Three Universities Deploy FireEye Security Appliances

San Francisco State University, Santa Barbara City College, and Connecticut College use FireEye appliances to stop data breaches caused by malware that steals student identity data, misappropriates faculty research, and exploits campus computing resources

March 18, 2009

5 Min Read


MILPITAS, Calif. " March 16, 2009 " FireEye, Inc., the leader in global anti-malware and anti-botnet protection, today announced that San Francisco State University, Santa Barbara City College and Connecticut College have deployed FireEye appliances to preemptively stop data breaches caused by malware that steals student identity data, misappropriates faculty research, and exploits campus computing resources. FireEye security appliances help higher education institutions achieve the delicate balance of maintaining the open networks their students, faculty, alumni and administration need while protecting against malware intrusions targeting valuable data and resources.

"Our college and university customers clearly understand the value of the confidential data and resources housed within their campus networks and they are dedicated to protecting it from theft and exploitation by cyber criminals," said Ashar Aziz, founder and CEO, FireEye. "They are among the growing numbers acknowledging that antivirus and intrusion prevention systems cannot detect the sophisticated, covert attacks happening every day through mainstream Web sites and applications such as Web 2.0, user-generated content sites."

San Francisco State University's IT infrastructure supports over 30,000 students and 3,500 faculty and staff. The university had no prior campus-wide anti-malware protection and selected FireEye based upon the product's advanced ability to protect against zero-day threats, low false positive rate and ease of use. San Francisco State University deployed the FireEye security appliances at the egress point of the campus border to help monitor the entire campus network traffic for malware and botnet activities.

"The FireEye appliance identifies bot-infected computers and detects malware on the campus network, allowing us to take a proactive approach to stop bots before they have a chance to do more widespread damage," said Jack Tse, senior director, network and operations, San Francisco State University. "The FireEye appliance also helps mitigate the possible theft of sensitive and confidential student, faculty and staff data."

Santa Barbara City College made the decision to deploy the FireEye security appliances after a six-week trial uncovered bots that were previously undetected by up-to-date antivirus and other security systems. The college had also evaluated a deep packet inspection device that proved too costly to implement and did not provide the low false positive rate FireEye offered.

"The FireEye appliances accurately found malware immediately, even the smallest intrusions, and detected activity in callback channels initiated from compromised machines," said Jerry Thomas, network specialist III, Santa Barbara City College. "FireEye also eliminated false positives and reduced the syslog numbers, saving me critical man hours. I now have a very high confidence level, when we get an alert from FireEye, we know we have something."

Connecticut College also recently selected FireEye's security solution to fortify defenses against stealthy malware infiltration due to infections outside the campus gateway.

"Connecticut College takes user security seriously and hence, we enforce patches and antivirus on the desktop, and use Firewalls and IDP systems on the gateway," said John Schaeffer, Systems & Server Administrator, Connecticut College. "But because of remote users who are infected outside our gateway, compounded by the reality of spear phishing, zero-day, and targeted attacks, we realize that a signature-based solution does not provide complete protection against today's Web exploits and botnets."

Top Priorities for IT Security within Higher Ed Institutions As the threat landscape evolves so do the countermeasures. Today's universities tend to focus on three key areas to complement their existing security infrastructure and keep pace with today's sophisticated threats: protecting against zero-day attacks, minimizing false alerts, and monitoring for unauthorized outbound callback traffic. Universities are extremely concerned about stopping zero-day threats that target unpatched software vulnerabilities. FireEye's detection approach is very effective against zero-day attacks because it does not rely on a catalog of documented malware or inaccurate heuristics. Meanwhile, traditional intrusion detection systems (IDS) used in even relatively small networks can generate thousands of alerts each day. IT personnel are then tasked with sifting out the real threats from within the haystack of alerts. By eliminating false positives using virtual victim machine analysis, the FireEye appliances allow IT personnel to more efficiently address infected machines without time consuming manual analysis. Lastly, cyber criminals are aggressively using malware featuring call back capabilities enabling an unauthorized 3rd party to remotely control machines unbeknownst to the owner. These callback channels are so effective against traditional network security because connections are initiated by trusted, internal PCs. FireEye's security appliances catch this callback traffic and in doing so uncover potential avenues for data breaches.

About the FireEye Solution The FireEye security appliances and FireEye Malware Analysis & Exchange (MAX) Network service together provide comprehensive anti-malware and anti-botnet protection. FireEye appliances use virtual victim machines to analyze enterprise networks for Web-malware and related bot activities on compromised machines. The FireEye MAX Network is a globally deployed malware discovery and analysis service that provides subscribers with the most current botnet and Web malware intelligence to complement on-premise anti-malware security appliances. It catalogs and disseminates security intelligence such as the inbound attack vector as well as the outbound call-back channels used to steal data. This is all derived from malware analyses which are conducted by interconnected networks of FireEye security appliances selectively deployed at service providers around the world. FireEye's solution offers the industry's first complete global and local anti-malware protection to precisely identify, understand, and stop emerging botnet and Web malware threats.

About FireEye, Inc. FireEye, Inc. is the leader in anti-malware and anti-botnet protection, enabling organizations to protect critical intellectual property, computing resources, and network infrastructure against Web malware and botnet infiltration. Today's most damaging attacks are perpetrated through Web malware that forms into highly organized botnets, or networks of remotely controlled, compromised machines. FireEye delivers a complete solution that is designed from the ground up to detect and protect organizations from advanced Web malware and botnets through global and local intelligence and analysis. The company is backed by Sequoia Capital, Norwest Venture Partners, JAFCO, SVB Capital, DAG Ventures, and Juniper Networks. For more information, contact (408) 321-6300 or email: [email protected]. Visit us at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights