Expanded Cloud Visibility in FireEye Helix With Netskope
By Christopher Unick · March 05, 2020
Organizations are using cloud and SaaS products more than ever before. Transitioning to newer technologies can be challenging for all employees, but it leaves security operations center (SOC) analysts in a particularly tough spot. They must understand how their company is operating, what employees are doing throughout the day, and what constitutes typical work responsibilities. They also need to be able to see into all corners of the network to manage threats and risks properly.
Gaining all this visibility can consume even the largest team’s resources and can often feel impossible. At FireEye, we want to expand visibility into our customers' cloud and SaaS usage, which is why we are collaborating with Netskope.
Who is Netskope?
Netskope offers a leading security cloud that provides visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
How Does the Integration Work?
Existing customers of FireEye Helix and Netskope can start leveraging the integration in mere minutes. By utilizing FireEye Helix Connect, customers need only select the Netskope tile and enter their API key and Netskope domain.
Once that’s done, FireEye Helix will have visibility into thousands of alerts and events that Netskope generates every day. Customer data will be enriched with FireEye Threat Intelligence to help prioritize and evaluate all the threats happening across an enterprise. The following Alert/Event types are now visible:
- Anomalies such as access location, unusual application usage, suspicious credentials
- Compromised Credentials
- Legal Hold
- Security Assessment
FireEye has created seven custom alert rules, which is part of a Netskope Rule Pack that automatically assigns a risk level to each alert that Netskope generates. These rules work out of the box today and customers can also modify them to create the alerts that are most relevant. Additionally, FireEye Helix has the ability to help customers visualize data and alerts through dashboards. The following Netskope Dashboard has been created and is available for use in Helix, and customers can also modify it to reflect the data that they want to review.
Today this integration is used by multiple Fortune 1000 companies to gain valuable insight into their cloud security. Their security analysts have instant access to what is happening across their cloud services by using FireEye Helix. To learn more about this integration visit the FireEye Market and enable it now on FireEye Helix Connect. Learn more about Netskope by visiting their website.
Nov 28, 2023
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
Nov 27, 2023
Trellix Announces Cybersecurity Generative AI Innovations Powered by Amazon Bedrock
Nov 22, 2023
Trellix Hosts Zero Trust Strategy Virtual Forum
Nov 16, 2023
Trellix Detects Collaboration by Cybercriminals and Nation-States
Oct 30, 2023
Trellix Hosts Actionable Ransomware Detection and Response Virtual Showcase
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.