Q: While CIOs understand the need for securing the perimeter, applications and infrastructure, the biggest concern is on user policy and management. How can FireEye help ensure nobody crosses the line between secure practice and ignorant yet unfortunate breach?
Aided by their targets' porous defences and unwitting end users, today's cybercriminals are able to deliver advanced malware that exploits systems and enables a range of malicious activities. Much of this advanced malware is being delivered via emails with malicious file attachments.
As an external partner, we can't enforce internal policies. However, through our research and by sharing this with our partners and customers, we contribute to constantly raise awareness for malware attacks.
As an example, we just published a report that shows the most popular file names used in spear phishing attacks to successfully compromise enterprise networks and steal data. We were looking at the nature of the files cybercriminals are distributing, specifically those that are effectively bypassing traditional security defences such as firewalls, next-generation firewalls, intrusion prevention systems (IPS), anti-virus (AV), and secure gateways.
Q: All security products out there claim to be able to "catch up" or at least stay in pace with threat developments. Is this an empty promise since you need a threat to surface before you can find the "antidote"?
FireEye has developed real-time, dynamic protections against zero-day, targeted and APT malware without relying on signatures. We provide this through a multi-stage, Virtual Execution (VX) engine that combines deterministic analyses with deep packet inspection within instrumented virtual machines. The VX engine acts as a Petri dish of sorts, confirming whether or not suspicious code actually infects a system while also eliminating false positives.
Our differentiating factor is that our solution combines a system that can minimise missed attacks with a system that eliminates false positives, allowing us to approach our ideal analysis engine, namely one which does not miss zero-day attacks nor produce false alerts.
This multi-stage analysis also enables the programmatic capture, fingerprinting and blocking of zero-day malware and its unauthorised outbound callbacks to criminal command and control (C&C) servers.
Q: It takes a thief to catch one, so goes the saying. How does FireEye stay ahead of the cybercriminals — by being one too? How would you debunk this "conspiracy" theory?
FireEye has deployed its cyber crime fighting systems and services to over 60 government customers and agencies, including the U.S. Department of Defense and the intelligence community.
Amongst other accomplishments in recent months, FireEye has even worked with the FBI "to help bring down botnets," groups of computers controlled by cybercrooks, such as Rustock and Grum.
Among other partner agreements, FireEye has a strategic investment and technology development agreement with In-Q-Tel, the independent strategic investment firm that identifies innovative technology solutions to support the missions of the U.S. Intelligence Community.
These cooperations are testament for the great trust we have within the cyber security community and especially with governmental intelligence and defence agencies around the globe.
Sign up for Computerworld eNewsletters.