Earlier this month I saw a post on Investor\u2019s Business Daily outlining why FireEye was important to the company\u2019s shareholders.\u00a0 The article got me thinking about the low awareness that Helix has with security buyers. In my opinion, it\u2019s one of the more under-rated security tools. \u00a0\u00a0For better or worse, FireEye has strong association with the sandboxing market.\u00a0 This has been a critical security tool for almost all businesses but many companies, even FireEye customers, don\u2019t look to the vendor for other security functions.\u00a0 Its Sandbox will be the core product for FireEye into the foreseeable future, but Helix will be an important adjacent market for the company and its customers.Helix is an end-to-end detection and response system designed to surface unseen threats and empower expert decisions with frontline intelligence.\u00a0 It collects event data from FireEye and non-FireEye components of a security infrastructure and overlays frontline intelligence, rules and analytics to give organizations the context to determine which threats present the greatest risk and how to subsequently respond.\u00a0 From within a single interface, Helix facilitates all SOC functions including alert management, search, analysis, investigations and reporting.\u00a0Understanding the value of the platform requires believing the following statements about how things have changed and why a different type of intelligence solution is needed.1. Most security teams have a lack of visibility into new attack vectors and the blind spot is getting bigger.\u00a0 Traditional security is based on a bigger and stronger moat to keep the bad guys out.\u00a0 This sounds reasonable, but today fewer breaches are occurring at the perimeter.\u00a0 One telling stat from a ZK Research\u00a0survey of 1,500 technical and business decision makers and influencers in the U.S. and Europe is that 90% of security spend is for perimeter protection but only 27% of breaches happen at that point. (Disclaimer: I am the founder and principal analyst of ZK Research). The bad guys aren\u2019t stupid and they know that breaking through a state of the art, next generation firewall is very difficult, so why try?\u00a0 Instead it\u2019s easier to focus on more targeted attacks and focusing on applications or users.\u00a0 If you\u2019re looking for more proof, consider all of the highly publicized breaches over the past few years.\u00a0 Target, Sony, Ashley Madison and others were all non-perimeter based breaches.\u00a0 Better visibility would likely have caught these or at least minimized the \u201cblast radius\u201d.2. Security is becoming exponentially more difficult.\u00a0 I call this the \u201casymmetric security challenge\u201d where businesses need to protect an increasing number of entry points but cyber criminals only need to find one way in.\u00a0 Reactive, signature-based systems were effective in the past but are too slow today.\u00a0 However, most threats are slight variations on past ones, so a solution built on the right intelligence should be able to spot new threats much faster than a reactive system can.3. More isn\u2019t better. In security, more isn\u2019t a good thing, whether its more tools, alerts, data or whatever else.\u00a0 Another interesting factoid from the ZK Research\u00a0survey cited above is that the average number of security vendors enterprises need to manage is 32, and I\u2019ve never heard a CISO say that when they get to 33, they\u2019ll feel more secure.\u00a0 Because security methodologies rely on manual processes, having more discrete tools just drives complexity up by adding to the volume of alerts and data that most security teams already can\u2019t process fast enough.\u00a0How Helix helpsFireEye Helix integrates security information from FireEye\u2019s own network and endpoint security products as well as third-party security products and uses machine learning to put that data in context.\u00a0 I understand that many security vendors are now using machine learning to \u201cconnect the dots\u201d in the massive amounts of data that exist, but FireEye also has added expertise and analysis from the Mandiant team.\u00a0 Recall that Mandiant rose to prominence in 2013, prior to being acquired by FireEye, when it released a report that implicated China in cyber espionage targeting the U.S. and other countries.\u00a0 It\u2019s this combination of machine learning and Mandiant expertise that FireEye claims gives it a competitive edge.\u00a0 The product looks for hidden patterns and anomalies in the data to find non-malware based threats.\u00a0 These are attacks in which the hacker uses existing software to execute malicious activities.\u00a0[ Related:\u00a0Fileless attacks explained: How hackers invade systems without installing software ]\u00a0From a security operations perspective, Helix's value is derived from the unified console that shows everything that warrants a closer look.\u00a0 The possible threats can be diagnosed and forensics can be done directly from the console instead of having to send people out to visit each desktop, saving thousands of man hours over the course of the year.\u00a0\u00a0 The dashboard can be customized for each environment as well so there\u2019s no need to view extraneous information.\u00a0 This is significantly different than some of the SIEMs that show pages and pages of data that take Ph.D.-level skills to decipher.\u00a0 The visual dashboard also makes it easier to comply with regulations like PCI and HIPAA.\u00a0As the Investors Business Daily article pointed out, Helix is important to the future growth of FireEye stock, but this is only possible because Helix is an intelligence-based platform that enables its customers to find threats faster and then diagnose and remediate against them faster than legacy signature-based solutions.