Page 2 of 2
FireEye is getting competition with its sandboxing approach from a variety of security firms, including Lastline, Sourcefire, recently acquired by Cisco Systems, Palo Alto Networks, Zscaler and other vendors that incorporate file detonation technology in a virtual sandbox to help detect advanced malware. The behavioral analysis is being incorporated into Web gateway appliances, intrusion prevention systems and next-generation firewalls, but FireEye's Rob Rachwald said the company's differentiator is its ability to mirror the exact platforms used by a business to trick custom malware that attempts to detect whether it is being tested by antimalware technology.
"We're not using VMware here; we've created a proprietary, purpose-built virtual machine, and that gives us the ability to see the different malware callbacks, improving our detection," said Rachwald, FireEye's senior director of research. "We've built something that is differentiated in the market and proven to be successful."
The technology deserves a look, but it may not bode well with companies attempting to narrow their offerings to make their managed services practice more efficient and profitable, said Eric Hart, co-owner and operations manager at Network Performance Inc., a South Burlington, Vt., provider of networking and security technologies. As a technologist, the sandboxing technology that enables behavioral analysis of suspicious files appeals to Hart, but small and midsize businesses that rely heavily on channel providers may not be ready to invest the time and money it takes to deploy a technology offered in a new appliance, he said.
"We continue to have low-grade irritation with malware, but I don't know that many of our customers would pay for an advanced technology to address it," Hart said. "They would like to see this kind of technology built into their existing firewall."