BMC Helix Cloud Security Overview

BMC Helix Cloud Security is the #9 ranked solution in our list of Cloud Workload Security Solutions. It is most often compared to Turbonomic: BMC Helix Cloud Security vs Turbonomic

What is BMC Helix Cloud Security?

BMC Helix Cloud Security (formerly TrueSight Cloud Security) automates cloud resource configuration security checks and remediation across AWS, Azure, and Google Cloud.  With Helix Cloud Security, configurations of cloud resources and containers are managed consistently, securely, and with an audit trail.  Because it is SaaS, there is nothing to install.  You can literally begin automating your cloud security posture management in minutes.

•   Automated cloud configuration security
posture management (CSPM) using Center
for Internet Security (CIS) policies for
cloud assets on AWS, Azure, and GCP

•   Automated remediation - no coding or scripting required

•   Ready-to-use policy packs for CIS, PCI, and GDPR, and support for custom security and compliance policies

•   Full-stack container configuration security, including Kubernetes pods, host, Docker daemon,
image, and Docker container

•   Integration with incident & change

•   Alerts, reports, exception management, RBAC, and multi-tenancy

BMC Helix Cloud Security is also known as TrueSight Cloud Security, SecOps Policy Service.

BMC Helix Cloud Security Buyer's Guide

Download the BMC Helix Cloud Security Buyer's Guide including reviews and more. Updated: March 2021

BMC Helix Cloud Security Customers
NHS, Vodafone, Kansas City Life, SKY Italia, Cybera
BMC Helix Cloud Security Video

Pricing Advice

What users are saying about BMC Helix Cloud Security pricing:
  • "It is a subscription model with term licensing that is usually yearly. This includes, not only the product, but support and maintenance. It is based on cloud assets. Therefore, if you have 100 cloud assets, those cloud assets are measured based on evaluation or transactions. For example, if I'm evaluating that cloud asset for CIS compliance, PCI compliance, and AWS best practices, that asset gets evaluated three times, as those are three transactions. However, the license model is based on peak asset usage. So, over a year, if you deploy 100, 1000, 500, and then 2000 assets, you will be charged for the 2000 peak of assets managed by Helix Cloud Security."
  • "The pricing is based on an annual subscription, upfront, and it's based on cloud assets. Whether your assets are in Azure and AWS combined, the tool tells you how many assets are being scanned and that's the number used for pricing."

BMC Helix Cloud Security Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Managing Director at VVL Systems
Real User
Top 20
Jan 20, 2020
Gives you a cohesive view into your security posture on cloud accounts

What is our primary use case?

Primarily, it is to understand the cloud baseline against regulatory controls. The primary use case is to identify unknown or unmitigated risks when it comes to security controls in a cloud workload or environment. Within that use case, it takes things, like CIS Compliance Controls, and determines if your workloads are compliant to those best practices. Therefore, the primary use cases are detection and identification. The secondary use case, which goes sort of hand in hand, is to enable operational controls in the form of remediation and actions. It not only can identify if a cloud resource… more »

Pros and Cons

  • "The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities."
  • "Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated."

What other advice do I have?

Start early with this type of capability. Make it part of your cloud governance baseline if you want to leverage a product like BMC Helix Cloud Security from the get go. Make it part of your governance methodology, not after the fact. That's the biggest takeaway I could suggest. Don't implement a cloud governance and migrate to the cloud first, then later try to implement a governance method like BMC Helix Cloud Security provides, because it's a little too late. Otherwise, you will be detecting things that you could have addressed beforehand. Furthermore, my recommendation would be to include…
VP Cloud Operations at VVL systems
Real User
Top 20
Jan 20, 2020
Auto-remediate takes care of a vulnerability when it's scanned, allowing us to focus on other things

What is our primary use case?

The biggest use case is for our customers who want to be proactive and not have any kind of vulnerabilities. Instead of being reactive, they want to understand where their vulnerabilities are, whether their cloud space is Azure, AWS, or Google. They want to understand and remediate those vulnerabilities before they get bigger than they really should be. For example, we are working with a client that is trying to be proactive. They said they don't want to be on the front page of a newspaper, and they're quite big in AWS. They wanted to check out the tool and they're doing a trial. It's meeting… more »

Pros and Cons

  • "The cool feature of Helix Cloud Security is that you can do all that — understand and remediate issues — in one dashboard, based on the different policies that are available for security, out-of-the-box."
  • "It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP."
  • "We've had some with issues connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go."

What other advice do I have?

Don't be surprised if you see some things that you thought were secure that were not secure. You think you're 100 percent, or you think you're close, but when you get in there and scan... Also, take it piece by piece and understand. It might be good to scan your resources using just one security policy to start. Don't jump in too deep. If you jump in too deep you get overwhelmed with all the different policies that are scanned and all the vulnerabilities. It's just easier to take it day-by-day. Learn one section of the tool and then promote yourself as you get better and better versed in the…
Learn what your peers think about BMC Helix Cloud Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2021.
465,836 professionals have used our research since 2012.
Prerna Kapoor
Governance Test and Compliance Officer at Thales
Top 5Leaderboard
Jan 28, 2020
Strong container security and vulnerability management tool but could benefit from improved an UI

What is our primary use case?

With BMC Helix Cloud Security I'm looking for the application level security and application firewall level security. I'm also looking for its service, security and incident management tools. I'm thinking from the perspective of how many technology features can be fruitfully completed by a single tool.

Pros and Cons

  • "The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools."
  • "The UI could be more user-friendly."

What other advice do I have?

It’s a good tool, I still need to work on it more to make it a priority. It is a good tool to make sure that your containers are safe and sound. On a scale of 1 to 10, I give it a 7. I give it a 7 because of the product's UI interface. I'm not the language guy, so I will have to have the scripts made to get it to play for me. I like products that are stronger from the UI interface side.
Product Categories
Cloud Workload Security
Buyer's Guide
Download our free BMC Helix Cloud Security Report and get advice and tips from experienced pros sharing their opinions.