What is our primary use case?
We have evaluated great vendors like QRadar, Splunk, and all the big players, but they are certainly lacking at getting all the investigations done properly. With FireEye Helix, if a customer already uses any of the FireEye endpoint solutions, the response part is very fast and the investigation is also very fast. You can do a lot of investigation depending on what that product's like. If you want to clarify something on the endpoint, you have to do it manually but if you are a FireEye customer, you can do it right away. The email security offering around FireEye also directly integrates with your Helix. So if you have to investigate malware you can do it from Helix. It's very powerful and centered on the cloud.
What is most valuable?
The integration is very useful and very easy. You can have an API connection with any cloud and I am able to do both ways of communication with the help of the API.
The local center can help you to address the network. We place a logger on-premises to send the logs of other appliances to FireEye Helix. So that the same appliance can also be used as a network endpoint solution, doing dynamic analysis.
What needs improvement?
Helix will do well after the pandemic because everybody will be looking for a cloud solution and it is cloud-native. There are certain changes we are bringing onto our endpoint and our ETP network security. So everything makes an impact on Helix because every log and every change you can manage through Helix. Helix is directly integrated into a single sign-on platform, which is free FireEye customers. They can log into any of their incentives like if they want to log into the ETP, email security, they use a third-party sandbox and intel and FireEye integrates nicely into it. There are a lot of issues because of GDPR but otherwise, it is a very good platform.
For how long have I used the solution?
I have been using FireEye Helix for six years.
What do I think about the stability of the solution?
There are certain aspects that need to be addressed from the customer side. Parsing is free so if you want to parse third-party logs, FireEye does it for free. But there are times that we need to pull out certain information from applications and we need a lot of support from the customer. A lot of solutions have similar challenges. We are trying to address these challenges.
Which solution did I use previously and why did I switch?
Integrating anything on QRadar is very hard. If you want to upgrade the EPS you have to consider upgrading the appliance but with FireEye, if the customer has to compute, FireEye gives them a file to install on his computer and he can send the logs to my computer.
It is very easy to scale with FireEye. It can be upgraded to any number of EPS.
How was the initial setup?
If you just want to deploy Helix, it is subscription-based, you have to put in a request and it will be ready in a day. If you want to integrate third-party logs, it depends on how many devices you want to integrate.
Setting it up won't take more than an hour.
What's my experience with pricing, setup cost, and licensing?
If a customer uses FireEye cloud-based network security solution, Helix is free for them no matter how many logs or EPS they use. But they need a license for third-party logs. Licensing is done per EPS.
What other advice do I have?
Don't be afraid. Request a demo or POC. See the features and if you find it interesting, start implementing it for your use cases. I would recommend it because it really works.
I would rate it a nine out of 10. We have certain challenges with integrating the SOAR platform with multiple vendors.
Which deployment model are you using for this solution?