Trellix Security Operations

My main use case for Trellix Helix Connect  is to provide an MDR service to our clients. We use Trellix Helix Connect  to correlate the alerts and automate the response most often.

For example, we use Trellix Helix Connect for MDR services with our clients when we have XDR  for Trellix Helix Connect to analyze the alerts and set up the SOAR  workflows. It depends on the client needs.

In our day-to-day operations, we have the main use case of Trellix Helix Connect which allows us to reduce MTTD and MTTR, and we have the KPIs to support this.

The best features that Trellix Helix Connect offers are SOAR , automation, hyperautomation, and the correlation of alerts and threat intelligence, for example, when the alerts cross through MITRE ATT&CK, which stand out most to me.

Out of those features, automation, alert correlation, and threat intelligence have made my work easier and more effective as we integrate many cybersecurity solutions into the XDR  and set up the use cases to reduce MTTD and MTTR from days to minutes.

I would add that the level of integration with other brands is something that surprises me about the features of Trellix Helix Connect.

Trellix Helix Connect has positively impacted my organization as it is the most important tool to provide MDR service to our clients, which has resulted in specific outcomes and improvements.

To improve Trellix Helix Connect, I think it is possible to enhance the dashboard to share more information about the incidents. For example, if I want to check a MITRE technique, maybe it is necessary to have a quick link to check this technique in the dashboard.

I think the usability of hyperautomation is something to improve in the solution because it is expensive regarding the needed improvements.

I have been using Trellix Helix Connect for one year.

Trellix Helix Connect is very stable, and I have experienced almost no downtime or issues, as the downtime is mainly about maintenance time, confirming its reliability.

Trellix Helix Connect's scalability is excellent as the solution has a library to make integrations with other brands, allowing it to handle growth easily via API.

The customer support for Trellix Helix Connect is well in Latin America because there are many people in the region, which enhances the experience.

I previously used legacy SIEMs before choosing Trellix Helix Connect.

My experience with pricing, setup cost, and licensing is that the licensing for XDR is good, though the hyperautomation feature is expensive.

We have seen a return on investment with Trellix Helix Connect, and we can share relevant metrics as we reduce the MTTD and MTTR and have KPIs indicating our ROI.

Before selecting Trellix Helix Connect, I evaluated other options including Palo Alto XDR, Cisco XDR , and Rapid7 with the new generation SIEM .

The most important metrics are the reduced MTTD and MTTR because the clients' legacy solutions provide faster response when they use this tool, showing measurable benefits.

I advise anyone considering Trellix Helix Connect to review the different solutions of the XDR ecosystem, focusing on the capability to integrate with other brands without shadow cost and the capability to respond and reduce MTTD and MTTR. I would rate this product at a nine out of ten.

We use Trellix Helix Connect because it is a SaaS solution. I think it has its own infrastructure rather than AWS or another provider. We use the Helix SaaS and a component called Evidence Collector that gets the logs from on-premise infrastructure and sends them to SaaS. I believe everything about Trellix Helix Connect is SaaS-based.

We use Evidence Collector which can be installed with the on-premise infrastructure to collect components such as files and IPS. This product receives the logs from the infrastructure and sends the information to Helix.

The best feature of Trellix Helix Connect is its quick implementation.

The integration with Mandiant is another significant advantage. When investigating an incident, we have access to IOCs and can receive results from Mandiant about these IOCs, similar to what VirusTotal offers. We can search and utilize this integration effectively.

We utilize the artificial intelligence capabilities in Trellix Helix Connect. We can perform some customization by providing parameters in the YARA from Helix, which provides valuable analysis points.

The solution allows users to create reports more quickly with comprehensive information, which can be expanded within minutes. This demonstrates the effectiveness of Trellix Helix Connect's automation capabilities for reducing incident response times.

The timeout of the tenant is an area that needs improvement. When investigating and gathering information from the Helix tenant for extended periods, disconnections occur. This results in lost work and the need to restart investigations due to disconnected sessions.

It is problematic when progress is lost and investigations must be restarted, resulting in lost information and significant time wastage.

The capability to integrate with other TIPs or cybersecurity intelligence sources could be improved to determine whether IOCs are malicious, similar to Mandiant's functionality.

The capacity to reduce false positives needs improvement as we receive many alerts from Helix that turn out to be false positives upon investigation. Enhanced capability in this area would make the system more efficient and easier to use.

The dashboards could be improved as customers frequently request real-time SOC dashboard displays for Helix.

The support for Trellix Helix Connect is not satisfactory. We experience difficulties accessing personnel with deep knowledge of Helix. We have numerous tickets to understand and resolve problems. It is not an easy product to support on a daily basis.

The support would rate a three out of ten. It can take one to four weeks to connect with someone who truly understands Helix and can provide solutions. This makes the product difficult to maintain.

The solution can be challenging for analysts with lower skill levels. The syntax for finding findings requires specific knowledge, making it more difficult for initial users.

Trellix Helix Connect is generally easy to use, but the Evidence Collector component presents more challenges.

This review rates Trellix Helix Connect as 6 out of 10.

I am a presales manager for a cybersecurity company, and I use Trellix Helix to manage software for cybersecurity. I sell software to enterprise customers, and my main use case involves data protection, email security, and endpoint security.

