Cortex XSOAR, formerly Demisto and now from Palo Alto Networks since it was acquired in March 2019, provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Its playbooks are powered by hundreds of integrations and thousands of security actions, striking the right balance between rapid machine execution and nuanced human oversight.
N/A
Trellix Helix
Score 7.0 out of 10
Enterprise companies (1,001+ employees)
Trellix Helix (formerly FireEye Helix) is a SIEM solution providing a non-malware threat detection solution.
$0
Events per second
Pricing
Palo Alto Networks Cortex XSOAR
Trellix Helix
Editions & Modules
No answers on this topic
Helix Console
$0
Events per second
Helix Enterprise
$0
Events per second
Offerings
Pricing Offerings
Palo Alto Networks Cortex XSOAR
Trellix Helix
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
—
More Pricing Information
Community Pulse
Palo Alto Networks Cortex XSOAR
Trellix Helix
Features
Palo Alto Networks Cortex XSOAR
Trellix Helix
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Palo Alto Networks Cortex XSOAR
-
Ratings
Trellix Helix
8.5
Ratings
9% above category average
Centralized event and log data collection
00 Ratings
8.50 Ratings
Correlation
00 Ratings
8.00 Ratings
Event and log normalization/management
00 Ratings
8.50 Ratings
Deployment flexibility
00 Ratings
8.40 Ratings
Integration with Identity and Access Management Tools
XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click of a button. ●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real emails, resulting in compromise through human error. ●Security Teams aren’t able to follow set processes while responding to phishing alerts. They must coordinate across email inboxes, threat intel, NGFW, ticketing, and other tools. Each tool has different consoles, data conventions, and contexts, making it difficult for security teams to fill in the gaps while minimizing errors. XSOAR is less suited for analyzing traffic.
Overall, we've had a great experience with FireEye Helix and would recommend it to organizations looking to improve their operational security. We've found Helix to be a great way to collect and analyze revenant security events and take action. Having a single pane of glass makes this process much more efficient. Prior to moving to FireEye Helix, we had different teams sending data to different applications, which resulted in confusion and critical data being missed.
It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.
The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.
It offers extensive visibility thus easy detection of threats and easy mitigation practices. Utilization of its threats intelligence capabilities thus early detection of incidents and maximization of security investments. Offers great integration of cloud resources with existing security tools thus ensuring seamless performance and all-time security for the organizational resources.
Reduces man-hours spent on handling false-positive repetitive alerts, daily 40% of analysts' time saved during a 24 hour period. In the initial stage, it was 75% of analysts' time saved due to the new environment, less maturity, and a lot of un-finetuned alerts.
Single pane for notification, collaboration, and action (to some extent) which is a major time saver compared to the conventional method of meeting invites and emails back-and-forth.
Secure documentation of business-critical incidents with a need-to-know basis of access according to each role.
Helix has had a significant impact on CSOC visibility efforts across the organization.
Helix fills the logging and alerting gaps that are missing across the infrastructure side.
Having a single pane of glass allows teams to more efficiently run incidents. Additionally, Helix is integrated with ServiceNow providing enhanced and efficient case management for all Helix alerts.