Security vendor FireEye announced its new Helix platform on November 29, in an effort to provide an integrated offering to help automate and improve security operations. Helix in many respects is an evolution of FireEye’s existing Threat Analytics Platform (TAP).
“A lot of the code for Helix comes from TAP, with a heavy dose of technology from the FireEye Security Orchestrator as well as supporting products,” Grady Summers, CTO of FireEye told eWEEK. “The license for Helix also gives customers an entitlement for our endpoint and network products.”
Summers explained that Helix will also provide deployment and provisioning capabilities for FireEye’s security capabilities. He noted that the initial launch of Helix is set for the first quarter of 2017 and will be available in the cloud, with an on-premises version set to follow later in the year. Summers said that Helix customers will be able to manage their endpoints and network sensors from a central management dashboard.
“We’re taking the FireEye Central Management Server (CMS) that was used to control all of our network appliances and putting that into Helix,” Summers said.
The overall reporting and dashboard capabilities in Helix are set to be an improvement over FireEye’s existing capabilities. Summers admitted that reporting has been the ‘Achilles Heel’ in TAP, with a lack of pie charts and charts in general.
“We now have a beautiful array of charts and graphs that customers can use in Helix,” Summers said. “Anything you can describe verbally, now users can create a customizable widget to visually display that information.”
Compliance is also an area where FireEye Helix will be able to help organizations. Summers said that initially Helix will provide capabilities to help with PCI-DSS (Payment Card Industry Data Security Standard) with a plan to provide additional compliance features over time.
At the backend of Helix is a large Big Data storage and analytics capability that makes use of multiple technologies including both proprietary and open-source code. Summers explained that FireEye is heavy user of the open-source Elasticsearch search project. Elasticsearch is often combined with Logstash for log management and Kibana for visualization, in what is commonly referred to as the ELK stack. Summers noted that FireEye only uses Elasticsearch and is not currently using either Logstach or Kibana.
“We use Elasticsearch, but everything on top of that is our proprietary code,” Summers said.
While the Helix platform aims to be an integrated suite for security, Summers commented that FireEye will also integrate with other security vendors and technologies. He added that organizations won’t throw out existing security technologies so the goal with Helix is to enrich those existing assets and make security better overall.
“As much as we’re FireEye proud, we realize that we’ll never be the only security vendor that organizations use,” Summers said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter.
