FireEye announced a series of updates at its Cyber Defense Summit on Oct. 3-4 that expand the company’s capabilities.
On Oct. 3, FireEye announced a new version of its Helix operations platform that enables increased automation and integrates Security Information and Event Management (SIEM) capabilities. On Oct. 4, the company announced its FireEye Marketplace offering, which enables an ecosystem of plug-ins and add-ons from partners and third parties that extend the FireEye platform. The same day, FireEye also announced new Incident Response (IR) Retainers to make it easier for organizations to engage with its Mandiant IR business unit.
“Every Helix customer is now entitled to a complete security orchestration solution,” Grady Summers, FireEye CTO, told eWEEK. “The solution is deployed on-premises, integrates into Helix through an API, and includes hundreds of predefined integration plug-ins and orchestration playbooks.”
FireEye debuted the first Helix platform in November 2016. With the new update to Helix, Summers said the orchestration playbooks allow organizations to integrate security solutions and automate repetitive processes. The playbooks are based on FireEye’s best response practices, minimizing repetitive, manual and time-consuming tasks. Additionally, he noted that customers may choose to import their own playbooks or create new ones to tailor the solution to their unique needs.
Helix can now enable a full Security Orchestration and Automated Response (SOAR) model. SOAR is a relatively new acronym, though adoption and demand are already strong, according to a recent report. The updated Helix release also benefits from prebuilt Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA) compliance dashboards.
“The market centralizes the many tools that have been developed across FireEye, sometimes for specific uses but also additive features that have not always been available to customers,” Summers said.
One such tool is the HX Tool, which uses FireEye’s endpoint API. This is a web app that gives additional visibility into endpoint data. Another Marketplace tool is the FireEye Health Check, which Summers said was used by FireEye’s support team to optimize customers’ FireEye deployments.
“It runs configuration and metric collections against FireEye appliances and provides an automated report detailing the health findings of the appliances based on predefined conditions of Hardware, System, Configuration, Detection and Best Practices health,” he explained. “Now customers can self-assess the status of their systems and optimize their environments.”
Looking forward, Summers said FireEye will expand the marketplace tools, as well as provide things like custom playbooks for Helix.
FireEye is also providing new options to its customers for how to engage on incident response (IR) with its Mandiant business unit. FireEye now provides new IR Retainers that Summers said address feedback that FireEye received from its clients and insurance partners.
“We’ve eliminated the concept of prepaid hours and now have prepaid fees,” he said. “The new retainers make it easier for clients to access all Mandiant services quickly, not just incident responders.”
Summers added that cyber insurers are a key part of the incident response process and the flexibility in the new retainers allows for cyber-insurance companies to cover costs directly. He added that this streamlines the experiences for victims of cybercrime that are already struggling with responding to an incident.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.