Pressure Cooker: 10 Ways FireEye Is Driving Back Security Competitors

FireEye Attempting To Set A New High-Water Mark

FireEye was among the first to come to market with its line of virtual sandboxing appliances designed to detect advanced threats. The company embraced systems integrators, regional solution providers with networking security expertise and security consultancies to rapidly build out its customer base. But competitors -- namely Palo Alto Networks, Check Point Software Technologies and pure-play vendor Lastline -- were quick to respond with their own advanced threat detection appliances and services. In an interview with CRN, FireEye channel chief Steve Pataky explained the company's global strategy moving forward and pledged that it would continue to rely on the channel to fuel growth. To further differentiate itself, Pataky said FireEye is leveraging the services arm associated with its $1 billion Mandiant acquisition, expanding Mandiant services globally and working with ISPs and telecoms to fuel growth. CRN pulled together 10 reasons why the company believes it is ahead of other security industry challengers.

1. Maturing Partner Program

FireEye's Fuel Partner Program is much more mature today than it was a year ago, Pataky said, and emphasizes fewer partners at the Platinum and Gold levels. Deal registration was overhauled and new baseline discounts were put in place with a lot of additional stack discount to add value, he added. Partners earn 15 extra points when registering new deals. A partner that also does a proof-of-concept and can handle more technical components of a deal get discounts on top of the registered opportunity. Handling the quote-to-cash component of a sale earns a partner the maximum discount. FireEye saw a 300 percent increase in deal registration from partners. An online learning environment called Fuel Station was added and partner portal access was opened up to all employees at a partner organization, according to Pataky.

2. Channel Expansion

FireEye is adding partners and, with very few exceptions, all of them are true security practitioners, Pataky said. The number of new partners increased from 127 in 2012 to 992 in 2014. Business with the top 10 partners increased more than 60 percent from a year ago, he said.

Despite building out its partner base, FireEye is still expected to lose money. Last week, the company reported that third-quarter revenue missed analyst expectations, reporting $114.2 million compared with expected revenue of $116 million. Executives told Wall Street last week that its expected loss per share in 2014 is projected at $2.05 to $2.15. But FireEye CEO Dave DeWalt said the company's subscription services should drive growth over the long term.

3. Managed Services Expansion

FireEye inked a deal with Verizon to partner on managed security services, and Pataky told CRN the company is looking to further expand with MSSPs of all sizes. The deal enables Verizon to jointly target the enterprise with a managed mobile security services suite based on FireEye's Mobile Threat Prevention platform. "We already have a history of collaborating with Verizon in the field and this agreement solidifies our engagements and enables our joint go-to-market efforts at a new level," Pataky said. FireEye also unveiled a deal in October with Singapore Telecommunications as part of its international expansion efforts. The SingTel partnership gives FireEye access to security operations centers in Singapore and Sydney, Australia, and training and marketing programs. SingTel is investing $50 million to build out its offerings as part of the partnership. A similar partnership has been struck with Deutsche Telekom to sell and manage FireEye services.

4. Broader Midmarket Adoption

FireEye has engaged with Westcon Group and other distributors to penetrate the commercial space with partners, Pataky said. The intent is to encourage distributors to recruit more Silver-tiered partners who may not have a strong security services practice. FIreEye is adding an incentive for recruiting a broad number channel partners, he said. In addition it continues to hold key relationships with IBM, Dimension Data and other large systems integrators.

5. Transforming The MSSP Model

All partners are moving toward managed services at some level, Pataky said. FireEye isn't going to compete with traditional MSPs, telecommunications providers or large services vendors such as IBM because they are in the business of multivendor security device management, he said. FireEye sees opportunity with a lot of those service providers by providing its threat analytics platform to drive a whole level of efficacy within their services practices to reduce the number of alerts to what truly matters, he said. Dedicated managed offers based on the FireEye technologies can provide continuous monitoring , vigilance and protection, he said. Products such as cloud email protection and mobile security can be embedded into service provider offering to add more value, Pataky said.

6. Incident Response, Growing Subscription Model

FireEye's acquisition of Mandiant provided strong incident response services, Pataky said. Most organizations doing incident response are not looking for additional work because there is plenty of breach response and digital forensics work available to them, he said. FireEye grew its professional services revenue to $18.9 million in the third quarter of 2014 from $955,000 in the third quarter of 2013 due to the addition of Mandiant’s incident response business. By owning response, FireEye builds its threat intelligence and increases its relationship with its customers, resulting in strong conversion rates into other FireEye products and subscription-based services. Partners also can sell Mandiant's risk assessment and security profiling services, Pataky said. Pen testing and implementation services are being dropped from the portfolio.

7. FireEye-as-a-Service Offering

Managed defense, one of Mandiant's subscription-based offerings, has been rebranded into a FireEye-as-a-Service offering. It integrates FireEye products together with the managed defense components, Pataky said. The hope is that partners can develop managed services in their portfolio with ongoing protection and monitoring, a mobility or email service available through the partner as a managed offering to customers. The subscription service reduces the initial capital outlay compared with the more traditional purchasing model of spending for on-premise appliances, Pataky said.

8. Zero-Day Detection

FireEye continues to detect new threats, with the number of zero-days in the wild detected by the company at 60. The attacks exploit previously unknown vulnerabilities in widely used software and hardware components. FireEye analyzes the attack techniques and adds protection to its threat intelligence service to block the "kill chain" of a targeted attack. While the number of zero-day threats are low, FireEye and other vendors say they pose the greatest danger, are used by well-funded attackers aiming to gain persistent access to an organization's systems.

9. Endpoint Visibility, Mobile Security

FireEye introduced its endpoint threat protection platform in February to connect alerts identified by its network security appliances to infected endpoint systems. The company takes an agent-based approach, enabling incident responders to address infected systems that are remote. It also added Mandiant's endpoint forensics capabilities. FireEye plans to add threat detection capabilities on the endpoint in the next few months. FireEye's DeWalt told financial analysts that it currently has 3 million endpoints installed. The company expects to have 1,500 customers by the end of the year, he said. FireEye supports Android and iOS mobile devices in a similar way, enabling incident responders to trace the threats detected by its network gear to potentially infected mobile devices.

10. Threat Intelligence

Part of FireEye's market differentiator is its threat intelligence and extensive malware analysis capabilities that it rolls into reports about cybercrime groups and ongoing targeted attack campaigns. The company recently published research tracing attacks against government organizations and other groups to hackers based in Russia. The group called APT28 focuses on collecting intelligence for the Russian government, according to FireEye. DeWalt said the company tracks 400 separate threat actors, a significant increase from about 40 threat actors in 2009. The company has uncovered cyberespionage campaigns conducted by a variety of governments.