TL; DR: Since 2004, FireEye has helped nearly 6,000 businesses worldwide and upward of 40% of the Forbes Global 2000 protect their assets through innovative web security technologies. The company’s flagship product, FireEye Helix, works as a security operations platform that integrates alert management, search, analysis, investigation, and reporting functionalities to safeguard businesses from emergent threats and empower them to make data-driven operational decisions. We recently sat down with Helix Product Marketing Manager Misha Sokolnikov, who told us how the platform was built to seamlessly reveal and mitigate hazards across an organization’s digital environment. As a result, HostingAdvice is recognizing FireEye Helix with our Developers’ Choice™ endorsement for its ability to protect data and bottom lines with minimal investment.
Unfortunately, the scene that follows has become all to common for today’s large organizations. The phone rings, and, on the other side, a nervous voice reports an unauthorized and account-draining purchase of $800. As the customer service rep begins the process of re-securing the account, she knows there will be a few more similar calls before lunch.
These incidents occur for a number of reasons, and spam and phishing campaigns top the list. In fact, more than 90% of data breaches and network attacks originate with a phishing email. This type of online crime grows each year and puts an annual $450 billion dent in the global economy.
With thousands of clients and accounts to protect, most large organizations have long since invested in a web security solution. However, as threats change and criminals become more savvy, many of the legacy safeguards these companies have put in place have become obsolete. Fortunately, FireEye has been adapting its security solutions alongside the evolving threat matrix for more than a decade.
The company’s flagship product, FireEye Helix, employs a three-pronged approach to safeguard a business’s assets against the most aggressive online assaults by integrating expertise, security technology, and intelligence capabilities.
“Many times organizations are dealing with complex security issues and investing in advanced products, but they still get breached,” said Misha Sokolnikov, Product Marketing Manager for FireEye Helix. “We happen to be at the forefront of many of those advanced attacks.”
The cost of a security breach is devastating — not only is there a significant financial loss, but customers often take their business to competitors once they’ve lost trust in a company. As modern digital threats evolve, the peace of mind FireEye’s advanced security measures provide is well worth the minimal investment.
Anticipating Increasingly Complex Dangers in the IT Landscape
Every few years, a large corporation will be brought to its knees through a new breed of web-based attack. While modern security solutions generally keep pace with changing hazards, some of the most severe threats tend to slip through the cracks.
In recent years, ransomware, such as Petya and WannaCry, have proliferated, making headlines and wreaking havoc across the globe. Remaining proactive, however, comes with a number of challenges as the IT landscape becomes more complex — networks are larger, more devices are connected to accounts, and new code is constantly being developed. The popularity of remote work and BYOD (bring your own device) also poses significant risks, as infected files can easily be spread to company systems by unsuspecting users.
Misha told us the response to threats, such as ransomware, has largely been reactionary, rather than preemptive. As a result, specialized security software has become more popular. Despite being effective against specific issues, these tools are far less feasible in the long run, as they still only offer limited visibility and protection.
“For most customers, the IT environment has become really complex as they’re connecting more products and introducing more tools,” he said. “They simply don’t have the visibility — it is very difficult for them to tell what is going on in their environment.”
A more holistic approach to security is necessary to detect vulnerabilities as early as possible.
Going a Step Further Than Modern Antivirus Programs
Software is merely one component in the fight against digital crime, as undetected vulnerabilities leave one open to attack from the start. Because every piece of security software works differently, detection rates are often inconsistent from one vendor to another.
Some security software scans the target system, detecting threats that already exist, even if they are inactive and tucked away inside a suspicious download. Although the security these programs provide is helpful, it’s very limited when compared to the comprehensive approach employed by FireEye Helix.
As an integrated security operations platform, Helix, can detect cracks in the wall that remain otherwise hidden. For example, non-malware attacks target users through less obvious means such as the 2016 PowerWare attack that infected systems through Microsoft Word. Another example is the infamous hack of the Democratic National Committee in recent years, demonstrating that even governmental organizations can fall victim to unforeseen threats.
“We’ve had so many stories of deploying Helix only to discover that a threat has been there with the customer for months,” Misha said. “Traditional security tools are simply not designed to handle problems like non-malware threats.”
Employing a Trusted, Intelligence-Based Approach to Threat Visibility
Trusted by large organizations and government agencies worldwide, FireEye has accumulated a wealth of expertise by investigating incidents against major companies and organizations to supplement the core software component.
“We pay particular attention to intelligence,” Misha said. “We track all the activities that happen on the dark web; we follow threat groups, and we have hundreds of professionals who are at the front lines of all the biggest breaches.”
FireEye has been called upon to investigate breaches for a variety of organizations, including financial firms, insurance companies, and major retail stores.
Helix was built with analysts in mind. As such, the breadth of its features covers everything from email to network and endpoint security solutions.
“One of the most interesting aspects is what we call the innovation cycle, where we combine the technology with expertise and intelligence,” Misha said. “We have the best intelligence to augment the technology in a way that not only shows you the problem, but also gives you the answers.”
With its unique three-pronged approach, FireEye is able to address the entire security operations lifecycle — drawing from past experience, analyzing the present, and using intelligence to avoid future breaches.
As FireEye’s most popular option, Helix not only features analytics and threat intelligence, but also automated features and alert prioritization. Users can assign, monitor, and even collaborate on investigative processes using the Workbench interface.
“I’m a big fan of orchestration. In fact, there’s a whole new market called security orchestration and automation,” Misha said. “If you ask a typical security analyst, you’ll know they spend 80% to 90% of their time doing repetitive manual processes.”
Without automation, analysts are forced to sort through hundreds of alerts and determine which ones are meaningful and urgent from numerous verbose ones. On top of everything else, Helix can integrate data from multiple third-party tools to make organization — and therefore visibility — even easier.
The Mission: To Make Advanced Security Capabilities Accessible to All
While FireEye Helix is the go-to tool for addressing security concerns, FireEye offers protection and visibility in other ways with Enterprise Forensics, SSL Intercept Appliance, and even Security Solutions as a Service (SSaaS). With SSaaS, companies can bolster their existing IT department with FireEye’s expertise. A security breach can happen to anyone, and the best mode of prevention is to cover all the bases.
“We continue to see that the cost of a breach is very high,” Misha said. “It takes too long for most companies to even discover that they have been breached, let alone remediate that.”
When disaster strikes, the damage is already done.
As part of its mission to stay one step ahead of online crime, FireEye plans to roll out new services and features, including embedded analytics and expanded automation, that make security more accessible to everyone.
“We are building a platform that works incredibly well with both FireEye and third-party products,” Misha said. “What keeps us busy is making these advanced capabilities accessible to not only enterprises, but also to organizations that may not really have enough resources.”
Since 2004, FireEye has been a leader in the ongoing battle against advanced persistent threats (APTs) by investigating past breaches and implementing that intelligence into its software solutions. With endpoint, email, network, SSL, and antivirus protection capabilities, FireEye is a thorough and well-rounded solution to safeguarding one’s business.