What is our primary use case?
We use it for everything like our logs, data allocation, and ransomware. We basically do malware objects and malware callbacks. I think it's our integration tool. It's our centralized SIEM where we look at all the events, alerts and then do a tryout. The major playbooks that we use are ransomware and phishing campaigns. We basically use it for our PTI-based credit card fraud detection.
What is most valuable?
I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good.
What needs improvement?
Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing.
For how long have I used the solution?
I have been using FireEye Helix for three years.
What do I think about the stability of the solution?
FireEye Helix is a stable solution.
What do I think about the scalability of the solution?
FireEye Helix is a scalable solution. I have about nine users on my team.
How are customer service and technical support?
Technical support is good.
What's my experience with pricing, setup cost, and licensing?
The price could be better. But I think it's rightly placed when we buy everything in one shot, and we get some discount for that. That's how we basically plan our deployment, and it's holistic. We pay for the license yearly.
What other advice do I have?
I would recommend this solution to new users.
On a scale from one to ten, I would give FireEye Helix a nine.
Which deployment model are you using for this solution?
Find out what your peers are saying about FireEye, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2021.
536,548 professionals have used our research since 2012.