Showing posts with label FireEye. Show all posts
Showing posts with label FireEye. Show all posts

Saturday, October 7, 2017

FireEye updates its Cybersecurity Threat Detection

FireEye announced major new software releases and next-generation hardware to drive drive performance at scale and increase deplyment flexibility. FireEye solutions updated with the new software and next-generation hardware include FireEye Network Security (NX), FireEye Email Security (EX), File Content Security (FX), Central Management (CM), and Malware Analysis (AX). The new releases include:


  • FireEye Network SmartVision is a new capability to address post-breach attacks and insider threats. It leverages a machine-learning framework to detect suspicious lateral threat movements (East-West traffic) and data exfiltration. This capability is designed to provide customers with greater detection and expanded visibility across their perimeter and now network core and servers.
  • FireEye Network (NX) deployments can now burst network traffic to FireEye’s MVX Smart Grid during periods of high-content scanning activity, to address overload and gaps in protection that might otherwise occur. Other new software capabilities include significant updates to alert handling, event change visualization, expanded logging, and overall usability improvements.
  • Fifth-generation FireEye hardware features the latest Intel processors, increased storage and port density. The four models are engineered to deliver throughput from 300 Mbps to 2500 Mbps, replacing existing fourth-generation models that are available until the end of October 2017.
  • FireEye File Content Security (FX) is a new virtual offering that extends FireEye protection further into hybrid IT environments.

Wednesday, January 20, 2016

FireEye Acquires iSIGHT for $200 Million in Cash

FireEye has acquired privately-held iSIGHT Partners, a provider of cyber threat intelligence for global enterprises, for $200 million in cash. The transaction closed on January 14, 2016. Additionally, the former iSIGHT shareholders will have the opportunity to earn an additional amount of $75 million in cash and equity upon the achievement of a threat intelligence bookings target on or before the end of FireEye’s second quarter of 2018.

The iSIGHT intelligence network monitors and mines global cyber threat development and thousands of threat actors. iSIGHT’s nearly 350 dedicated staff includes more than 250 cyber threat intelligence experts across 17 countries, covering 29 languages. iSIGHT has invested nearly $100 million over eight years to build out its cyber intelligence capability.  The company is based in Dallas.

FireEye said the acquisition positions it as the world’s most advanced and comprehensive private cyber threat intelligence operation, with the size and scope of the combined FireEye, Mandiant and iSIGHT cyber threat intelligence capability rivaling the largest intelligence operations in the world.

Customers of both companies will benefit from lower business risk through higher fidelity alerts, context to prioritize threats and the strategic insights to proactively prepare for threats that might target their industry or region. Existing iSIGHT customers will continue to have access to iSIGHT products. FireEye plans to add new intelligence subscription models that include industry vertical specific slices, similar to FireEye’s planned offerings with Visa, so existing and new customers will be able to purchase new threat intelligence products tailored to their organization’s specific threat profile.

FireEye’s existing customer base will see immediate value in their existing subscriptions through increased protection from the iSIGHT intelligence network, which will feed core threat intelligence into the DTI ecosystem that is continually refreshed every 60 minutes.

“This acquisition extends FireEye’s intelligence lead with an offering no one else in the industry can match,” said David DeWalt, FireEye chief executive officer and chairman of the board. “The biggest mistake most people make is thinking threat intelligence is a collection of virus definitions in a shared database. Forward-looking security organizations - from governments to the private sector - know threat intelligence is the key to establishing a robust security posture tuned for the threats targeting each organization. As the cyber operations become integrated with physical, geopolitical and competitive conflict, an intelligence-led approach to security will be key in detecting the most sophisticated threats and responding to them quickly and effectively.”

“Until now, only governments and large enterprises have been able to achieve intelligence-led security, but with the combined resources of FireEye, Mandiant and iSIGHT, we can make the benefits of intelligence-led security available to a broad range of organizations,” said John Watters, iSIGHT’s founder and chief executive officer prior to the acquisition. “We’re bringing iSIGHT together with intelligence teams inside of FireEye and Mandiant that are among the best in the industry, fusing victim-based intelligence with attacker-based, over-the-horizon insights derived from iSIGHT’s global cyber-threat ecosystem. When coupled with the technology and services of FireEye and Mandiant, this intelligence capability is a game changer for the industry and enables an intelligence-led security model that other security companies will be hard pressed to replicate.”

http://www.fireeye.com

FireEye Acquires Mandiant for $1 Billion

FireEye acquired privately held Mandiant in a transaction valued at around $1 billion.  The deal consists of
21.5 million newly issued shares (NASDAQ: FEYE), options to purchase shares of FireEye stock, and approximately $106.5 million of net cash to the former Mandiant security holders.

Mandiant is a leading provider of advanced endpoint security products and security incident response management solutions. It has more than two million endpoints installed globally. The solution is designed to tell a company when it has been compromised and what the material impact of the breach is. The company was founded in 2004 by Kevin Mandiant and is based in Washington, D.C..

