FireEye

FireEye, Inc.
Public
Traded as NASDAQ: FEYE
Industry Computer security
Founded 2004
Founder Ashar Aziz
Headquarters Milpitas, California, United States
Key people
Kevin Mandia (CEO 2016 - ?? )
Products Network security products
Number of employees
~3,200 (2016)
Website FireEye.com

FireEye, Inc. is a publicly listed enterprise cybersecurity company[1] that provides products and services to protect against advanced cyber threats, such as advanced persistent threats and spear phishing. Founded in 2004, the company is headquartered in Milpitas, California. Threat prevention platforms include Network, Email, Endpoint, Mobile, Content, Analytics, and Forensics. FireEye has more than 4,400 customers across 67 countries, including more than 650 of the Forbes Global 2000. FireEye is the first cyber security company awarded certification by the Department of Homeland Security.[2]

USAToday says FireEye "has been called in to investigate high-profile attacks against Target, JP Morgan Chase, Sony Pictures, Anthem and others".[3] Yahoo Finance says FireEye is again the fastest-growing cyber security firm, according to Deloitte.[4]

History

Founding

Kevin Mandia, CEO and Board Director of FireEye at the Vanity Fair New Establishment Summit at Yerba Buena Center for the Arts on October 8, 2014 in San Francisco, California

In 2004, Ashar Aziz, a Pakistani American, founded FireEye with venture capital provided by Sequoia Capital.[5] Aziz, formerly of Sun Microsystems, is the original inventor of the core set of technologies behind the company's main product line, the FireEye Malware Protection System.[6] In 2006, FireEye launched its first product—a switch-based network access control appliance.[7] Major investors include Sequoia Capital, Norwest Venture Partners, Icon Ventures, SVB Capital,[8] DAG Ventures, Juniper Networks, and In-Q-Tel.[9]

In June 2012, former CEO and President of McAfee, Dave DeWalt, joined FireEye as chairman.[10] DeWalt was appointed CEO in November 2012.[10][11]

Expansion and IPO

On September 20, 2013 the company went public on NASDAQ.[12] On December 30, 2013, FireEye acquired Mandiant in a stock and cash deal worth in excess of $1 billion.[13] On May 8, 2014, FireEye acquired company nPulse Technologies[14] for approximately $60 million. nPulse is intended to build on FireEye's ability to detect intrusions in a company's network by making it easier to track the intrusion and better understand its effect on the network.[15]

In May 2015, the company raised its revenue forecast for the year to be between $615 million and $635 million.[16] On January 20, 2016, FireEye announced the acquisition of iSIGHT Partners, a threat intelligence company.[17]

In May 2016, it was announced that Dave DeWalt would step down from his position as CEO and become executive chairman on June 15, 2016. DeWalt is replaced by the company's president, Kevin Mandia.[18] Mandia came on board with the acquisition of Mandiant in 2013.

Products and services

Central Management System

The Central Management System (CMS) consolidates the management, reporting, and data sharing of Web MPS, Email MPS, File MPS, and Malware Analysis System (MAS) into a single network-based appliance by acting as a distribution hub for malware security intelligence.[19]

Dynamic Threat Intelligence

The FireEye Cloud crowd-sources Dynamic Threat Intelligence (DTI) detected by individual FireEye MPS appliances, and automatically distributes this time sensitive zero-day intelligence globally to all subscribed customers in frequent updates. Content Updates include a combination of DTI and FireEye Labs generated intelligence identified through Research efforts.

Cyber actions

2008-2014

FireEye was involved in the forensic investigation against the Srizbi botnet in 2008.[20][21] In October/November 2009, FireEye participated in an effort to take down the Mega-D botnet (also known as Ozdok).[22] On March 16, 2011, the Rustock botnet was taken down through an action by Microsoft, US federal law enforcement agents, FireEye, and the University of Washington.[23] In July 2012, FireEye was involved in analysis[24] of the Grum botnet's command and control servers located in the Netherlands, Panama, and Russia.

