Sharing is Caring: FireEye Helix Connects to Netskope to Block Threats
By Christopher Unick, Mahmoud Eraqi · July 14, 2021
FireEye Helix is a SaaS security operations platform that allows organizations to take control of any incident from detection to response and remediation. We introduced Helix in 2017 to simplify, integrate and automate security operations, and along the way we made many enhancements and introduced various features to improve the user experience.
Today we are excited to announce a new integration that customers of Helix and Netskope can leverage to block threats between our products. This expands on our previous integration—ingesting data from Netskope into Helix to identify threats—by closing the loop to help customers of Netskope block threats that are found anywhere in their suite of security and business tools.
Finding Threats With Helix
It is imperative that security teams have visibility into what's happening across the business so they can respond to and investigate security incidents. FireEye Helix is able to analyze events in over 300 security and business tools and is enriched with FireEye expertise to identify the threats happening in an organization.
The good news is the median dwell time is currently 24 days (per M-Trends 2021), meaning organizations are identifying threats more than twice as fast as in 2020. These improvements in detection are very important, and organizations must ensure their response is just as quick. This integration allows those threats to be shared with Netskope in mere minutes to block threats seen throughout the business.
FireEye Helix alerts on and shares the following alerts (and many more) with Netskope:
- Malware on the endpoint: MD5 Hash will be identified when FireEye Endpoint Security discovers malware on a customer’s endpoint.
- Files containing ransomware: Identify malicious content (MD5 hash) shared via email, found on endpoints and more.
- Malware callback alerts: Network activity (malicious IP address) that matches a malware command and control (C2) signature.
- Third party content: Malicious files (MD5 Hash) being shared to you by third parties or suppliers (via cloud storage like AWS S3 and 30+ others).
- Malicious IPs and URLs from log files: Ingesting logs from our partners (like Netskope) that find malicious activity and share the corresponding IOCs.
Netskope Cloud Threat Exchange (CTE)
Netskope Cloud Threat Exchange is a near real-time threat ingestion, curation, and sharing tool that enables Netskope customers and FireEye to exchange IOCs. Security teams can integrate IOCs that contain malicious URLs and file hashes from any Helix source, including FireEye Endpoint Security, Network Security and Email Security tools, third-party firewalls, cloud logs, and secure web-gateways.
Mutual customers of this integration can:
- Ingest, manage and share all IOCs seen in a customer’s environment.
- Leverage FireEye’s industry leading detection capabilities.
- Ensure all users and devices are protected with up-to-date indicators.
- Respond faster and block threats across a customer’s ecosystem.
How to Enable This Integration in Minutes
Navigate to the FireEye Helix CloudConnect portal and select Netskope CTE.
Select your FireEye Helix Instance and drop in your API Key (found in your IAM setup).
Fill in your Netskope credentials to enable the integration, and you are all set!
As you navigate to the Netskope CTE dashboard, you’ll see IOCs that are shared from Helix that will actively block/restrict items based on your configuration in your Netskope solution.
Ready to get started? Connect with us today to see a demo and to learn more. Already using Helix, but not familiar with the latest integrations available? Reach out to your sales engineer to get more information and a walkthrough of how we can help!
May 30, 2023
Trellix Expands AWS Integrations to Provide Greater Data Security to Cloud Infrastructure Customers
May 8, 2023
CRN Recognizes Trellix on its 2023 Women of the Channel and Power 100 Lists
Apr 25, 2023
96% of CISOs Struggle to Get the Support Required to Be Resilient Against Cyber Attacks
Apr 24, 2023
Trellix Launches Comprehensive Endpoint Security Suite
Apr 24, 2023
Trellix Receives FedRAMP High Authorization to Operate for Trellix Extended Detection and Response GovCloud
The latest from our newsroom
Trustwave and Trellix Partnership to Deliver Best-in-Class Managed Detection and Response
March 15, 2023
Strategic partnership announced to bring superior visibility and faster, more precise detection and response to security teams defending against cyberthreats.
Trellix Leads XDR Evolution
By Aparna Rayasam · March 2, 2023
Chief Product Officer Aparna Rayasam explains the evolution of XDR and how it provides the connecting tissue needed to detect, prevent, and remediate attacks across all vectors.
The Bug Report – March 2023 Edition
By Kasimir Schulz · April 5, 2022
Welcome back to the Bug Report, Ides of March edition! This month features CVE-2023-24033, CVE-2023-21036 (Acropalypse), CVE-2023-23397, and CVE-2023-24880.
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.