Palo Alto Networks Cortex XSOAR vs. Trellix Helix

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Palo Alto Networks Cortex XSOAR
Score 7.1 out of 10
N/A
Cortex XSOAR, formerly Demisto and now from Palo Alto Networks since it was acquired in March 2019, provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Its playbooks are powered by hundreds of integrations and thousands of security actions, striking the right balance between rapid machine execution and nuanced human oversight.N/A
Trellix Helix
Score 7.0 out of 10
Enterprise companies (1,001+ employees)
Trellix Helix (formerly FireEye Helix) is a SIEM solution providing a non-malware threat detection solution.
$0
Events per second
Pricing
Palo Alto Networks Cortex XSOARTrellix Helix
Editions & Modules
No answers on this topic
Helix Console
$0
Events per second
Helix Enterprise
$0
Events per second
Offerings
Pricing Offerings
Palo Alto Networks Cortex XSOARTrellix Helix
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeOptional
Additional Details
More Pricing Information
Community Pulse
Palo Alto Networks Cortex XSOARTrellix Helix
Features
Palo Alto Networks Cortex XSOARTrellix Helix
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Palo Alto Networks Cortex XSOAR
-
Ratings
Trellix Helix
8.5
Ratings
9% above category average
Centralized event and log data collection00 Ratings8.50 Ratings
Correlation00 Ratings8.00 Ratings
Event and log normalization/management00 Ratings8.50 Ratings
Deployment flexibility00 Ratings8.40 Ratings
Integration with Identity and Access Management Tools00 Ratings8.90 Ratings
Custom dashboards and workspaces00 Ratings8.10 Ratings
Host and network-based intrusion detection00 Ratings9.00 Ratings
User Ratings
Palo Alto Networks Cortex XSOARTrellix Helix
Likelihood to Recommend
8.2
(0 ratings)
9.0
(0 ratings)
Likelihood to Renew
10.0
(0 ratings)
-
(0 ratings)
Support Rating
-
(0 ratings)
9.0
(0 ratings)
Implementation Rating
10.0
(0 ratings)
-
(0 ratings)
Ease of integration
-
(0 ratings)
8.1
(0 ratings)
User Testimonials
Palo Alto Networks Cortex XSOARTrellix Helix
Likelihood to Recommend
XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a
problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click
of a button.
●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real
emails, resulting in compromise through human error.
●Security Teams aren’t able to follow set processes while responding to phishing alerts.
They must coordinate across email inboxes, threat intel, NGFW, ticketing, and
other tools. Each tool has different consoles, data conventions, and contexts,
making it difficult for security teams to fill in the gaps while minimizing
errors. XSOAR is less suited for analyzing traffic.
Read full review
Overall, we've had a great experience with FireEye Helix and would recommend it to organizations looking to improve their operational security. We've found Helix to be a great way to collect and analyze revenant security events and take action. Having a single pane of glass makes this process much more efficient. Prior to moving to FireEye Helix, we had different teams sending data to different applications, which resulted in confusion and critical data being missed.
Read full review
Pros
  • Automation with immediate security responses.
  • Comprehensive phishing protection and increased email protection.
  • Analysis and reporting feature.
  • Intuitive and easy-to-view panels.
  • Alerts by email and sms of incidents for the administration.
  • Centralized monitoring.
Read full review
  • Detection of advanced threats.
  • Easy integration with cloud resources and our existing security tools thus enhancing performance.
  • Easy deployment with great threats intelligence capabilities.
Read full review
Cons
  • SAML is not stable, it gives a lot of issues.
  • Pre-defined playbooks need a lot of fine tuning
  • Lacks proper documentation
Read full review
  • Overly complex platform
  • Multiple logins needed for various tools--leads to confusion
  • Costs can add up
Read full review
Likelihood to Renew
It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.
Read full review
No answers on this topic
Support Rating
No answers on this topic
We've been fairly happy with FireEye Helix support overall. Most issues are resolved the same day the case is opened.
Read full review
Implementation Rating
It was much easier than we all anticipated.
Read full review
No answers on this topic
Alternatives Considered
The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.
Read full review
It offers extensive visibility thus easy detection of threats and easy mitigation practices. Utilization of its threats intelligence capabilities thus early detection of incidents and maximization of security investments. Offers great integration of cloud resources with existing security tools thus ensuring seamless performance and all-time security for the organizational resources.
Read full review
Return on Investment
  • Reduces man-hours spent on handling false-positive repetitive alerts, daily 40% of analysts' time saved during a 24 hour period. In the initial stage, it was 75% of analysts' time saved due to the new environment, less maturity, and a lot of un-finetuned alerts.
  • Single pane for notification, collaboration, and action (to some extent) which is a major time saver compared to the conventional method of meeting invites and emails back-and-forth.
  • Secure documentation of business-critical incidents with a need-to-know basis of access according to each role.
Read full review
  • Helix has had a significant impact on CSOC visibility efforts across the organization.
  • Helix fills the logging and alerting gaps that are missing across the infrastructure side.
  • Having a single pane of glass allows teams to more efficiently run incidents. Additionally, Helix is integrated with ServiceNow providing enhanced and efficient case management for all Helix alerts.
Read full review
ScreenShots

Trellix Helix Screenshots

Screenshot of Helix Cloud IntegrationsScreenshot of Helix Asset Alert Correlation