FireEye Stories Blog

FireEye Helix Moves Toward Automating Security Operations

Nearly every one of our customers has put some form of data in the cloud. Whether it's running critical workloads or storing confidential data, there’s no questioning that it’s sensitive to their business and needs to be secured. The challenge for most companies is securing these environments with traditional security layers such as endpoint, email, or network. The question they ask is, "if I’m not hosting it – how do I monitor it?"

The other challenges relate to maintaining visibility and managing user access. The so-called "Shadow IT" is exactly that: if it isn’t on the customer’s network, it isn’t monitored through the same pane as the rest of the enterprise. And when the organization tacks on to the concept of shared responsibility – that their company is responsible for securing what’s in their cloud – they suddenly discover a large portion of IT infrastructure that isn’t adequately monitored. Sloppy key management and poorly configured cloud environments are just a couple of the most popular ways for attackers to compromise the cloud.

What can a security operations team do? Whereas on their traditional network they are looking at network, email, and raw endpoint log data, cloud security is fundamentally different. It requires robust app logic, authorization, and platform event analytics. It means that situational awareness around what assets and activities are going on becomes more critical, as well as the understanding of who has access to cloud services. And above all, it is important to see all of this in one place. When talking to our clients, this translates to a need for visibility, credential and cloud configuration monitoring, and the ability to analyze this activity through the same pane of glass that they’re using to monitor the rest of their IT infrastructure.

Bringing True Security Back to SIEM

This is exactly what we have built into FireEye Helix. Our cloud-hosted security operations platform allows organizations to take control of any incident from alert to fix by integrating third-party tools, security orchestration and threat intelligence capabilities.

At Cyber Defense Summit this year, we unveiled that next-generation security information and event management (SIEM) capabilities will now be native features in FireEye Helix. This gives our customers the ability to rapidly detect and investigate incidents (whether on-prem or in the cloud), automate response, and simplify compliance reporting.

With this FireEye Helix update, organizations can natively identify credential misuse, geo-infeasible logins, ingest cloud data from Azure or AWS, and they can detect cloud misconfigurations and applications misuse. This gives our customers the ability to consolidate alert volume, prevent credential abuse, and track and prevent accidental cloud misconfigurations in a single interface. These insights and capabilities help close the gap from detection to resolution, along with helping mitigate the impact of an attack.

The combination of SIEM capabilities with advanced orchestration and cloud security makes FireEye Helix a compelling detection and response solution for a security operation of any complexity and scale. Learn more about how FireEye makes better security simpler in today’s press announcement.