at Financial Technnology Year
Please contact them if you have any questions.
FireEye Helix from FireEye Mandiant
Helix integrates security operations tools into a single platform, allowing organizations to detect threats, respond effectively, and manage security incidents within one interface.
Product analysis by function
Cybersecurity Solutions for Operations and Finance
Specialized security tools protecting sensitive deal information, portfolio company data, and limited partner communications.
More Cybersecurity Solutions
More Operations and Finance ...
Access Control and Identity Management
(7 Yes /7 Known /10 Possible features)
|
Multi-factor Authentication (MFA) Requires users to verify identity using multiple credentials for critical systems. |
FireEye Helix supports MFA for access, as described in documentation and analyst reviews. | |
|
Single Sign-On (SSO) Support Allows seamless, secure access to multiple systems using one set of credentials. |
Helix offers SSO integrations (SAML/OAuth) as listed in product documentation. | |
|
Role-Based Access Control (RBAC) Assigns system permissions based on job role to enforce least-privilege access. |
Helix supports RBAC to restrict permissions by user role. | |
|
User Provisioning and De-provisioning Speed Time required to add or revoke user access upon onboarding or departure. |
No information available | |
|
Privileged User Monitoring Tracks activities of high-access users for early detection of misuse. |
Privileged user activities and admin actions are monitored and auditable in Helix. | |
|
Audit Trail Retention Period Length of time that records of user access and changes are kept. |
No information available | |
|
Integration With Directory Services Can synchronize with corporate directories (e.g., Active Directory, LDAP). |
Helix can synchronize with AD and LDAP. | |
|
Self-Service Password Reset Allows users to securely reset passwords without admin involvement. |
Self-service password reset available through integration with directory services. | |
|
Account Lockout Threshold Number of failed login attempts allowed before an account is locked. |
No information available | |
|
Mandatory Password Expiry Enforces periodic password changes to reduce the risk of compromise. |
Password policy enforcement including expiry is supported as part of access controls. |
Data Encryption and Confidentiality
(7 Yes /7 Known /10 Possible features)
|
In-Transit Encryption Utilizes strong cryptographic protocols (e.g., TLS 1.2+) for data moving across networks. |
All Helix connections are over TLS 1.2+. | |
|
At-Rest Encryption Ensures stored data in databases and file systems is encrypted. |
Data at rest in Helix is encrypted using industry standard protocols. | |
|
End-to-End Encryption for Communications All communication channels (email, messaging, file transfer) support end-to-end encryption. |
No information available | |
|
Encryption Key Management Automated and audited management of cryptographic keys. |
Key management is automated; detailed in Helix security whitepapers. | |
|
Granularity of Data Encryption Defines whether encryption is file-level, database-level, or field-level. |
No information available | |
|
Hardware Security Module (HSM) Integration Supports securing keys within HSMs for added protection. |
Helix can integrate with cloud HSM providers; see deployment guides. | |
|
Secure File Sharing Enables secure, encrypted document sharing with third parties or LPs. |
Helix enables secure sharing of threat intelligence and reporting via encrypted channels. | |
|
Data Loss Prevention (DLP) Monitors and blocks unauthorized data transfers inside and outside the organization. |
DLP functionality is included through policies and monitored data movement. | |
|
Real-time Data Encryption Speed The speed at which the system can encrypt or decrypt data in real-time. |
No information available | |
|
Compliance with Industry Encryption Standards Effectively meets standards such as FIPS 140-2/3 or ISO/IEC 27001. |
FireEye Helix adheres to FIPS 140-2 and other industry encryption standards. |
Threat Detection and Incident Response
(7 Yes /7 Known /10 Possible features)
|
Real-time Threat Detection Ability to identify threats as they occur using AI/ML and signature-based detection. |
Helix features real-time threat detection leveraging AI/ML. | |
|
Automated Incident Response Workflows System can automatically respond to certain threat types to contain damage. |
Automated incident response playbooks and workflows are core features of Helix. | |
|
Security Event Log Retention How long security events/logs are retained for forensic analysis. |
No information available | |
|
Integration with SIEM (Security Information and Event Management) Ability to feed data to SIEM platforms for correlated analysis. |
SIEM integration is native; Helix can both consume and export events. | |
|
Alert Notification Time Maximum time between threat detection and alerting security staff. |
No information available | |
|
24/7 Monitoring Security monitoring is available at all times, not just business hours. |
24/7 cloud-based security monitoring is a core offering. | |
|
Customizable Threat Signatures Can create and tune custom detection signatures for sector-specific threats. |
Custom threat detection rules and signatures supported via the Helix interface. | |
|
Phishing Detection and Prevention Alerts users and blocks suspicious communications targeting credentials. |
Phishing detection and prevention included by ingesting email security events. | |
|
Incident Response Playbooks Pre-defined, customizable workflows for different incident types. |
Helix offers incident response playbooks which can be customized. | |
|
