Presales Lead at a outsourcing company with 11-50 employees
Real User
Top 20
Nov 12, 2025
My main use case for Trellix Helix Connect is to provide an MDR service to our clients. We use Trellix Helix Connect to correlate the alerts and automate the response most often. For example, we use Trellix Helix Connect for MDR services with our clients when we have XDR for Trellix Helix Connect to analyze the alerts and set up the SOAR workflows. It depends on the client needs. In our day-to-day operations, we have the main use case of Trellix Helix Connect which allows us to reduce MTTD and MTTR, and we have the KPIs to support this.
We use Trellix Helix Connect because it is a SaaS solution. I think it has its own infrastructure rather than AWS or another provider. We use the Helix SaaS and a component called Evidence Collector that gets the logs from on-premise infrastructure and sends them to SaaS. I believe everything about Trellix Helix Connect is SaaS-based. We use Evidence Collector which can be installed with the on-premise infrastructure to collect components such as files and IPS. This product receives the logs from the infrastructure and sends the information to Helix.
Senior Value Engineering at a tech vendor with 5,001-10,000 employees
MSP
Top 20
Feb 12, 2025
I am a presales manager for a cybersecurity company, and I use Trellix Helix to manage software for cybersecurity. I sell software to enterprise customers, and my main use case involves data protection, email security, and endpoint security.
Cyber security team lead at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Apr 22, 2024
We use Helix in a very restrictive environment that doesn't allow solutions to be connected to the cloud. Some solutions, like CrowdStrike and some XDR solutions, need to be connected to an external cloud. The same goes for Trellix, but with Helix, we have one option. If we need DDI feeds or IOC feeds from vendors or customers, Helix will provide these IOCs via DDI push from Trellix to our side, even if we haven't faced any incidents.
Sr Manager - Information Security & Researcher at a tech services company with 1,001-5,000 employees
Real User
May 26, 2021
We use it for everything like our logs, data allocation, and ransomware. We basically do malware objects and malware callbacks. I think it's our integration tool. It's our centralized SIEM where we look at all the events, alerts and then do a tryout. The major playbooks that we use are ransomware and phishing campaigns. We basically use it for our PTI-based credit card fraud detection.
The solution is typically used for sub-services, managed detection, and response services as well as advanced sub-services. The solution was managed by the company where I worked and we offered the services to the customer.
Senior technical consultant at Hitachi Systems Micro Clinic
Real User
Top 20
May 14, 2020
We have evaluated great vendors like QRadar, Splunk, and all the big players, but they are certainly lacking at getting all the investigations done properly. With FireEye Helix, if a customer already uses any of the FireEye endpoint solutions, the response part is very fast and the investigation is also very fast. You can do a lot of investigation depending on what that product's like. If you want to clarify something on the endpoint, you have to do it manually but if you are a FireEye customer, you can do it right away. The email security offering around FireEye also directly integrates with your Helix. So if you have to investigate malware you can do it from Helix. It's very powerful and centered on the cloud.
Trellix Helix Connect leverages automation with playbooks and AI, enhancing incident management, data correlation, and reducing response times while easing integration and improving threat visibility.Trellix Helix Connect transforms cyber operations with automated workflows, cutting response times and decreasing analyst fatigue. Its ability to integrate seamlessly with existing infrastructures improves incident handling through advanced AI and data correlation techniques. Quick to implement,...
My main use case for Trellix Helix Connect is to provide an MDR service to our clients. We use Trellix Helix Connect to correlate the alerts and automate the response most often. For example, we use Trellix Helix Connect for MDR services with our clients when we have XDR for Trellix Helix Connect to analyze the alerts and set up the SOAR workflows. It depends on the client needs. In our day-to-day operations, we have the main use case of Trellix Helix Connect which allows us to reduce MTTD and MTTR, and we have the KPIs to support this.
We use Trellix Helix Connect because it is a SaaS solution. I think it has its own infrastructure rather than AWS or another provider. We use the Helix SaaS and a component called Evidence Collector that gets the logs from on-premise infrastructure and sends them to SaaS. I believe everything about Trellix Helix Connect is SaaS-based. We use Evidence Collector which can be installed with the on-premise infrastructure to collect components such as files and IPS. This product receives the logs from the infrastructure and sends the information to Helix.
I am a presales manager for a cybersecurity company, and I use Trellix Helix to manage software for cybersecurity. I sell software to enterprise customers, and my main use case involves data protection, email security, and endpoint security.
It helps prevent web security threats and other things. We use Trellix ePO. We also use Trellix Endpoint Security and DLP encryption.
We use Helix in a very restrictive environment that doesn't allow solutions to be connected to the cloud. Some solutions, like CrowdStrike and some XDR solutions, need to be connected to an external cloud. The same goes for Trellix, but with Helix, we have one option. If we need DDI feeds or IOC feeds from vendors or customers, Helix will provide these IOCs via DDI push from Trellix to our side, even if we haven't faced any incidents.
We use Trellix Helix for protection against network attacks, TLS, and SSL attacks. We also use the solution for user behaviour accesses.
I primarily use FireEye Helix to manage alerts and tickets.
You can use it for everything, incident response, automated responses, alerts, visibility.
It is used for correlating data.
We use it for everything like our logs, data allocation, and ransomware. We basically do malware objects and malware callbacks. I think it's our integration tool. It's our centralized SIEM where we look at all the events, alerts and then do a tryout. The major playbooks that we use are ransomware and phishing campaigns. We basically use it for our PTI-based credit card fraud detection.
The solution is typically used for sub-services, managed detection, and response services as well as advanced sub-services. The solution was managed by the company where I worked and we offered the services to the customer.
We have evaluated great vendors like QRadar, Splunk, and all the big players, but they are certainly lacking at getting all the investigations done properly. With FireEye Helix, if a customer already uses any of the FireEye endpoint solutions, the response part is very fast and the investigation is also very fast. You can do a lot of investigation depending on what that product's like. If you want to clarify something on the endpoint, you have to do it manually but if you are a FireEye customer, you can do it right away. The email security offering around FireEye also directly integrates with your Helix. So if you have to investigate malware you can do it from Helix. It's very powerful and centered on the cloud.