FireEye Stories

Expanded Cloud Visibility in FireEye Helix With Netskope

Organizations are using cloud and SaaS products more than ever before. Transitioning to newer technologies can be challenging for all employees, but it leaves security operations center (SOC) analysts in a particularly tough spot. They must understand how their company is operating, what employees are doing throughout the day, and what constitutes typical work responsibilities. They also need to be able to see into all corners of the network to manage threats and risks properly.

Gaining all this visibility can consume even the largest team’s resources and can often feel impossible. At FireEye, we want to expand visibility into our customers' cloud and SaaS usage, which is why we are collaborating with Netskope.

Who is Netskope?

Netskope offers a leading security cloud that provides visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

How Does the Integration Work?

Existing customers of FireEye Helix and Netskope can start leveraging the integration in mere minutes. By utilizing FireEye Helix Connect, customers need only select the Netskope tile and enter their API key and Netskope domain.

Once that’s done, FireEye Helix will have visibility into thousands of alerts and events that Netskope generates every day. Customer data will be enriched with FireEye Threat Intelligence to help prioritize and evaluate all the threats happening across an enterprise. The following Alert/Event types are now visible:

  • Anomalies such as access location, unusual application usage, suspicious credentials
  • Compromised Credentials
  • Legal Hold
  • Malsite
  • Malware
  • Policy
  • Quarantine
  • Remediation
  • Security Assessment
  • Watchlist

FireEye has created seven custom alert rules, which is part of a Netskope Rule Pack that automatically assigns a risk level to each alert that Netskope generates. These rules work out of the box today and customers can also modify them to create the alerts that are most relevant. Additionally, FireEye Helix has the ability to help customers visualize data and alerts through dashboards. The following Netskope Dashboard has been created and is available for use in Helix, and customers can also modify it to reflect the data that they want to review.

More Information

Today this integration is used by multiple Fortune 1000 companies to gain valuable insight into their cloud security. Their security analysts have instant access to what is happening across their cloud services by using FireEye Helix. To learn more about this integration visit the FireEye Market and enable it now on FireEye Helix Connect. Learn more about Netskope by visiting their website.