FireEye Myth and Reality

Some tech companies are always associated with their first acts. Dell just acquired my first employer, EMC Corporation, in order to expand its enterprise portfolio yet the company will always be linked with personal computers and its founder’s dorm room.  F5 has become a nexus that brings together networks and applications but will always retain the moniker of a load balancing company.  Bit9 has established itself as a major next-generation endpoint player yet some people can only think of its original focus on white listing.

In my opinion, FireEye shares a similar limited reputation as many security professionals equate the company with a single cybersecurity technology, network “sandboxing,” in spite of its acquisitions, progress, and diversification. This perception seems especially true on Wall Street where financial analysts continue to judge FireEye based upon the number of competitive vendors who offer network sandboxes of their own. 

After attending the FireEye Cyber Defense Summit 2015 this week, it’s clear to me that FireEye has evolved way beyond its stereotypical market image.  FireEye displayed a wide array of products and services in Washington D.C. including:

1.       An integrated enterprise architecture.  Before 2010, enterprise threat defense was all about best-of-breed products but now it’s about comprehensive solutions that integrate best-of-breed products into a common architecture.  FireEye now offers this type of architecture combining network, endpoint, and cloud-based elements.  Aside from cybersecurity functionality, FireEye also announced a number of improvements related to scale, performance, 3^rd party integration, and manageability.  This is exactly what you do when your enterprise customers’ are using your products and services for managing cybersecurity across tens of thousands of IT assets deployed across facilities around the world.

2.       A foundation of threat intelligence. Between its products and IR services, FireEye collects quite a bit of threat intelligence data. FireEye integrates this data with its products for threat prevention and also offers it as a threat intelligence portal for security analytics and threat intelligence sharing.  Yes, other vendors offer threat intelligence as well but FireEye believes that its ace-in-the-hole is its ability to correlate pedestrian threat intelligence around IoCs (i.e. IP addresses, domains, URLs, etc.) to specific cyber adversary groups.  By doing so, FireEye says it has a better understanding than others about the TTPs used by different groups and the steps they take as part of their cyber-attacks.  This is exactly what’s needed to turn raw data into actionable threat intelligence at enterprise organizations.  Oh and speaking of threat intelligence, FireEye also announced a new partnership with VISA to provide products and services that combine the two companies’ threat intelligence for retailers and banks.  I’ll be keeping my eye on this one. 

3.       Managed services for the masses. According to ESG research, 28% of organizations admit to having a problematic shortage of IT security skills (Note: I am an ESG employee). So for every organization that has the skill and staff for threat management best practices, there are lots of others who can’t possibly achieve this goal.  Recognizing this situation, FireEye put together a threat management service offering last year and seems to be capitalizing on the opportunity as it is winning deals and growing managed services revenue.  It is worth noting also that this type of service offering is an especially attractive for the EMEA market where organizations tend to be somewhat smaller than in North America.

4.       Enterprise-class professional services. Mandiant is still the go-to firm for incident response but FireEye’s professional services extend beyond putting out fires.  Many CISOs need help assessing cybersecurity needs and designing threat intelligence defenses offering security efficacy and operational efficiency.  FireEye is picking up incremental business with these types of services working with extremely large customers. 

I know FireEye pretty well but even I was surprised by the R&D effort going on at the company.  Clearly, FireEye understands that network sandboxes alone are no match for sophisticated cybercriminals and well-resourced nation states so it is investing heavily to give its customers a fighting chance against the badest of the bad guys.

Yeah I know, FireEye isn’t the only company offering threat management products and services, some competitors do offer strong alternatives, and of course the company has to continue to execute on product development and go-to-market strategy.  That said, there are only a handful of cybersecurity companies in the world who truly understand the offensive capabilities of cyber-adversaries and are focused on building a defense-in-depth architectural countermeasures that can protect enterprises at scale. 

Calling FireEye a sandboxing company is like calling Ernest Hemingway a writer.  Neither label does its subject justice.