The acquisition, which recognizes the ever-increasing intensity of cyber attacks and follows nearly two years of collaboration, creates the industry’s leading advanced threat protection vendor with the ability to find and stop attacks at every stage of the attack life cycle. The transaction closed on December 30, 2013.

The combination of FireEye and Mandiant brings together two highly complementary companies, each a recognized leader and innovator in security, and creates an organization uniquely qualified to meet organizations’ needs for real-time detection, contextual threat intelligence, and rapid incident response.

FireEye offers a purpose-built, virtual machine-based Multi-Vector Virtual Execution (MVX) engine that conducts signature-less analysis atop a patented, virtualization technology purpose-built for security. The MVX engine is designed to provide scalable, accurate, and timely protection across the primary threat vectors - Web, email, file, and mobile.. FireEye now has more than two million virtual machines deployed worldwide, providing real-time, dynamic threat protection to more than 1,500 government, enterprise, and small and mid-sized customers.

Mandiant’s endpoint products are already integrated with the FireEye platform.  The companies have been collaborating for 2 years.

FireEye said the combined organization unifies the critical components required to provide state-of-the-art cyber security: the most complete library of actionable threat intelligence on advanced threats and a product suite that can apply that intelligence to detect and prevent attacks on both the network and on endpoints.

“Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats,” said David DeWalt, chairman of the board and chief executive officer of FireEye. “Together, the size and global reach of FireEye and Mandiant will enable us to innovate faster, create a more comprehensive solution, and deliver it to organizations around the world at a pace that is unmatched by other security vendors.”

http://investors.fireeye.com
https://www.mandiant.com

In February 2013, A highly publicized report from Mandiant, a security consulting firm based in Arlington, Virginia, linked cyber attacks on over 140 U.S. corporations to a specific unit of China's People's Liberation Army.


The report, called "APT1: Exposing One of China’s Cyber Espionage Units," details how it has the PLA's Unit 61398 systematically carried out spear-phishing attacks and stole confidential data from leading companies across multiple industries.  Mandiant claims the widespread attacks are on-going.  

In addition to describing the methodology of the attacks, the Mandiant report provides domain names, MD5 hashes of malware and X.509 encryption certificates associated with the attackers.

Wednesday, November 4, 2015

FireEye Reports Revenue of $166 Million, Lower Billings

FireEye reported Q3 revenue of $165.6 million, an increase of 45 percent from the third quarter of 2014. Billings were $210.6 million, an increase of 28 percent from the third quarter of 2014. GAAP net loss per share was $0.88, compared to a GAAP net loss per share of $0.83 in the third quarter of 2014.

“We delivered a solid quarter of overall growth, with revenue up 45 percent and non-GAAP operating margins and earnings per share well ahead of our outlook,” said David DeWalt, FireEye chief executive officer and chairman of the board.

“While we outperformed on many financial metrics, our billings performance did not meet the expectations we set in late July. The strength evident in our sales to new logo customers, our North American enterprise business and the Asia-Pacific region was partially offset by weakness in Europe.  We believe this was due to a combination of macroeconomic factors, as well as the growing pains of a new organization. Additionally, the third quarter of 2014 included a large, five-year transaction that extended the average contract length to 34 months. This created a difficult year-over-year comparison and impacted our year-over-year billings growth rate as the average contract length declined to approximately 30 months in the third quarter of 2015,” added Berry.

http://www.fireeye.com

Tuesday, September 15, 2015

FireEye Calls Out SYNful Knock - A Cisco router implant

FireEye published a technical overview of SYNful Knock, a stealthy modification of a Cisco router's firmware image that can be used to maintain persistence within a victim's network. The backdoor malware reportedly has been confirmed in a number of router implants spread across four different countries:  Ukraine, Philippines, Mexico, and India.

FireEye warned that this attack vector is potentially severe.

https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html

Saturday, March 14, 2015

NTT Com to Offer Real Time Malware Detection with FireEye

NTT Communications has established a new strategic partnership with FireEye to provide advanced security defense and response capabilities in Japan.

The companies aim to counter highly sophisticated attack groups use custom-malware, compromised credentials and social engineering to bypass traditional signature-based defenses.

NTT Com will offer the complete FireEye product suite via its WideAngle Managed Service, augmenting its existing security capabilities with FireEye’s MVX technology, threat intelligence and expertise to reduce security threats from targeted attacks and advanced persistent threat groups. This includes Real Time Malware Detection "RTMD" to identify previously unknown malware using the FireEye MVX engine, a virtual environment that detects and analysis unknown malware through multiple vectors including, network traffic, email and endpoints. When a threat is identified, RTMD can isolate the malware and block any outbound communication triggered by an attack.

Once an attack is identified, NTT Com will manage the response to determine the extent of an attack and use FireEye Threat Intelligence to help identify if an advanced attack group was involved with the operation. As part of this service, NTT Com will help prevent further damage or data exfiltration in the clients’ ICT environments, this protection extends to endpoints, a common attack vector.

http://www.ntt.com/aboutus_e/news/data/20150312.html


In January 2015, NTT Communications began offering a software security appliance service that can be deployed in a customer’s private cloud, and in the near future via NTT Com’s WideAngle security service for managed security.

