Trellix Helix Connect Reviews

We work for a company that provides secret services related to XDR and NSS. We offer the Helix solution to many companies in Brazil. We manage the implementation and provide solutions to our customers. We are a Helix service provider for ten companies in Brazil.

We have started working with various customers, one of whom is particularly concerned about adjacency. We have identified several use cases where automation is possible. However, we face challenges with FSO tools, regarding integration versions. For example, our platform uses API V2, while Cisco uses V3 in some integrations. This has caused issues with professional services.

We are currently working with a provider where I need to send a lot of reports and queries to my customers. Instead, I create reports manually and provide customers with information about the solution.

We often rely on Martins to create logs and provide professional threat services rather than basic support. However, accessing these services can be inconsistent. Sometimes, responses are quick and valuable, but other times, they are delayed. For example, I've waited up to seven months for Martins to resolve an issue with Azure WAF in Helix. It can also be challenging to get timely responses from partners regarding updates and new features

When we undertake projects to install Helix, initially, our company had all the logistical information needed from the installation guide. However, there are details not included in the manuals that we sometimes discover only through direct communication with Trelix experts. This process has become more manageable over time, but initially, we encountered significant challenges, such as issues with connectors, which handle different log formats. These discrepancies weren't clearly outlined in the manuals and caused delays.

For instance, it took about a month to deploy components like SSO and group collection for our customer's infrastructure. Each deployment involves specialized roles—one focusing on connections and another on development and automation with CFA. With these two roles, we can effectively implement Helix.

When the merge of the companies start to use some about the price of the issue. We are using the FSO and security administrator.

I have some case of sources with some customer that returned with some a big security and and can resolve with some attacks.

I have numerous advantages with ten client customers who use our services. We have a dedicated team working directly with the Helix system at PeerSpot within our company, providing maintenance and generating reports for our customers.

The solution offers extensive platform visibility, event tracking, and integrations. While we explore other integration possibilities like CNA, we haven't found a comparable solution yet. Integrating with other vendors and multi-platform environments presents challenges, especially in ensuring API compatibility and staying current with integrations.

I strongly recommend Helix to our new customers for its capabilities and reliability.

Overall, I rate the solution a nine out of ten.

We use Trellix Helix for protection against network attacks, TLS, and SSL attacks. We also use the solution for user behaviour accesses.

Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks.

Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains.

Backup capturing should be included in the solution's next release.

I have been working with Trellix Helix for two years.

I rate Trellix Helix a ten out of ten for stability.

I rate Trellix Helix an eight out of ten for scalability.

Trellix Helix's technical support is great.

Positive

Before Trellix Helix, we used a different solution named Fidelity.

Trellix Helix's initial setup is pretty straightforward, and I rate it a nine out of ten. Trellix Helix's deployment takes four to five hours.

I rate Trellix Helix a five out of ten for pricing.

Overall, I rate Trellix Helix a nine out of ten.

You can use it for everything, incident response, automated responses, alerts,  visibility.

The most valuable features include predefined use cases and threatening states. If I'm investigating a threat, I can run a query, and it'll suggest the next query I'm supposed to write. And they're making a lot of enhancements.

Integrations could be improved, and the dashboard could be a little better. I've seen Splunk and Securonix; their dashboards are definitely better than Helix.

We've been using this solution for four or five years.

The solution is stable.

We had a lot of APIs, so we didn't have any issues with scalability.

Technical support is very responsive. Sometimes there is a delay. I understand, but it's okay.

Positive

We did not previously use a different solution. We looked at a couple, but we only thought of taking Helix.

I won't say setup was difficult, but I would say that integration-wise, there are certain challenges regarding the passing of top logs. Providing and collecting the logs is easy and pushing the logs, but pulling logs is difficult in Helix.

We have a very large setup. So it took us around three or four weeks.

We didn't use a third party. It was implemented by the professional services of our APS.

I would give the product an overall rating of eight out of 10. 

We have 10 people currently using this software. Six are on the list, plus two managers and two IR experts.  

It's not possible for just one person to maintain the solution, and it's not really allowed. It has to be a team effort, with two or three people.

It's not about users. Helix works differently, collecting logs from 6,000 different sources integrated with the solution. 

The licensing is not based on users; it's based on APIs. It's more of a SIEM SGL type of platform. It collects logs from around 6,000. But have around 10 people maintaining that.

I primarily use FireEye Helix to manage alerts and tickets.

FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs.

FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer. It's also not always easy to integrate Helix with other products as they mostly use API integration, and not every third party has a prepared API.

I've been using FireEye Helix for a year and a half.

I'd rate FireEye Helix's stability nine out of ten. There are occasional issues with performance, but they're easy to fix.

FireEye's technical support is okay, but its response time seems to have gotten slower recently.

The initial setup was easy.

FireEye Helix is a little expensive.

FireEye Helix is best suited to enterprise companies. I recommend it as an easily implemented solution with a user-friendly web UI and good support. I'd give it a rating of seven out of ten.

It is used for correlating data.

It is kind of simple and very easily deployable. You can start working with it very fast.

It should have more cloud connectors. It could also be cheaper.

I have been using this solution for almost three years.

It is reliable.

It is scalable.

Their support is okay. It is not bad.

It is very easy to deploy. Most of its maintenance is automatic. We just get the notification that it is going to happen. So far, we haven't faced any issues.

It was FireEye itself.

It could be cheaper, but that applies to every product.