In 2014, the FireEye Labs team identified two new zero-day vulnerabilities – CVE-2014-4148 and CVE-2014-4113 – as part of limited, targeted attacks against major corporations. Both zero-days exploit the Windows Kernel. Microsoft addressed the vulnerabilities in their October 2014 Security Bulletin.[25] Also in 2014, FireEye provided information on a threat group it calls FIN4. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies. The group has targeted hundreds of companies, and specifically targets the emails of C-level executives, legal counsel, regulatory, risk, and compliance personnel, and other individuals who would regularly discuss confidential, market-moving information.[26] Also in 2014, FireEye released a report focused on a threat group it refers to as APT28. APT28 focuses on collecting intelligence that would be most useful to a government. Specifically, FireEye found that since at least 2007, APT28 has been targeting privileged information related to governments, militaries and security organizations that would likely benefit the Russian government.[27]

2015

In 2015, FireEye confirmed the existence of at least 14 router implants spread across four different countries: Ukraine, Philippines, Mexico, and India. Referred to as SYNful Knock, the implant is a stealthy modification of the router’s firmware image that can be used to maintain persistence within a victim’s network.[28]

In September 2015, FireEye obtained an injunction against a security researcher attempting to report vulnerabilities in FireEye Malware Protection System.[29]

In 2015, FireEye uncovered an attack exploiting two previously unknown vulnerabilities, one in Microsoft Office (CVE-2015-2545) and another in Windows (CVE-2015-2546). The attackers hid the exploit within a Microsoft Word document (.docx) that appeared to be a resume. The combination of these two exploits grant fully privileged remote code execution. Both vulnerabilities were patched by Microsoft.[30]

In 2015, the FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE-2015-3113). Adobe released a patch for the vulnerability with an out-of-band security bulletin. FireEye attributed the activity to a China-based threat group it tracks as APT3.[31]

2016

In 2016, FireEye announced that it has been tracking a pair of cybercriminals referred to as the “Vendetta Brothers.” The company said that the enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.”[32]

In mid-2016, FireEye released a report on the impact of the 2015 agreement between US President Barack Obama and Chinese President Xi Jinping that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an economic advantage. The security firm reviewed the activity of 72 groups that it suspects are operating in China or otherwise support Chinese state interests and determined that, as of mid-2014, there was an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries.[33]

In 2016, FireEye announced that it had identified several versions of an ICS-focused malware – dubbed IRONGATE – crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. Although Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed to FireEye that IRONGATE is not viable against operational Siemens control systems and that IRONGATE does not exploit any vulnerabilities in Siemens products, the security firm said that IRONGATE invokes ICS attack concepts first seen in Stuxnet.[34]

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player (CVE-2016-4117). The security firm reported the issue to the Adobe Product Security Incident Response Team (PSIRT) and Adobe released a patch for the vulnerability in just four days later.[35]

In 2016, FireEye discovered a widespread vulnerability affecting Android devices that permits local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. FireEye reached out to Qualcomm in January 2016 and subsequently worked with the Qualcomm Product Security Team to address the issue.[36]

In 2016, FireEye provided details on FIN6, a cyber criminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors. The group was observed aggressively targeting and compromising point-of-sale (POS) systems, and making off with millions of payment card numbers that were later sold on an underground marketplace.[37]

2017

In 2017, FireEye detected malicious Microsoft Office RTF documents leveraging a previously undisclosed vulnerability, CVE-2017-0199. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. FireEye shared the details of the vulnerability with Microsoft and coordinate public disclosure timed with the release of a patch by Microsoft to address the vulnerability.[38]

