Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

5/6/2014
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FireEye To Buy nPulse Technologies

Acquisition will add high-speed, full packet capture technology to FireEye and Mandiant portfolio for detecting and responding to attacks.

Just four months after its high-profile $1 billion acquisition of Mandiant, FireEye today announced that it plans to buy privately held network forensics firm nPulse Technologies for $60 million in cash and the issue of $10 million in stock. The deal is expected to close in the second quarter of this year, contingent upon specific milestones that FireEye would not disclose publicly.

The acquisition of Charlottesville, Va.-based nPulse provides FireEye a big missing piece of the puzzle for rapid detection, mitigation, and cleanup of attacks: high-speed full packet capture of network traffic at speeds of 10 gigabits per second. Full packet capture is considered a crucial, yet not-so widely adopted, practice among enterprises that can make all the difference in minimizing any damage from malware or other malicious activity.

"We didn't have [full packet capture] before; this is a new capability" for FireEye, says Dave Merkel, CTO at FireEye. "The faster we can see a breach and fix it, the greater the likelihood of [minimizing] the impact."

Merkel says the ability to index in near real-time the packet traffic will provide more context to security events "incredibly quickly," he says.

Tim Sullivan, CEO of nPulse, says some existing security tools focus more on the capture of packet than the actual analysis, so investigating what traffic to and from a particular domain means can take as much as 16 to 24 hours to complete. "It's really easy to [capture] packets off the network and stuff them somewhere," he says. But providing context around that information quickly is something that those products have been missing.

"Mandiant has held us to a design goal, a goal of having IR complete in an hour, and that's ours [goal], too," Sullivan says.

[How to keep calm and avoid common mistakes in an incident response operation. Read What Not To Do In a Cyberattack]

The nPulse family of products, which include Cyclone nSpector, Capture Probe eXtreme, and Security Probe eXtreme, help round out FireEye's purchase of Mandiant's host-based endpoint forensics software.

Both Mandiant and nPulse products focus on forensics, but Mandiant's software provides visibility into what's going on inside the endpoint machine, while nPulse focuses on the outside of the machine, Merkel says. "nPulse is looking at what's going on outside the endpoints," he says. "The two platforms together provide a "true end to end forensic view," he says.

He says the combination of FireEye's Threat Prevention Platform, Mandiant's host-based software, and nPulse's full packet capture and indexing of traffic would allow a victim organization to gather intelligence in real-time about an attack, according to Merkel. "If an attack gets through and exploits some credentials and starts logging into other systems laterally... with nPulse, you have a record of that information and can ask questions in real-time, [such as] what systems were accessed laterally?" he says.

Said David DeWalt, chairman of the board and CEO of FireEye: "The new reality of security is that every organization has some piece of malicious code within their network. The more important question is: has that code been able to execute any compromising activity that puts the organization at risk, and if so, what data left the network? With the addition of the nPulse solution, the FireEye platform will have a 'flight recorder' for security analytics. By incorporating real-time breach information from the endpoint and the network, we’re building a single platform to provide the most in-depth attack information and the right data to protect and remediate before a compromise turns catastrophic."

John Oltsik, senior principal analyst for the Enterprise Security Group, applauded the move by FireEye. "Today, enterprises need as much insight into breaches to understand them in tremendous detail," he said. "By combining endpoint and network visibility, FireEye gives security teams the information they require to respond to attacks and remediate threats of advanced attacks quickly with the right intelligence, analytics, and automation."

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 12:20:25 PM
More M&A in the security market?
Based on all the investment activity going on in the IT security market, it would seem that we should also expect a lot of action iin mergers & acqusitions....
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/7/2014 | 12:39:13 PM
Re: More M&A in the security market?
I've been wondering the same thing...while security is hot right now, some companies appear to be struggling, too, so this could be a lifeline for them.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/7/2014 | 1:22:36 PM
Re: More M&A in the security market?
Well, one thing is for sure, there is a lot happening both on the attack surfaces and among all the players in the security market place We definitely live in interesting times...
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
5/8/2014 | 3:00:20 AM
Re: More M&A in the security market?
The Guys at FireEye are conducting a very aggressive strategy that is allowing the company to build one of the strongest company in Security and Intelligence landscape. I had the honor and the pleasure to personally meet The CEO and the high management of the company, sharing their vision and I'm impressed by their foresight.

The acquisition adds a new important piece to the overall puzzle of their capabilities, adding a full packet capture allows FireEye to rapidly react to breach as explained by Dave.

I suppose it is just the beginning!
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31618
PUBLISHED: 2021-06-15
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why...
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...