Mean Time to Detect (MTTD) Average time between threat occurring and being discovered. |
No information available |
Secure Communications
(1 Yes /1 Known /10 Possible features)
|
Encrypted Messaging Internal and external chat/messages are encrypted at rest and in transit. |
No information available | |
|
Secure Video Conferencing Video meetings use encryption and access controls to protect confidentiality. |
No information available | |
|
Encrypted Email Integration Email solutions support encrypted delivery and attachments. |
No information available | |
|
Customizable Access Policies for Communications Ability to restrict communication tools usage by user or group. |
No information available | |
|
Automated Message Retention Policy Controls how long communication records are kept and when they are deleted. |
Helix automates message and log retention according to set policy. | |
|
Message Recall or Revocation Capability to retract messages sent in error. |
No information available | |
|
Digital Signatures on Communications Ensures authenticity and non-repudiation for critical messages. |
No information available | |
|
Watermarking Confidential Messages Messages can be automatically watermarked for traceability. |
No information available | |
|
External Participant Verification Verifies the identity of external recipients in communications. |
No information available | |
|
Communication Channel Redundancy System supports alternative communication methods in case of outages. |
No information available |
Monitoring, Logging, and Reporting
(8 Yes /8 Known /10 Possible features)
|
Comprehensive Audit Logs Records all relevant system and user activities for auditing purposes. |
Audit logs are retained and all system/user activities can be reported for compliance. | |
|
Customizable Reporting Dashboards Flexible dashboard tools for real-time monitoring and historical analysis. |
Dashboard includes customizable widgets for reporting and monitoring. | |
|
Automated Compliance Reports Generates reports for regulatory and LP compliance needs. |
Helix produces automated compliance, incident, and audit reports. | |
|
Log Integrity Monitoring Detects if audit logs have been tampered with. |
Helix includes tamper detection for log integrity as noted in documentation. | |
|
API Access to Logs Logs and reports accessible via standard APIs. |
API endpoints available for exporting/querying log data. | |
|
Alert Customization Users can define thresholds and triggers for alerting. |
Alert thresholds, triggers, and customization supported. | |
|
Log Retention Period Set length of time all logs are retained for compliance. |
No information available | |
|
Anomaly Detection in User Activity Automatically highlights unusual user behavior for investigation. |
User behavior analytics module includes anomaly detection. | |
|
Scheduled vs Real-time Reporting System can provide both scheduled and real-time reports. |
Real-time and scheduled reports available in dashboard. | |
|
Audit Log Search/Filtering Speed Rate at which logs can be queried for specific events. |
No information available |
Compliance and Regulatory Support
(8 Yes /8 Known /10 Possible features)
|
Compliance Certifications Dashboard Displays current compliance certifications (e.g., SOC 2, ISO 27001). |
SOC 2/Type II, ISO27001, and other certifications displayed in dashboard. | |
|
GDPR Support Product supports General Data Protection Regulation for EU LPs and companies. |
Helix data controls include GDPR compliance. | |
|
California Consumer Privacy Act (CCPA) Support Compliant with CCPA for handling California data subjects. |
CCPA data privacy support described in documentation. | |
|
Automated Data Subject Requests Can handle right-to-access, right-to-be-forgotten, and correction requests. |
Subject request handling possible, though commonly handled through integrations. Vendor confirms API support for DSAR flows. | |
|
Audit-trail for Compliance Actions Proof of compliance actions is logged and accessible. |
Logging of compliance actions is standard for Helix audit module. | |
|
Data Residency Controls Can restrict data storage and processing to certain jurisdictions. |
Data residency/location can be chosen on deployment. | |
|
Policy Change Alerting Alerts administrators when compliance policies change or are updated. |
Policy change events can trigger alerts to administrators. | |
|
Compliance Report Generation Speed Time required to produce a full compliance report for auditors. |
No information available | |
|
Customizable Data Retention Policies Allows organizations to define bespoke regulatory retention periods. |
Data retention policies are configurable at customer level. | |
|
Vendor Risk Assessment Integration Integrates third-party assessments into compliance reporting. |
No information available |
System Integration and Interoperability
(7 Yes /7 Known /10 Possible features)
|
Open API Availability Product offers open APIs for extensibility and automation. |
Open API available for managing events, alerts, and integrations. | |
|
Integration with Document Management Systems Works seamlessly with DMS like Box, Dropbox, SharePoint. |
No information available | |
|
CRM Integration Works with Salesforce and other CRM systems for LP and portfolio tracking. |
No information available | |
|
Automated Data Sync Frequency How frequently data is automatically synchronized across platforms. |
No information available | |
|
Support for SAML/OAuth Connectors Allows secure identity federation across multiple SaaS tools. |
SAML and OAuth integrations offered for SSO. | |
|
Marketplace of Pre-Built Integrations Catalog of out-of-the-box plugins and connectors. |
Integration library includes marketplace with pre-built connectors. | |
|
