Posted: 15th April 2022

Product Overview

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nationstate grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyber attacks.

FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix.

Helix features seamlessly integrated Security Orchestration, Automation, and Response (SOAR) for faster response times, process consistency, and reduced risk exposure. Simplify your cyber security operations to prioritize alerts and focus on true threats. Make compliance reporting more efficient with customized dashboards and access incident response playbooks and process automation to enhance your security team’s capability.

Challenges Overcome Through Integration

Today’s ever-changing security landscape makes it nearly impossible for time-strapped security operations and incident response teams to mitigate every potential threat to their organization. Overwhelmed by manual processes and high alert volume, they’re unable to take advantage of the breadth of intelligence available, instead they focus only on internal logs and data.

Security teams need a platform that centralizes intelligence in real time and harnesses that information to drive action across security infrastructures.

By joining forces through a seamless integration, Security Orchestrator and Recorded Future helps analysts reduce manual research time and make informed verdicts. SOC analysts can efficiently dismiss false positives and capture threat context for true incidents.

Integration Description

Recorded Future for FireEye Security Orchestrator allows organizations to quickly resolve security threats using external threat intelligence and rich context from Recorded Future directly on top of events and alerts inside Security Orchestrator.

Analysts are able to view related external risk and evidence assigned to IPs, Domains, Hashes, and URLs for greater context as they investigate and respond to incidents. Full transparency is provided on the evidence applicable to any given IOC (indicator of compromise).

In addition, Recorded Future’s risklist data is ingested inside Security Orchestrator to correlate internal telemetry data against high fidelity datasets from Recorded Future to detect threats faster. The integration makes use of the Recorded Future IP, Domain, Hash, and URL risk lists.

As a result, security and threat analysts can make quick and effective decisions at critical moments.