Vulnerabilities / Threats // Advanced Threats
5/6/2014
04:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

FireEye To Buy nPulse Technologies

Acquisition will add high-speed, full packet capture technology to FireEye and Mandiant portfolio for detecting and responding to attacks.

Just four months after its high-profile $1 billion acquisition of Mandiant, FireEye today announced that it plans to buy privately held network forensics firm nPulse Technologies for $60 million in cash and the issue of $10 million in stock. The deal is expected to close in the second quarter of this year, contingent upon specific milestones that FireEye would not disclose publicly.

The acquisition of Charlottesville, Va.-based nPulse provides FireEye a big missing piece of the puzzle for rapid detection, mitigation, and cleanup of attacks: high-speed full packet capture of network traffic at speeds of 10 gigabits per second. Full packet capture is considered a crucial, yet not-so widely adopted, practice among enterprises that can make all the difference in minimizing any damage from malware or other malicious activity.

"We didn't have [full packet capture] before; this is a new capability" for FireEye, says Dave Merkel, CTO at FireEye. "The faster we can see a breach and fix it, the greater the likelihood of [minimizing] the impact."

Merkel says the ability to index in near real-time the packet traffic will provide more context to security events "incredibly quickly," he says.

Tim Sullivan, CEO of nPulse, says some existing security tools focus more on the capture of packet than the actual analysis, so investigating what traffic to and from a particular domain means can take as much as 16 to 24 hours to complete. "It's really easy to [capture] packets off the network and stuff them somewhere," he says. But providing context around that information quickly is something that those products have been missing.

"Mandiant has held us to a design goal, a goal of having IR complete in an hour, and that's ours [goal], too," Sullivan says.

[How to keep calm and avoid common mistakes in an incident response operation. Read What Not To Do In a Cyberattack]

The nPulse family of products, which include Cyclone nSpector, Capture Probe eXtreme, and Security Probe eXtreme, help round out FireEye's purchase of Mandiant's host-based endpoint forensics software.

Both Mandiant and nPulse products focus on forensics, but Mandiant's software provides visibility into what's going on inside the endpoint machine, while nPulse focuses on the outside of the machine, Merkel says. "nPulse is looking at what's going on outside the endpoints," he says. "The two platforms together provide a "true end to end forensic view," he says.

He says the combination of FireEye's Threat Prevention Platform, Mandiant's host-based software, and nPulse's full packet capture and indexing of traffic would allow a victim organization to gather intelligence in real-time about an attack, according to Merkel. "If an attack gets through and exploits some credentials and starts logging into other systems laterally... with nPulse, you have a record of that information and can ask questions in real-time, [such as] what systems were accessed laterally?" he says.

Said David DeWalt, chairman of the board and CEO of FireEye: "The new reality of security is that every organization has some piece of malicious code within their network. The more important question is: has that code been able to execute any compromising activity that puts the organization at risk, and if so, what data left the network? With the addition of the nPulse solution, the FireEye platform will have a 'flight recorder' for security analytics. By incorporating real-time breach information from the endpoint and the network, we’re building a single platform to provide the most in-depth attack information and the right data to protect and remediate before a compromise turns catastrophic."

John Oltsik, senior principal analyst for the Enterprise Security Group, applauded the move by FireEye. "Today, enterprises need as much insight into breaches to understand them in tremendous detail," he said. "By combining endpoint and network visibility, FireEye gives security teams the information they require to respond to attacks and remediate threats of advanced attacks quickly with the right intelligence, analytics, and automation."

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/8/2014 | 3:00:20 AM
Re: More M&A in the security market?
The Guys at FireEye are conducting a very aggressive strategy that is allowing the company to build one of the strongest company in Security and Intelligence landscape. I had the honor and the pleasure to personally meet The CEO and the high management of the company, sharing their vision and I'm impressed by their foresight.

The acquisition adds a new important piece to the overall puzzle of their capabilities, adding a full packet capture allows FireEye to rapidly react to breach as explained by Dave.

I suppose it is just the beginning!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 1:22:36 PM
Re: More M&A in the security market?
Well, one thing is for sure, there is a lot happening both on the attack surfaces and among all the players in the security market place We definitely live in interesting times...
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/7/2014 | 12:39:13 PM
Re: More M&A in the security market?
I've been wondering the same thing...while security is hot right now, some companies appear to be struggling, too, so this could be a lifeline for them.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 12:20:25 PM
More M&A in the security market?
Based on all the investment activity going on in the IT security market, it would seem that we should also expect a lot of action iin mergers & acqusitions....
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.