FireEye Stories

Expanded Network Visibility in FireEye Helix With Security Onion Solutions

“How can I get full visibility into my entire network?” Cyber security professionals tasked with monitoring their networks ask this question all the time, but choosing a network solution that offers that much-needed visibility is no simple task, and often requires sacrificing portions of budget that could be used to improve other areas of a security program or a business as a whole.

At FireEye, we want to reduce the burden that customers face when it comes to achieving better network visibility, which is exactly why we are collaborating with Security Onion Solutions, the creators of free and open source enterprise security monitoring software.

Who is Security Onion Solutions?

For those who aren’t familiar, Security Onion Solutions offers Security Onion, a free and open source Linux distribution for intrusion detection, enterprise security monitoring and log management. Users distribute an army of Security Onion sensors throughout their networks to ultimately improve visibility. Security Onion includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek/Bro, Wazuh, CyberChef, NetworkMiner, and many other security tools.

How Does it Work?

Enabled by FireEye technology, intelligence and expertise, this technical partnership makes it so FireEye Helix customers have expanded visibility and can close the gap between detecting and responding to cyber threats. It works by FireEye Helix ingesting key network visibility data from Security Onion sensors. Joint customers can then access the metadata from the Security Onion devices through the FireEye Helix security operations platform, resulting in instant visibility over larger pieces of their network. As a result, joint customers have access to valuable data for advanced hunting and analysis, and can more quickly identify and respond to the most pressing threats.

Security Onion utilizes more than 10 existing FireEye Helix dashboards, and enables customers to:

  • Identify anomalies
  • Hunt for attackers using contextual data beyond alerts
  • Effectively detect and respond to attacks

The additional context provided by this partnership, coupled with FireEye Intelligence, allows mutual customers to focus on the threats that matter.

Quick Use Case

We recently worked with a large software company who is utilizing the integration today to get advanced visibility into their network. Their security team has more than 10 Security Onion sensors sending data to FireEye Helix through the FireEye Cloud Portal, each capturing valuable metadata about network traffic. FireEye Helix helps this customer by taking the data and enriching it with FireEye Intelligence, allowing their security operations center (SOC) to focus on the highest priority alerts.

FireEye has always respected the open source community and believes that Security Onion is an excellent example of how customers can use open source products to protect themselves, while still utilizing FireEye Intelligence, rules, and analytics.

To learn more about this integration visit the FireEye Market. Learn more about Security Onion Solutions by visiting their website. For current FireEye Helix customers, log in to the FireEye Cloud Integrations Portal to start benefiting from this integration today.