FireEye Chief Touts Apple Support, May Broaden Endpoint Detection

FireEye is adding support for Apple iOS devices and Mac OS X systems and may be planning to launch broader endpoint threat detection capabilities, according to FireEye CEO Dave DeWalt.

DeWalt spoke to attendees at the MIRcon 2014 incident response conference, where he touted the Apple support built into the company’s NX series appliances as well as its mobile and analysis gear.

DeWalt also hinted that the company may push more broadly into endpoint detection. The goal, according to DeWalt is to create a malware detection and prevention platform that includes threat analysis and response capabilities and services.

[Related: True Detectives: VARs On The Case As The Need For Incident Response Strategies Gets More Evident Every Day]

Sponsored post

’We’re building out a complete endpoint and network architecture,’ DeWalt said ’This is a global Security-as-a-Service model that is powerful and adaptive in its capabilities and partner friendly.’

Network security vendors are adding more endpoint security components to gain visibility into mobile devices, PCs and servers. Palo Alto Networks unveiled its Traps endpoint security offering last month, differentiating its capabilities from FireEye and other competitors by proactively blocking known malware techniques.

FireEye recently introduced its Security-as-a-Service model that offers customers the ability to choose between paying up front or as a subscription. Customers can also pay for Mandiant’s services team, use an in-house security team or contract with a managed security services provider to monitor and manage its virtual appliances.

New products will always have a channel component, said FireEye channel chief Steve Pataky. Pataky admitted some of Mandiant’s services overlap with some systems integrators and managed service providers, but added that capable solution providers can provide support and services on behalf of FireEye customers.

’Regardless of where we are playing in the product portfolio there will always be a channel play,’ Pataky said. ’We have to figure out if we’re selling into a different decision maker and our job will be to arm partners with the right enablement.’

Mandiant is a services company at the endpoint, while FireEye is at the perimeter which offers benefits to each other, said Rick Doten, chief information security officer at Bethesda, Md.-based mobility solutions provider Digital Management. FireEye is also partnering with vendors at the endpoint to automate response, validate false positives and quarantine threats.

’If I have things that can prevent and then identify the attack, I gain a comprehensive response capability that wins," Doten said.

FireEye’s HX series appliances use agent-based technology to detect malware, isolate compromised devices and triggers an alert for incident responders to investigate threats. The company’s acquisition of Mandiant adds services, but also Mandiant Incident Response (MIR). The endpoint software can sweep endpoint devices and examine live memory for malware, suspicious system behaviors and attacker techniques. The software can also automatically drill down into an endpoint system to gain context about an alert.The company also acquired nPulse Technologies, selling the network recorder to aid forensics investigators.

Brad Wilkins, a product sales manager at Tarrytown, N.Y.-based distributor WestconGroup, said his company is seeing steady sales growth since it added FireEye to its offerings about two years ago. There’s room for further growth in the upper midmarket where companies are adding FireEye in addition to next-generation firewalls, Wilkins said.

’The solution takes a partner with a strong skill set to deploy and maintain them,’ Wilkins said. ’Options are available for SMBs and partners and distributors are rewarded well.’