Tag: FireEye

Microsoft mulls snapping up Mandiant

Microsoft campusMicrosoft is in talks to acquire cybersecurity firm Mandiant after the company has been involved in a game of pass the parcel with other buyers.

Mandiant was acquired by FireEye in 2013 for a deal in excess of $1 billion, but its security product business was then sold to a consortium led by Symphony Technology Group for $1.2 billion in June last year.

Both Mandiant and Microsoft declined to comment on the reports and the talks may not go anywhere.

Vole has been spending a lot on security outfits lately and wrote cheques for CloudKnox Security and RiskIQ last year. To be fair though, it has needed their services having been attacked itself rather too many times of late.

 

Merged McAfee Enterprise and FireEye build Trellix

Symphony Technology Group has unveiled Trellix, an extended detection and response (XDR) provider with a focus on accelerating technology innovation through data science and automation.

The outfit was created by last year’s crossing of McAfee Enterprise and FireEye. The new cyber security firm’s platform combines automation, machine learning, extensible architecture, and threat intelligence.

STG said that with Trellix’s security platform customers can expect bold innovation across the XDR market.

STG managing partner William Chisholm said Trellix will build resilient and confident organisations using something which it calls ‘living security’, which learns and adapts to protect operations from advanced threats across multiple attack vectors.

FireEye flogs its products business

Security outfit FireEye is selling its products business and the FireEye name to private equity firm Symphony for $1.2 billion.

The company, which will have to be renamed, will retain its Mandiant cyber forensics division but will part with its cloud security, networking, and email products as well as the name.

The new entity will keep the name Mandiant Solutions which was created by FireEye CEO Kevin Mandia, integrated into the broader FireEye portfolio and became a key segment.

Mandia said the sale of the broader FireEye portfolio to private equity will help to grow the Mandiant Solutions business, which FireEye claims has established its position as the market leader in threat intelligence and security expertise.

FireEye has its first quarterly profit

Sauron_eye_barad_durCybersecurity vendor FireEye has reported its first-ever quarterly profit since 2013.

For the three months ending 31 December 2017, FireEye saw a year-on-year revenue increase of 10 percent to $202.3 million with an operating loss of $65.8 million.

With the numbers adjusted, the vendor reported a non-GAAP operating profit of $2.9m.FireEye CEO Kevin Mandia said: “In February 2017 we said FireEye was committed to achieving non-GAAP operating profitability in the fourth quarter and a return to growth by the end of the year; I’m proud to tell you we accomplished what we said we would do.”

“To put this performance into context, from Q1 of 2014 through [to] the second quarter of 2016 we posted ten consecutive quarters of non-GAAP operating losses between $45m and $80m. We worked hard over the last six quarters to be much more efficient and to return to growth.”

Mandia said that FireEye’s end-point protection, threat intelligence and Mandiant services arms all had their best quarters, and singled out the channel as playing a pivotal role in the improved financial performance.

“We have also worked hard to improve our channel relationships, which is enabling us to reach new markets and achieve gains in our operating leverage… I am pleased to see our channel business increasing and believe we will see continued improvement in our channel.

“We continue to innovate to provide better products to the channel. We continue to price more appropriately for the channel, and we are also adhering to a consistent process with our channel and partners to provide better enablement and make doing business with FireEye simpler, more profitable, and consistent.”

FireEye denies hack details

wargames-hackerSecurity outfit FireEye has denied that its corporate network was hacked last week after one of its employees had his or hers social media account hacked.

Apparently the employee’s LinkedIn account was seemingly taken over by the hacker, who posted a series of messages claiming they had hacked the victim’s emails and contact lists.

But after a six-day examination FireEye said the hacker’s claims were false, but admitted that three corporate documents were obtained and two customers were compromised through the victim’s personal accounts.

Writing in his bog FireEye’s Steven Booth said: “The attacker did not breach, compromise or access our corporate network, despite multiple failed attempts to do so.

“The victim supports a very small number of customers. Two customer names were identified in the victim’s personal email and disclosed by the attacker. We believe these are the only two customers impacted by this incident.”

Booth added that the employee’s online credentials had been released into the public domain through eight security breaches of third parties in the past, including LinkedIn.

All documents exposed by the hacker in this instance, minus the three referenced above, were already in the public domain, according to the vendor.

Booth added that other documents released by the hacker were manufactured screen grabs that “falsely implied successful access to our corporate network”.

Digital forensics market has five key players

five peopleThe global digital forensics market is consolidated with top five players holding more than 40 percent of the overall market in 2016, according to Transparency Market Research (TMR)

In a new report. Cisco, IBM, Guidance Software, FireEye and MSAB have taken control of the market as cyber crime soars.