Custom Integration Toolkit Offers SDKs/libraries for custom workflow integration. |
Custom integration SDKs available through developer portal. | |
|
Real-time Integration Monitoring Notifies when integrations fail or are at risk. |
Integration status and failures are monitored and alertable. | |
|
Versioning and Backward Compatibility Ensures integration APIs remain available across product upgrades. |
APIs maintain backward compatibility through documented versioning. | |
|
Granular Integration Permissions Permissions for integrations can be defined by user or group. |
Fine-grained permissions for integrations can be managed via RBAC. |
Backup, Recovery, and Business Continuity
(5 Yes /5 Known /10 Possible features)
|
Automated Backups Scheduled, automatic backups of all critical data. |
All customer data is automatically backed up on schedule. | |
|
Backup Frequency How often backups are taken. |
No information available | |
|
Recovery Point Objective (RPO) Maximum acceptable age of files in backup, indicating potential data loss time window. |
No information available | |
|
Recovery Time Objective (RTO) Maximum acceptable time to restore systems after a failure. |
No information available | |
|
Encrypted Backups All backup data is encrypted during storage and transit. |
Backups are encrypted, at rest and in transit, per compliance overview. | |
|
Geo-Redundant Backup Storage Backups are replicated in multiple data centers or regions. |
Geo-redundant backup storage is part of Helix infrastructure. | |
|
Disaster Recovery Playbooks Pre-defined procedures for different disaster scenarios. |
No information available | |
|
Backup Restore Testing Frequency How often backup restores are tested for integrity. |
No information available | |
|
Granular Restore Capability Can restore individual files, folders, or full systems. |
Helix allows granular restores of log data and incident records. | |
|
Automated Failover Support Enables seamless transition to backup systems automatically. |
Automated disaster failover documented for high-availability deployments. |
Workflow and User Experience Security
(6 Yes /6 Known /10 Possible features)
|
Context-aware Access Controls Adapts access policies based on user location, device, or time. |
Access control policies adapt contextually (user, role, source IP, etc.) | |
|
User Activity Feedback System provides immediate visual/audible feedback for security events (e.g., successful login, warning for suspicious activity). |
User UI provides clear feedback on login events and security warnings. | |
|
Security Warnings/Explainability Clear and actionable security warnings for users. |
Security warnings are presented with next-action suggestions. | |
|
Adaptive User Training Prompts In-app security learning for users when risky behaviors are detected. |
No information available | |
|
Minimal Security Task Completion Time Low latency for users performing security actions (e.g., reviewing access requests). |
No information available | |
|
Accessibility Support in Secure Workflows Features and workflows accessible to all users, including those with impairments. |
No information available | |
|
Integrated Secure Approval Processes Enables approvals for sensitive actions within secured workflows. |
Approval workflows in Helix are secured and logged for sensitive actions. | |
|
Session Timeout Configuration Customizable length before automatic user logout due to inactivity. |
No information available | |
|
Mobile Security Features Appropriate controls and protections for mobile users. |
Mobile users are supported; mobile-specific security included (MFA, device compliance). | |
|
Frictionless Delegated Access Temporarily delegate access securely and efficiently. |
Delegated access is available for temporary use cases. |
Vendor Management and Ecosystem Security
(8 Yes /8 Known /10 Possible features)
|
Third-party Risk Assessment Automation Automates evaluation and scoring of third-party risk. |
Vendor risk assessment workflow includes automated risk scoring. | |
|
Vendor Access Control Restricts and monitors vendor/outsourced IT access to systems and data. |
Vendor access is monitored and restricted using RBAC and policy. | |
|
Continuous Vendor Security Monitoring Monitors ongoing risk from vendors (e.g., dark web exposure, breaches). |
Vendor monitoring available, includes breach alerts and real-time exposure checks. | |
|
Vendor Security Questionnaire Management Centralizes collection and review of security documentation from vendors. |
Vendor risk and compliance questionnaires are integrated into Helix workflows. | |
|
Vendor Breach Notification Speed Time between vendor-reported security incidents and notifications to your firm. |
No information available | |
|
Vendor Data Segmentation Ensures vendor access is limited to specific, well-defined areas and data sets. |
Vendors are restricted to defined data segments by policy. | |
|
Automated Vendor Offboarding Instant removal of vendor access once a contract ends. |
Vendor deprovisioning is automated via integration with access controls. | |
|
Vendor Cost Monitoring Tracks and manages the cost of vendor cybersecurity services. |
Vendor cost reporting and analysis can be compiled with custom reports. | |
|
Vendor Contract Compliance Flags Alerts for upcoming expirations, lacking attestations, or non-compliance. |
Contract compliance and expiration alerts included for vendor integrations. | |
|
Portfolio Company Security Guidance Tools Provides tools or frameworks for portfolio companies to follow security best practices. |
No information available |
This data was generated by an AI system. Please check
with the supplier. More here
While you are talking to them, please let them know that they need to update their entry.