FireEye [NASDAQ: FEYE]: Unlocking Deep Threat Intelligence

FireEye [NASDAQ: FEYE]: Unlocking Deep Threat Intelligence

Kevin Mandia, CEO, FireEyeKevin Mandia, CEO The eight square miles of the most densely populated borough of New York City, Manhattan marks the towering testaments of a bunch of retail skyscrapers creating an immersive shopping experience for the customers. But behind the scenes of making the experience enjoyable, the retailers have to hop many hurdles. While inventory management used to be the most elevated obstacle, that white whale has been replaced with risk management—thanks to the emergence of various payment technologies. As retailers test and adopt more payment technologies, they are facing a more acute need to protect their customers’ data. And while retailers adopt technology-enabled stringent security strategies and models, cyber-attacks of grievous nature exists even today.

The average annualized cost of cyber-crime of U.S. organizations has been estimated around $11.6 million per year. “The problem is the asymmetry in cyberspace,” says Kevin Mandia, CEO, FireEye, a Milpitas, CA-based cybersecurity firm. “We’re getting sucker-punched pretty bad.” Not only monetary, but breaches also ebb organizations off their reputation. In fact, cyber security needs to be built in, not bolted on as an afterthought. Transforming the cyber security landscape, FireEye [NASDAQ: FEYE], an intelligence-led cybersecurity company, blends machine learning and cloud computing to combat today’s advanced cyber attacks. Poised at the intersection of the cybersecurity universe and distinct technological domains, FireEye offers a unified combination of intelligence, technology, and expertise to protect retailers from every critical issue that arise before, during, and after the attack.

Dynamic Threat Protection

FireEye detects malicious attacks, share fresh intelligence across the networks of all of its customers in near real time, and gets better the more people use it. The company’s solutions answer many of the CIO and CTO concerns about handling the modern malware that pose a grave threat to the overall functioning of enterprises.

The FireEye Threat Prevention Platform provides dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across different stages of an attack lifecycle. It detects the initial attack of the malware that gets embedded into good web traffic, such as web pages, emails, or into some user documents without altering the harmless content. In other words, FireEye starts with a bunch of weak signals that could or could not be pre-cursors of a problem.
It puts these signals into software “containers” that keep them isolated from other resources while studying their behavior. Once the threat becomes evident, the security software sets up a virtual execution environment to safely ‘detonate’ the malware in the safe confines of a virtual environment. Ashar Aziz, founder, CTO and Chief Strategy Officer of FireEye, explains that the technology works as “King’s tester”—if there is a malware attack, it will infect the virtual machine without taking down the corporate network. FireEye’s product can then reconstruct the attack and make its details available to the customers.

FireEye Helix is a revolutionary approach that is built on our best-in-class detection solutions, creating the first intelligence-led platform

Also, malware forensics can be shared by all FireEye systems through a ‘protection’ cloud network. The malware knowledge repository gets smarter at a faster rate as more systems are involved. The sharing of machine learning enables the protection of the rest of the system before they get hit. Participants do not have to wait for an updated virus detection file to be installed for protection. This reduces the window of vulnerability during day zero of an attack.

Security-as-a-Service Approach

Predicting that technology alone is not adequate to fight against cyber attackers, the FireEye aims at addressing the whole security operations lifecycle through their Security-as-a-Service approach, surpassing the capabilities of traditional security products. This approach extends its search to monitor, simplify, and augment the current security operations of the organization to deliver the best security measures needed, whether it is a public cloud, private cloud, on-premise or hybrid environment, in the network, or at the endpoint. By unifying organizations’ alerts under FireEye as a Service (FaaS), the firm is building the first piece of a Security-as-a-Service revolution to reduce the time it takes to detect security breaches and respond to them, minimizing the overall impact.

Recently, FaaS identified a spear-phishing campaign that targeted personnel from several organizations who are a part of the United States Securities and Exchange Commission (SEC) filings. By identifying the loopholes in the infrastructure with related Tools, Tactics, and Procedures (TTPs), FireEye was able to notice that this campaign was associated with a ‘financially motivated’ threat group.

Tracked by FireEye as FIN7, the threat group selectively targets victims and uses spear-phishing to distribute its malware. Further, the firm observed that FIN7 attempted to compromise the security of various other organizations by deploying point-of-sale malware against the retail and hospitality industries.
To that end, FireEye implemented a Community Protection Event—FaaS, Mandiant, Intelligence, and Products to secure all clients affected by this campaign.

The Milpitas, CA-based company’s Advanced Threat Intelligence gives access to threat data and analytical tools that assist in identifying attacks and providing context about the tactics and motives of specific threat actors. This repository enables organizations to implement an adaptive security model, to quickly detect and counter breaches as they occur.

Additionally, FireEye’s Helix platform significantly reduces the effort, time, and cost connected with managing low-quality security products or false alerts from traditional security solutions, such as next-generation firewalls and intrusion prevention systems. “FireEye Helix is a revolutionary approach that is built on our best-in-class detection solutions— creating the first intelligence-led platform that enables simple, integrated and automated security operations from the cloud or on-premise,” explains Kevin Mandia, CEO and Board Director, FireEye.

An Eye on the Future

FireEye has emerged from a year of change, rolling out new security offerings, making multiple acquisitions and facing the effects of an increasingly competitive security market. However, company executives said partners and customers can expect to see more change in 2017, with new products, go-to-market strategies, and marketing initiatives.

"FireEye offers a unified combination of intelligence, technology, and expertise to protect an organization from every critical issue that arises before, during, and after the attack"

FireEye boosted FireEye as a Service in 2016 with a new security operations center in Tokyo. The company will look to continue building on FireEye-as-a-Service in 2017, with enhanced features around compliance, community protection to correlate attacks or attack vectors across customers in retail industry, continuous guidance, and new MSSP partnerships.

Furthermore, in November 2016, FireEye unveiled the upcoming launch of its new Helix platform. With multitenant features for MSSPs, lower total cost of ownership, unified security operations, faster response and easy upsell opportunities, Helix is now ready for early adopter customers and presents a significant opportunity for the firm’s partners. FireEye expects to add automated correlation and enhanced guided investigations, cloud-based HX and CMS servers, basic orchestration, and PCI reports in the first quarter. Later in the year, the firm plans to officially launch Helix generally, upgrade SKUs with additional tiers, additional orchestration, and IR use cases. Partners can expect to see chat bot analysts on demand, on-premise orchestration integration, case management, and UBA features in the fourth quarter, as well as a CMS replacement and on-premise offering. “I feel like it’s morning at FireEye again,” CTO Grady Summers said in a keynote at the company’s Momentum 2017 Sales Kick Off event in New Orleans this week. “I don’t think we’ve gone into a year with as much cool stuff as we have now, this is a really neat time at FireEye.”
- Shiv Shanker
    June 13, 2017