FireEye Stock Sinks As Advanced Threat Detection Competition Gets More Fierce

FireEye is no longer riding high on Wall Street.

The Milpitas, Calif.-based company has been spending heavily on marketing and research and development while it faces pressure from new competitors and is defending itself following lackluster independent testing results in April. Wall Street investors, however, may be running out of patience. FireEye stock is down about 65 percent since its 52-week high of $97.35 and was trading down 6 percent Friday at $32.51.

Nearly every vendor is coming out with products designed to detect so-called advanced threats. and the attention once captured by FireEye and a handful of other vendors has spread to many other security firms, said Scott Fuhriman, a network security expert and vice president of sales and product development at Liberty Lake, Wash.-based TierPoint. Fuhriman, whose company partners with Fortinet, said a recent seminar conducted by TierPoint on advanced persistent threats saw significant attendance.

[Related: Advanced Threat Scare Tactics Don't Sell, Say Solution Providers ]

id
unit-1659132512259
type
Sponsored post

"It may be taking time for the marketing around APT defense to finally catch up to the customer base, but we're seeing a lot more interest in detection," Fuhriman said.

FireEye executives are responding to the increased competition. FireEye acquired Mandiant for $1 billion to add endpoint capabilities, threat intelligence and an incident response services arm. It spent more than $60 million on digital forensics firm nPulse in May. The company also added intrusion prevention capabilities to its platform and now sells threat intelligence and monitoring services. FireEye has consistently proven its efficacy in the marketplace, said Manish Gupta, FireEye's senior vice president of products, in a recent interview.

"I think today we market ourselves as a complementary solution to existing defense measures that customers have," Gupta said. "We do not encourage customers to replace their [antivirus] or their network-based IDS or IPS or email security solution."

Interest continues to grow in FireEye capabilities, including in the midmarket, prompting the vendor to create a new platform to address advanced threats for SMBs, said David Ladley, president and CEO of Park Ridge, Ill.-based systems integrator and FireEye partner Communications Finance. FireEye has been the fastest-growing product in the portfolio, Ladley said, adding that the company has treated its partners well.

"FireEye came to the game early and were sexy and new and do a fabulous job of marketing," Ladley said. "Now everybody is coming into the space with product to treat threat management or zero-day detection with sandboxing, and it's almost a feature now as opposed to just a product."

NEXT: FireEye Technology No Cure-All, Some Partners Say

FireEye's defense of its poor showing in independent testing began when NSS Labsf ound FireEye's Malware Protection System (MPS) appliance "below average" in its comparative group product test. It compared the company against a growing list of other vendors with similar detection technology including AhnLab, Fidelis, Fortinet, Sourcefire (Cisco) and Trend Micro. FireEye disputed the firm's methodology and said it should have used a zero-day exploit to evaluate the detection capabilities of all the appliances.

Ladley and other FireEye partners say the testing incident had little impact on sales, but they admit that the company's technology is no panacea. Sandboxing technologies, designed to analyze suspicious files and identify custom-built or sophisticated malware, are complementary to other network security appliances and emerging endpoint security software, they said.

There is no silver bullet, said Terry Kurzynski, a senior partner at Halock Security Labs, a Chicago-based FireEye partner since 2011 that focuses on digital forensics and security incident response. Kurzynski said Halock Security Labs has identified about two dozen or more different security controls that should be part of a comprehensive malware defense strategy.

"For me it was not good that FireEye had become so successful; it was sweet and sour at same time," Kurzynski said, adding that the success draws more attention from criminals to attempt to defeat it. "If you have a core security control like FireEye in place, it's as close to a silver bullet you can get to defending malware, but you have to have the incident response capabilities in place."

FireEye drew widespread attention following leaked details about the massive credit card breach at retail giant Target in March. The company reportedly missed repeated FireEye alerts triggered when the network appliance detected malware used in the attacks.

Kurzynski said he is increasingly circling back with clients who haven't been able to properly manage the appliance and interpret alerts accurately. "You need to have the proper staff and skills to investigate the alerts going on," he said. "We're now giving them more persistent oversight and management of the system."

Partners also say the Mandiant deal, which gives FireEye a strong services arm, is not disrupting the channel. Kurzynski said Halock Security Labs is bundling in Mandiant's threat intelligence into its services package.

FireEye continues to publish threat research, most recently revealing that it uncovered an Iranian-based crime group waging targeted campaigns against U.S. companies connected to the defense sector and Iranian dissidents. Its Mandiant arm released a report in April analyzing threats in 2013 and concluding that companies need to speed up the time it takes to detect and contain threats on the network.

PUBLISHED MAY 30, 2014