One of the most valuable features of Trellix Helix is its AI capability for the XDR platform, enabling me to reduce the time to resolve incidents. The software correlates data from the security environment and allows searches in natural language. It is crucial for enterprise companies worldwide, not just in the United States. Trellix Helix offers more than 400 connectors for integration and supports both small and large environments.

I have just released this solution to the market, and my customers' response has been great. While Trellix Wise is seen as a top vendor with its AI implementation for accelerating incident investigation, there have been some support issues due to a recent fusion and merger in the company, which could be improved.

I have been working with Trellix Helix for two months.

The stability of Trellix Helix is really good. Although there have been some incidents, these were related to support issues rather than product instability. My solutions need to be highly available because they are critical for my customers.

The scalability of Trellix Helix is impressive. I support the largest companies in the world, and the solution is not just restricted to small or medium businesses. It can scale to support large environments.

The technical support for Trellix Helix is rated four out of five. Despite the ongoing transformation due to a fusion and merger of the company, the support could be better as there have been some challenges with staffing and information.

The initial setup of Trellix Helix was rated nine and a half out of ten. Although no software is ever one hundred percent, my experience was good and easy to use. The installation process is simple with straightforward configuration.

The price of Trellix Helix is competitive in the market. It is not the cheapest but also not the most expensive. As for additional costs beyond standard licensing fees, there are none.

I advise moving quickly to adopt Trellix Helix to improve operations and get faster response times for incidents. I rate Trellix Helix overall ten out of ten.

It helps prevent web security threats and other things.

We use Trellix ePO. We also use Trellix Endpoint Security and DLP encryption.

We are currently integrated with fewer security devices. It helps us understand deductions and analysis and provides collaborative input as a first priority.

We are able to block some advanced malware and other things. I think we use the appliance-based Helix.

It helps us detect some advanced malware. That's one of the major advantages. We also have some automated collaborations enabled internally. So, if there's a new attack or alert, we have visibility on it.

However, we are not experts in automation, but we do get some automation in the Trellix product. We want to test it further.

Trellix needs to address the price for the product to be more appealing to customers.

It has been anywhere between six months to a year.

I would rate the stability a nine out of ten.

I would rate the scalability a nine out of ten. The scalability is good.

It's proper support. So no delays. They always respond on time and the responses are informative.

We chose Trellix among the variety of products on the market because other vendors support cloud-based threat intelligence, requiring us to interact with the cloud.

With Trellix Helix, we have on-premises offerings and we are able to collaborate on our logs within our premises. We don't want to send data outside our organization because we support banking customers. We can maintain everything internally.

If you understand the concept of Trellix Helix, it's easy to deploy.

It took a couple of days. We haven't integrated it with any solutions yet. We just have some minimal solutions that need to be integrated. If we have any issues in the future, we'll let you know.pen_spark

There could be some financial benefits, but we are focused on security and threat prevention, not the financial aspect.

It could be a bit expensive. I would give it an eight out of ten, with ten being expensive.

I recommend Helix. I have a good experience with it. If I get a POC, I can easily give it to the customer and evaluate it.

The solution is stable and addresses advanced malware. It's also easy to access support in India.

Overall, I would rate it a nine out of ten.

We work for a company that provides secret services related to XDR and NSS. We offer the Helix solution to many companies in Brazil. We manage the implementation and provide solutions to our customers. We are a Helix service provider for ten companies in Brazil.

We have started working with various customers, one of whom is particularly concerned about adjacency. We have identified several use cases where automation is possible. However, we face challenges with FSO tools, regarding integration versions. For example, our platform uses API V2, while Cisco uses V3 in some integrations. This has caused issues with professional services.

We are currently working with a provider where I need to send a lot of reports and queries to my customers. Instead, I create reports manually and provide customers with information about the solution.

We often rely on Martins to create logs and provide professional threat services rather than basic support. However, accessing these services can be inconsistent. Sometimes, responses are quick and valuable, but other times, they are delayed. For example, I've waited up to seven months for Martins to resolve an issue with Azure WAF in Helix. It can also be challenging to get timely responses from partners regarding updates and new features

When we undertake projects to install Helix, initially, our company had all the logistical information needed from the installation guide. However, there are details not included in the manuals that we sometimes discover only through direct communication with Trelix experts. This process has become more manageable over time, but initially, we encountered significant challenges, such as issues with connectors, which handle different log formats. These discrepancies weren't clearly outlined in the manuals and caused delays.

For instance, it took about a month to deploy components like SSO and group collection for our customer's infrastructure. Each deployment involves specialized roles—one focusing on connections and another on development and automation with CFA. With these two roles, we can effectively implement Helix.

When the merge of the companies start to use some about the price of the issue. We are using the FSO and security administrator.

I have some case of sources with some customer that returned with some a big security and and can resolve with some attacks.

I have numerous advantages with ten client customers who use our services. We have a dedicated team working directly with the Helix system at PeerSpot within our company, providing maintenance and generating reports for our customers.

The solution offers extensive platform visibility, event tracking, and integrations. While we explore other integration possibilities like CNA, we haven't found a comparable solution yet. Integrating with other vendors and multi-platform environments presents challenges, especially in ensuring API compatibility and staying current with integrations.

I strongly recommend Helix to our new customers for its capabilities and reliability.

Overall, I rate the solution a nine out of ten.