I would recommend this solution to others. I would rate FireEye Helix an eight out of 10.

We use it for everything like our logs, data allocation, and ransomware. We basically do malware objects and malware callbacks. I think it's our integration tool. It's our centralized SIEM where we look at all the events, alerts and then do a tryout. The major playbooks that we use are ransomware and phishing campaigns. We basically use it for our PTI-based credit card fraud detection. 

I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good.

Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing. 

I have been using FireEye Helix for three years.

FireEye Helix is a stable solution.

FireEye Helix is a scalable solution. I have about nine users on my team.

Technical support is good.

The price could be better. But I think it's rightly placed when we buy everything in one shot, and we get some discount for that. That's how we basically plan our deployment, and it's holistic. We pay for the license yearly.

I would recommend this solution to new users.

On a scale from one to ten, I would give FireEye Helix a nine.

We have evaluated great vendors like QRadar, Splunk, and all the big players, but they are certainly lacking at getting all the investigations done properly. With FireEye Helix, if a customer already uses any of the FireEye endpoint solutions, the response part is very fast and the investigation is also very fast. You can do a lot of investigation depending on what that product's like. If you want to clarify something on the endpoint, you have to do it manually but if you are a FireEye customer, you can do it right away. The email security offering around FireEye also directly integrates with your Helix. So if you have to investigate malware you can do it from Helix. It's very powerful and centered on the cloud. 

The integration is very useful and very easy. You can have an API connection with any cloud and I am able to do both ways of communication with the help of the API.

The local center can help you to address the network. We place a logger on-premises to send the logs of other appliances to FireEye Helix. So that the same appliance can also be used as a network endpoint solution, doing dynamic analysis.

Helix will do well after the pandemic because everybody will be looking for a cloud solution and it is cloud-native. There are certain changes we are bringing onto our endpoint and our ETP network security. So everything makes an impact on Helix because every log and every change you can manage through Helix. Helix is directly integrated into a single sign-on platform, which is free FireEye customers. They can log into any of their incentives like if they want to log into the ETP, email security, they use a third-party sandbox and intel and FireEye integrates nicely into it. There are a lot of issues because of GDPR but otherwise, it is a very good platform.

I have been using FireEye Helix for six years. 

There are certain aspects that need to be addressed from the customer side. Parsing is free so if you want to parse third-party logs, FireEye does it for free. But there are times that we need to pull out certain information from applications and we need a lot of support from the customer. A lot of solutions have similar challenges. We are trying to address these challenges. 

Integrating anything on QRadar is very hard. If you want to upgrade the EPS you have to consider upgrading the appliance but with FireEye, if the customer has to compute, FireEye gives them a file to install on his computer and he can send the logs to my computer. 

It is very easy to scale with FireEye. It can be upgraded to any number of EPS.

If you just want to deploy Helix, it is subscription-based, you have to put in a request and it will be ready in a day. If you want to integrate third-party logs, it depends on how many devices you want to integrate. 

Setting it up won't take more than an hour.

If a customer uses FireEye cloud-based network security solution, Helix is free for them no matter how many logs or EPS they use. But they need a license for third-party logs. Licensing is done per EPS. 

Don't be afraid. Request a demo or POC. See the features and if you find it interesting, start implementing it for your use cases. I would recommend it because it really works. 

I would rate it a nine out of 10. We have certain challenges with integrating the SOAR platform with multiple vendors. 

The solution is typically used for sub-services, managed detection, and response services as well as advanced sub-services. The solution was managed by the company where I worked and we offered the services to the customer.

The solution is very high-quality. It offers a very small number of false positives. We don't have to get distracted by checking up on false data and making sure nothing is wrong.

The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform.

The initial setup is very easy.

The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution. 

I first started working with the solution at my previous company, in 2017, and I continue to work with it. It's been over two or so years.

The solution is very stable. It's reliable. There aren't issues with bugs or glitches. It doesn't freeze.

From a technical point of view, it's quite scalable. You only need to have agents on the endpoint or devices. It's really just a little less scalable from the economic point of view as there's a huge cost. The cost was a limiting factor for our organization. We had a limited budget and therefore acquired less of the solution than we technically need. There are parts that are not monitored, not because it can't physically scale but due to the fact that budget-wise, it's not possible. 

The technical support has been very good. We're quite satisfied with the level of support we get.

The initial setup is not complex at all. It's a very straightforward implementation.

The deployment is also relatively quick. You can be online in about two or three days at the most. It does not require a lot of time.

It's quite an expensive solution. FireEye is one of the top artificial intelligence solutions on the market. It's not made for, in my opinion, small businesses. It's more for leading enterprises.

There are no hidden costs. We don't have professional services because they are very, very expensive. 

We're just customers. We don't have a business relationship with the company.

With FireEye, everything is managed by cloud artificial intelligence.

The solution is built to target larger enterprises. Their market's different from many other markets as it's made for 99% of mid-sized enterprises of 1,000 or so people. In Italy, that's quite a large-sized company. We're most likely not their target market as our businesses tend to be a bit smaller. 

If this solution would work for another company, I'd say it depends on the size of the company and the maturity level. For a small company that is not structured for security instruction and competencies, I wouldn't advise this solution. That said, it does offer a lot of features surrounding security and this is something that you can put on top of your security program if you have the right infrastructure in place.

I'd rate the solution nine out of ten. It does everything we need it to do. It's not really lacking in any regard.