to the future growth of FireEye stock, but this is only possible because Helix is an intelligence-based platform that enables its customers to find threats faster and then diagnose and remediate against them faster than legacy signature-based solutions.
Sign up for Computerworld eNewsletters.