Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

5/6/2014
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FireEye To Buy nPulse Technologies

Acquisition will add high-speed, full packet capture technology to FireEye and Mandiant portfolio for detecting and responding to attacks.

Just four months after its high-profile $1 billion acquisition of Mandiant, FireEye today announced that it plans to buy privately held network forensics firm nPulse Technologies for $60 million in cash and the issue of $10 million in stock. The deal is expected to close in the second quarter of this year, contingent upon specific milestones that FireEye would not disclose publicly.

The acquisition of Charlottesville, Va.-based nPulse provides FireEye a big missing piece of the puzzle for rapid detection, mitigation, and cleanup of attacks: high-speed full packet capture of network traffic at speeds of 10 gigabits per second. Full packet capture is considered a crucial, yet not-so widely adopted, practice among enterprises that can make all the difference in minimizing any damage from malware or other malicious activity.

"We didn't have [full packet capture] before; this is a new capability" for FireEye, says Dave Merkel, CTO at FireEye. "The faster we can see a breach and fix it, the greater the likelihood of [minimizing] the impact."

Merkel says the ability to index in near real-time the packet traffic will provide more context to security events "incredibly quickly," he says.

Tim Sullivan, CEO of nPulse, says some existing security tools focus more on the capture of packet than the actual analysis, so investigating what traffic to and from a particular domain means can take as much as 16 to 24 hours to complete. "It's really easy to [capture] packets off the network and stuff them somewhere," he says. But providing context around that information quickly is something that those products have been missing.

"Mandiant has held us to a design goal, a goal of having IR complete in an hour, and that's ours [goal], too," Sullivan says.

[How to keep calm and avoid common mistakes in an incident response operation. Read What Not To Do In a Cyberattack]

The nPulse family of products, which include Cyclone nSpector, Capture Probe eXtreme, and Security Probe eXtreme, help round out FireEye's purchase of Mandiant's host-based endpoint forensics software.

Both Mandiant and nPulse products focus on forensics, but Mandiant's software provides visibility into what's going on inside the endpoint machine, while nPulse focuses on the outside of the machine, Merkel says. "nPulse is looking at what's going on outside the endpoints," he says. "The two platforms together provide a "true end to end forensic view," he says.

He says the combination of FireEye's Threat Prevention Platform, Mandiant's host-based software, and nPulse's full packet capture and indexing of traffic would allow a victim organization to gather intelligence in real-time about an attack, according to Merkel. "If an attack gets through and exploits some credentials and starts logging into other systems laterally... with nPulse, you have a record of that information and can ask questions in real-time, [such as] what systems were accessed laterally?" he says.

Said David DeWalt, chairman of the board and CEO of FireEye: "The new reality of security is that every organization has some piece of malicious code within their network. The more important question is: has that code been able to execute any compromising activity that puts the organization at risk, and if so, what data left the network? With the addition of the nPulse solution, the FireEye platform will have a 'flight recorder' for security analytics. By incorporating real-time breach information from the endpoint and the network, we’re building a single platform to provide the most in-depth attack information and the right data to protect and remediate before a compromise turns catastrophic."

John Oltsik, senior principal analyst for the Enterprise Security Group, applauded the move by FireEye. "Today, enterprises need as much insight into breaches to understand them in tremendous detail," he said. "By combining endpoint and network visibility, FireEye gives security teams the information they require to respond to attacks and remediate threats of advanced attacks quickly with the right intelligence, analytics, and automation."

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/8/2014 | 3:00:20 AM
Re: More M&A in the security market?
The Guys at FireEye are conducting a very aggressive strategy that is allowing the company to build one of the strongest company in Security and Intelligence landscape. I had the honor and the pleasure to personally meet The CEO and the high management of the company, sharing their vision and I'm impressed by their foresight.

The acquisition adds a new important piece to the overall puzzle of their capabilities, adding a full packet capture allows FireEye to rapidly react to breach as explained by Dave.

I suppose it is just the beginning!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 1:22:36 PM
Re: More M&A in the security market?
Well, one thing is for sure, there is a lot happening both on the attack surfaces and among all the players in the security market place We definitely live in interesting times...
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/7/2014 | 12:39:13 PM
Re: More M&A in the security market?
I've been wondering the same thing...while security is hot right now, some companies appear to be struggling, too, so this could be a lifeline for them.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 12:20:25 PM
More M&A in the security market?
Based on all the investment activity going on in the IT security market, it would seem that we should also expect a lot of action iin mergers & acqusitions....
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35198
PUBLISHED: 2021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2021-23872
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
CVE-2021-23891
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23892
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...