References

  1. Oltsik, Jon. "FireEye Myth and Reality". Network World. Retrieved 2016-10-19.
  2. "FireEye First Cyber Security Company Awarded SAFETY Act Certifications by Department of Homeland Security". MarketWatch. Retrieved 21 May 2015.
  3. "FireEye has become Go-to Company for Breaches". USA Today. Retrieved 21 May 2015.
  4. "FireEye Fastest Growing Cyber Security". Yahoo Finance. Retrieved 2015-11-20.
  5. Mitra, Sramana (January 29, 2009). "Barriers To Innovation". Forbes. Retrieved 2009-11-30.
  6. "Crunchbase — Ashar Aziz". Crunchbase. 2012-07-18. Retrieved 2012-07-18.
  7. Messmer, Ellen (2006-05-02). "Start-up FireEye debuts with virtual-machine security approach". Network World. Retrieved 2010-10-18.
  8. Jose Sevilla (3 August 2015). "Silicon Valley Bank - SVB Capital". SVB Financial Group.
  9. Hoover, J.Nicholas (November 19, 2009). "In-Q-Tel Joins Forces With FireEye To Fight Cyberthreats". DarkReading. Retrieved 2009-11-30.
  10. 1 2 "FireEye Appoints Board Chairman David DeWalt as Chief Executive Officer" (Press release). FireEye. 2012-11-28. Retrieved 2012-11-30.
  11. Robertson, Jordan (2012-11-28). "Former McAfee Chief DeWalt Named FireEye CEO, Aims for 2013 IPO". Bloomberg. Retrieved 2012-11-30.
  12. Geron, Tomio (2013-09-20). "FireEye Founder Banks Hundreds Of Millions In IPO". forbes.com. Forbes. Retrieved 2017-01-06.
  13. Perlroth, Nicole; Sanger, David E. (2014-01-02). "FireEye Computer Security Firm Acquires Mandiant". The New York Times.
  14. "Computer Forensics and Malware Analysis - FireEye". FireEye.
  15. Miller, Ron (May 8, 2014). "FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite". TechCrunch.
  16. Tony Owusu. "FireEye (FEYE) Stock Spikes on Earnings Beat, Increased Revenue Guidance". TheStreet. Retrieved August 4, 2015.
  17. "FireEye Acquires iSIGHT Partners". 2016-01-22. Retrieved 2016-08-07.
  18. "FireEye Names New CEO". Fortune. 2016-05-06. Retrieved 2016-05-06.
  19. "FireEye Forecasts Downbeat Results for Current Quarter; Shares Tumble (NASDAQ:FEYE) - Sonoran Weekly Review". Sonoran Weekly Review. 2016-05-06. Retrieved 2016-05-06.
  20. Keizer, Gregg (November 26, 2008). "Massive botnet returns from the dead, starts spamming". Computerworld. Retrieved 2009-11-30.
  21. Kiriyama, George (November 11, 2008). "SJ-Based Spammer Unplugged". NBC 11 KNTV. Retrieved 2009-11-30.
  22. Cheng, Jacqui (November 11, 2009). "Researchers' well-aimed stone takes down Goliath botnet". Ars Technica. Retrieved 2009-11-30.
  23. Wingfield, Nick (2011-03-18). "Spam Network Shut Down". Wall Street Journal. Retrieved 2011-03-18.
  24. "FireEye Blog | Threat Research, Analysis, and Mitigation". Blog.fireeye.com. Retrieved 2014-04-12.
  25. "Microsoft Security Bulletin Summary for October 2014". Microsoft. Retrieved 21 June 2017.
  26. Sullivan, Gail (2 December 2014). "Report: ‘FIN4’ hackers are gaming markets by stealing insider info". Washington Post. Retrieved 21 June 2017.
  27. Fox-Brewster, Tom (29 October 2014). "'State sponsored' Russian hacker group linked to cyber attacks on neighbours". The Guardian.
  28. Leyden, John (15 September 2015). "Compromised Cisco routers spotted bimbling about in the wild". The Register. Retrieved 21 June 2017.
  29. Goodin, Dan (September 11, 2015). "Security company litigates to bar disclosure related to its own flaws". Retrieved September 12, 2015.
  30. "Acknowledgments – 2015". Microsoft. Retrieved 21 June 2017.
  31. "Security updates available for Adobe Flash Player". Adobe. Retrieved 21 June 2017.
  32. Korolov, Maria (29 September 2016). "Diversified supply chain helps 'Vendetta Brothers' succeed in criminal business". CSO. Retrieved 21 June 2017.
  33. Hackett, Robert (25 June 2016). "China’s Cyber Spying on the U.S. Has Drastically Changed". Fortune. Retrieved 21 June 2017.
  34. Cox, Joseph (2 June 2016). "There's a Stuxnet Copycat, and We Have No Idea Where It Came From". Motherboard. Retrieved 21 June 2017.
  35. "Security updates available for Adobe Flash Player". Adobe. Retrieved 21 June 2017.
  36. Goodin, Dan (5 May 2016). "Critical Qualcomm security bug leaves many phones open to attack". Ars Technica. Retrieved 21 June 2017.
  37. Taylor, Harriet (20 April 2016). "What one criminal gang does with stolen credit cards". CNBC. Retrieved 21 June 2017.
  38. "CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API". Microsoft. Retrieved 21 June 2017.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.