Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/17/2007
08:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

eEye Ship Not 'Sinking,' CEO Says

Revenues in software and services up 53% over last year, says Kamal Arafeh

eEye Digital Security has had plenty of upheaval this year, with the sudden departure of CEO Ross Brown in April, a round of layoffs and departures of sales and technical staff, and most recently, the quiet exodus of co-founder and CTO Marc Maiffret. (See eEye's Two Releases and Maiffret Says Bye to eEye.)

But in an interview earlier today with Dark Reading, eEye CEO Kamal Arafeh said there's nothing to the most recent speculation that Maiffret has jumped a sinking ship. Talk of problems at eEye resurfaced last week after Maiffret disclosed that he had left the company back in September, and soon will launch a new non-security startup.

Arafeh says eEye's revenue has actually increased 53 percent over the same period last year, and that it has diversified its customer base beyond the government agencies and large corporations it first targeted with its Retina vulnerability scanner.

"We've restructured, and we have a more agile process on the engineering side, and roll out more products on [better] timeframes, and we have more people testing products to make sure they are up to snuff," says Arafeh, the former senior vice president of worldwide sales and marketing who took over the reins after Brown left the privately held company.

Arafeh accepts much of the blame for the slowdown this year on the research side of eEye. He says he had to first get up to speed in understanding just how research could play with the company's products.

"I had to grow professionally to understand that from our customers' perspective," he says. "We are re-emphasizing it... There's more of an emphasis on research today than there was six months ago." Look for eEye's vulnerability research to go more hand in hand with its products, he says.

He says there are still some familiar faces from the company's original research team on board, including Andre Protas, who was recently named director of research and preview services for eEye. Arafeh was unable to divulge any information on the number of employees or the research team, however.

But some security experts argue that eEye has not been in the spotlight much over the past year in public vulnerability research like it was the year before, or in its earlier days.

Why the delayed announcement of Maiffret's departure? Arafeh says there was no single reason. "It was a combination of him being worried that people would make assumptions similar to what's coming out now [and other factors]," he says. "[People] blew it out of proportion."

Maiffret said in an interview last week that he held off on spreading the word about his departure until the transition was complete.

Meanwhile, Arafeh says eEye's main source of revenue continues to be its vulnerability assessment tool, Retina, which represents about 60 percent of its business, and that the company is working on expanding into the small- to medium-sized business market here as well. Next for eEye, he says, are more form factors for its products and technologies, including new services. The company also will roll out solutions in '08 that reduce the amount of time it takes to deploy its VA and Blink endpoint products, Arafeh hinted.

Arafeh also revealed that in the next few weeks, the company will be moving from its home in Aliso Viejo, Calif., to a new headquarters space on the campus of the University of California-Irvine, where companies such as Cisco and Google also have a presence.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • eEye Digital Security

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Commentary
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-23381
    PUBLISHED: 2021-04-18
    This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23374
    PUBLISHED: 2021-04-18
    This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23375
    PUBLISHED: 2021-04-18
    This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23376
    PUBLISHED: 2021-04-18
    This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
    CVE-2021-23377
    PUBLISHED: 2021-04-18
    This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.