FireEye Helix: Cuts Through the Noise
July 25, 2021

FireEye Helix: Cuts Through the Noise

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with FireEye Helix

Helix is used as a log aggregator to support global business. It is the SIEM within the environment.
  • Single pane of glass for all alerts.
  • Great at consolidating threat intelligence, alerts, and metadata all in a single platform.
  • The ability to pivot directly from Helix to endpoint (HX) EDR, Email, etc. is a big blessing.
  • Additional integration points (API cloud integrations).
  • Helix has had a significant impact on CSOC visibility efforts across the organization.
  • Helix fills the logging and alerting gaps that are missing across the infrastructure side.
  • Having a single pane of glass allows teams to more efficiently run incidents. Additionally, Helix is integrated with ServiceNow providing enhanced and efficient case management for all Helix alerts.
I find Helix to be super-efficient and able to cut through the noise. Previous installations of LogRhythm and Splunk resulting in an overwhelming amount of noise (out of the gate), and we had to constantly tune out false positives. Helix is different. Out of the gate, Helix provided higher fidelity hits, and our teams don't spend half their day turning out the noise.

Do you think FireEye Helix delivers good value for the price?

Yes

Are you happy with FireEye Helix's feature set?

Yes

Did FireEye Helix live up to sales and marketing promises?

Yes

Did implementation of FireEye Helix go as expected?

Yes

Would you buy FireEye Helix again?

Yes

As noted previously, I find Helix to be super-efficient and able to cut through the noise. Helix provides higher fidelity hits, and our teams don't spend half their day turning out the noise. The Helix engine justifies alert severity very well by correlating multiple points of telemetry. Also, artifacts such as PCAPs are parsed within the interface (or inside of FireEye HX—one click away) to save the Aanalyst's time and effort.
Helix integration isn't too difficult. The Cloud version of Helix can be stood up in an afternoon. Cloud integrations can be configured over the course of a week or two as well.
Very impressed with the solution. I would recommend it to any organization. Even if they have a SIEM in place, the Helix solution could be another area of telemetry.

FireEye Helix Feature Ratings

Centralized event and log data collection
10
Correlation
10
Event and log normalization/management
10
Deployment flexibility
10
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
10
Host and network-based intrusion detection
10