The service, which is offered in collaboration with Fortinet, enables the on-demand use of basic security functions, such as cloud intrusion prevention system (IPS) and filtering, for the unprecedentedly fast, flexible and low-cost implementation of security measures.

NTT Com is the world’s first telecom service provider to launch a one-stop service for managed security service using Fortinet’s software security appliance. It is being offered as a new option in NTT Com’s Enterprise Cloud service for mission critical systems.

NTT Com Security (formerly Integralis) introduced its next generation Managed Security Services (MSS) for global enterprises. NTT Com acquired Integralis in 2009.

The enhanced MSS, which is available under the company’s single global brand, WideAngle, is capable of analysing vast amounts of disparate data and distilling it into actionable information that enables businesses to manage increasingly diverse threats and make informed risk management decisions.

The new service has three key building blocks – device management, automated analysis and security enrichment – and is delivered by NTT Com Security experts through its Global Risk Operations Centres (GROC).  The 24/7 service is available in five different service levels.

Friday, January 3, 2014

FireEye Acquires Mandiant for $1 Billion

FireEye acquired privately held Mandiant in a transaction valued at around $1 billion.  The deal consists of
21.5 million newly issued shares (NASDAQ: FEYE), options to purchase shares of FireEye stock, and approximately $106.5 million of net cash to the former Mandiant security holders.

Mandiant is a leading provider of advanced endpoint security products and security incident response management solutions. It has more than two million endpoints installed globally. The solution is designed to tell a company when it has been compromised and what the material impact of the breach is. The company was founded in 2004 by Kevin Mandiant and is based in Washington, D.C..

The acquisition, which recognizes the ever-increasing intensity of cyber attacks and follows nearly two years of collaboration, creates the industry’s leading advanced threat protection vendor with the ability to find and stop attacks at every stage of the attack life cycle. The transaction closed on December 30, 2013.

The combination of FireEye and Mandiant brings together two highly complementary companies, each a recognized leader and innovator in security, and creates an organization uniquely qualified to meet organizations’ needs for real-time detection, contextual threat intelligence, and rapid incident response.

FireEye offers a purpose-built, virtual machine-based Multi-Vector Virtual Execution (MVX) engine that conducts signature-less analysis atop a patented, virtualization technology purpose-built for security. The MVX engine is designed to provide scalable, accurate, and timely protection across the primary threat vectors - Web, email, file, and mobile.. FireEye now has more than two million virtual machines deployed worldwide, providing real-time, dynamic threat protection to more than 1,500 government, enterprise, and small and mid-sized customers.

Mandiant’s endpoint products are already integrated with the FireEye platform.  The companies have been collaborating for 2 years.

FireEye said the combined organization unifies the critical components required to provide state-of-the-art cyber security: the most complete library of actionable threat intelligence on advanced threats and a product suite that can apply that intelligence to detect and prevent attacks on both the network and on endpoints.

“Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats,” said David DeWalt, chairman of the board and chief executive officer of FireEye. “Together, the size and global reach of FireEye and Mandiant will enable us to innovate faster, create a more comprehensive solution, and deliver it to organizations around the world at a pace that is unmatched by other security vendors.”

http://investors.fireeye.com
https://www.mandiant.com

In February 2013, A highly publicized report from Mandiant, a security consulting firm based in Arlington, Virginia, linked cyber attacks on over 140 U.S. corporations to a specific unit of China's People's Liberation Army.


The report, called "APT1: Exposing One of China’s Cyber Espionage Units," details how it has the PLA's Unit 61398 systematically carried out spear-phishing attacks and stole confidential data from leading companies across multiple industries.  Mandiant claims the widespread attacks are on-going.  

In addition to describing the methodology of the attacks, the Mandiant report provides domain names, MD5 hashes of malware and X.509 encryption certificates associated with the attackers.

Some highlights of the widely-cited Mandiant report:
  • APT1 has systematically stolen hundreds of terabytes of data
  • APT1 is believed to have dozens, if not hundreds of human operators.
  • APT1 maintains an extensive infrastructure of computer systems around the world.
  • In over 97% of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.
  • Mandiant observed APT1 establish a minimum of 937 Command and Control (C2) servers hosted on 849 distinct IP addresses in 13 countries. The majority of these 849 unique IP addresses were 
  • registered to organizations in China (709), followed by the U.S. (109). 

Monday, August 5, 2013

FireEye Files for IPO

FireEye, which offers cyber security solutions, filed a registration statement with the Securities and Exchange Commission for a proposed initial public offering of its common stock.

FireEye provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors, including Web, email, and files and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,000 customers across more than 40 countries, including over one-third of the Fortune 100. The company is based in Milpitas, California.

http://www.fireeye.com

See also