Startup FireEye has melded VMs with network access control for greater simplicity

2 Min Read

Network access control (NAC) has gotten so complicated, expensive and unmanageable that a new kid on the block wants to sell you virtual machinery to execute a little something it calls "effortless NAC."

Fresh off a Series A round of funding valued at $6.45 million, NAC startup FireEye Inc. says it will help enterprises guard against infected internal users without using quarantines, deploying software agents, or administering policies.

FireEye's 1U-rackmount appliance connects via span port or network tap to an adjacent Ethernet switch. Without obstructing network flow or adding to it, the appliance gets a copy of all traffic traversing that switch. Inside the FireEye appliance, so-called virtual machines replay the traffic, watching how it behaves with various Windows versions and flagging any anomalous reactions that usually signify malware's afoot. Devices exhibiting signs of infection get immediately quarantined till they can be cleaned, says Chad Harrington, VP of sales and marketing for FireEye.

"Other NAC approaches seem to be pretty painful. You have to push out software agents and they are not wildly accurate," Harrington said, adding that there are no software updates required with FireEye's and promising no false positives. "This is what we call effortless NAC -- no tuning or base-lining required."

While there's a user interface that lets IT staff take a closer look, most will prefer to be notified about any VM-detected anomalies via SNMP or email. Customers can also isolate infected users in a quarantined VLAN, blacklist them, or block certain traffic types of switch ports, depending on the nature of the malware's payload.

While there are no commercial customers for the FireEye appliance yet, UC Berkeley is considering putting it behind its Airespace wireless access points. General Motors Corp. also is thinking about installing the appliance in a lab environment, the vendor said. Market researcher Infonetics Research Inc. pegs NAC revenue at almost $4 billion by 2008, up from just $323 million last year.

No other vendor has combined NAC processes with VMs. And while customers aren't rushing to embrace any kind of virtualized network gear these days, the simplicity of FireEye's approach may win some converts, analysts said.

"If FireEye performs as expected, it stands a very good chance of changing the way security and inline defenses operate," said Scott Crawford, senior analyst with Enterprise Management Associates . "They're virtualizing the operation of systems at a very low level, which could redefine the way defenses are placed in the network."

The FireEye appliance will be available later this summer. Pricing hasn't been set, but will fall somewhere between $10,000 to $25,000 per box, the company said.

— Terry Sweeney, Editor in Chief, Dark Reading

About the Author(s)

Terry Sweeney, Contributing Editor

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, Network World, InformationWeek and Mobile Sports Report.

In addition to information security, Sweeney has written extensively about cloud computing, wireless technologies, storage networking, and analytics. After watching successive waves of technological advancement, he still prefers to chronicle the actual application of these breakthroughs by businesses and public sector organizations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights