Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

5/6/2014
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FireEye To Buy nPulse Technologies

Acquisition will add high-speed, full packet capture technology to FireEye and Mandiant portfolio for detecting and responding to attacks.

Just four months after its high-profile $1 billion acquisition of Mandiant, FireEye today announced that it plans to buy privately held network forensics firm nPulse Technologies for $60 million in cash and the issue of $10 million in stock. The deal is expected to close in the second quarter of this year, contingent upon specific milestones that FireEye would not disclose publicly.

The acquisition of Charlottesville, Va.-based nPulse provides FireEye a big missing piece of the puzzle for rapid detection, mitigation, and cleanup of attacks: high-speed full packet capture of network traffic at speeds of 10 gigabits per second. Full packet capture is considered a crucial, yet not-so widely adopted, practice among enterprises that can make all the difference in minimizing any damage from malware or other malicious activity.

"We didn't have [full packet capture] before; this is a new capability" for FireEye, says Dave Merkel, CTO at FireEye. "The faster we can see a breach and fix it, the greater the likelihood of [minimizing] the impact."

Merkel says the ability to index in near real-time the packet traffic will provide more context to security events "incredibly quickly," he says.

Tim Sullivan, CEO of nPulse, says some existing security tools focus more on the capture of packet than the actual analysis, so investigating what traffic to and from a particular domain means can take as much as 16 to 24 hours to complete. "It's really easy to [capture] packets off the network and stuff them somewhere," he says. But providing context around that information quickly is something that those products have been missing.

"Mandiant has held us to a design goal, a goal of having IR complete in an hour, and that's ours [goal], too," Sullivan says.

[How to keep calm and avoid common mistakes in an incident response operation. Read What Not To Do In a Cyberattack]

The nPulse family of products, which include Cyclone nSpector, Capture Probe eXtreme, and Security Probe eXtreme, help round out FireEye's purchase of Mandiant's host-based endpoint forensics software.

Both Mandiant and nPulse products focus on forensics, but Mandiant's software provides visibility into what's going on inside the endpoint machine, while nPulse focuses on the outside of the machine, Merkel says. "nPulse is looking at what's going on outside the endpoints," he says. "The two platforms together provide a "true end to end forensic view," he says.

He says the combination of FireEye's Threat Prevention Platform, Mandiant's host-based software, and nPulse's full packet capture and indexing of traffic would allow a victim organization to gather intelligence in real-time about an attack, according to Merkel. "If an attack gets through and exploits some credentials and starts logging into other systems laterally... with nPulse, you have a record of that information and can ask questions in real-time, [such as] what systems were accessed laterally?" he says.

Said David DeWalt, chairman of the board and CEO of FireEye: "The new reality of security is that every organization has some piece of malicious code within their network. The more important question is: has that code been able to execute any compromising activity that puts the organization at risk, and if so, what data left the network? With the addition of the nPulse solution, the FireEye platform will have a 'flight recorder' for security analytics. By incorporating real-time breach information from the endpoint and the network, we’re building a single platform to provide the most in-depth attack information and the right data to protect and remediate before a compromise turns catastrophic."

John Oltsik, senior principal analyst for the Enterprise Security Group, applauded the move by FireEye. "Today, enterprises need as much insight into breaches to understand them in tremendous detail," he said. "By combining endpoint and network visibility, FireEye gives security teams the information they require to respond to attacks and remediate threats of advanced attacks quickly with the right intelligence, analytics, and automation."

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/8/2014 | 3:00:20 AM
Re: More M&A in the security market?
The Guys at FireEye are conducting a very aggressive strategy that is allowing the company to build one of the strongest company in Security and Intelligence landscape. I had the honor and the pleasure to personally meet The CEO and the high management of the company, sharing their vision and I'm impressed by their foresight.

The acquisition adds a new important piece to the overall puzzle of their capabilities, adding a full packet capture allows FireEye to rapidly react to breach as explained by Dave.

I suppose it is just the beginning!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 1:22:36 PM
Re: More M&A in the security market?
Well, one thing is for sure, there is a lot happening both on the attack surfaces and among all the players in the security market place We definitely live in interesting times...
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/7/2014 | 12:39:13 PM
Re: More M&A in the security market?
I've been wondering the same thing...while security is hot right now, some companies appear to be struggling, too, so this could be a lifeline for them.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 12:20:25 PM
More M&A in the security market?
Based on all the investment activity going on in the IT security market, it would seem that we should also expect a lot of action iin mergers & acqusitions....
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24288
PUBLISHED: 2021-05-17
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
CVE-2021-24289
PUBLISHED: 2021-05-17
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
CVE-2021-24290
PUBLISHED: 2021-05-17
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
CVE-2021-24292
PUBLISHED: 2021-05-17
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The â€&oe...
CVE-2021-24295
PUBLISHED: 2021-05-17
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via...