This conclusion follows a review based on the findings of Transparency Market Research report, which had the punchy title “Digital Forensics Market (Type – Computer Forensics, Network Forensics, Cloud Forensics, Mobile Device Forensics, and Database Forensics; Application – Health Care, Education, Banking, Financial Services, And Insurance (BFSI), Defense And Aerospace, Law Enforcement, Transportation And Logistics, and Information Technology) – Global Industry Analysis, Size, Share, Growth, Trends and Forecast, 2017 – 2025.”

TMR estimates that the global digital forensics market was valued at US$2.87 billion in 2016 and is anticipated to be worth US$6.65 billion by 2025, expanding at a CAGR of 9.7 percent between 2017 and 2025.

Computer forensics stood as the leading type segment in 2016; however, mobile device forensics is expected to overtake in terms of growth due to the increasing demand for mobile device applications.

The regional segments into which the global market for digital forensics is segmented are North America, Europe, Asia Pacific, Latin America, and the Middle East and Africa. Among these, North America, Asia Pacific, and Europe account for major revenue contribution to the global market.

According to the report, growth of cyber threat and attacks is the key factor driving the digital forensics market. In today’s scenario, cyber criminals are causing unprecedented level of disruption by using IT tools as well as cloud services. These cyber criminals follow a planned approach for systematically hacking valuable information from companies, stealing customer and credit card information. The gradual increase of mobile devices that provides access to company applications and different types of data is also posing security problems to safeguard information. These factors are collectively boosting the demand for digital forensics solutions.

The growth of this market is also driven by rising complexities and sophistication in digital crimes. Cyber criminals employ a combination of sophisticated technologies to be successful in their missions. They target individuals as well as businesses and rewards achieved are much greater with security protocols being somewhat lax at the other end. Not only this, cyber criminals use multiple channels and mislead security by a series of attacks that takes off the attention of security personnel from the main crime site.

Increasing use of cloud based solutions and IoT technology is also accentuating the growth of digital forensics market, says the report. The increasing trend of cloud based technology and internet of things technology among consumers for everyday functioning is giving the opportunity to hackers to target the areas of least resistance. Due to this, there is constant threat of information leak posing risk to customer’s privacy and paving way for crime.

However, the growth of the digital forensics market is deterred due to the rising complexities in mobiles. The widespread use of mobile platform for businesses has led to mobile-specific vulnerabilities leading to the use of malware and network-based attacks to expose business data. The growth of this market is also hampered due to lack of industry regulations and professional ethics. This is supplemented by factors such as inadequate training, limited resources, use of outdated equipment, and lack of standard protocol for examining digital evidences that have been documented.

 

Security vendors are happy about WannaCry

drama-masksSecurity companies have seen their share prices rise sharply amid expected increase in spending on IT security after the WannaCry hack

The ransomware attack that disrupted the NHS and businesses around the world has led to a boom in share prices of cybersecurity companies – even the firm used by the health service to protect it against hackers.

Governments and companies expected to increase spending on IT security after being caught out by the attack, cybersecurity firms have seen their stock market values climb sharply over the past two days.

Sophos, a cloud network security specialist which counts the NHS among its clients, have jumped by about eight percent. Of course, it had to make a few changes. The claim on the company’s website that “the NHS is totally protected with Sophos” was changed to “Sophos understands the security needs of the NHS”.

Last week, the company tweeted its “top five tips for securing NHS organisations”. But its shares have been performing well over recent months because of the increased need for cyber defences.

NCC group added five percent to its share valuation and cyber consultancy group ECSC surged 42 percent. ISE, a fund invested in cybersecurity businesses, added nearly four percent.

All this is because corporates have suddenly woken up to the fact that they need to spend some cash on IT security and it is probably a daft idea to keep all those Windows XP machines running for the great unwashed while top execs get Microsoft Surfaces.

Sophos already gives services to the healthcare industry and is looking to increase selling to the sector in the aftermath of the attack.

FireEye’s prices have risen seven percent, Symantec up more than three per cent and Palo Alto Networks 2.7 percent.

The success of the WannaCry hack could make other attacks more likely in the future amid doubts over governments’ ability to secure “cyberweapons” from theft.

Dell’s SecureWorks should get a $1.42 billion IPO

michael-dell-2Dell’s cyber security unit, SecureWorks, could be valued at up to $1.42 billion in its initial public offering, the first major US listing of a technology company this year.

SecureWorks said its offering was expected to be priced at $15.50-$17.50 per Class A share, raising as much as $157.5 million.

It is not the greatest time for SecureWorks to launch. IPO values plunged to a seven-year low in the first quarter, more than halving from a year earlier to $106.6 billion, as worries over slowing economic growth kept investors wary.

However as far as shareholders in SecureWorks are concerned, from such a low base, things can only get better.

Several cyber security firms such as FireEye, Rapid7 and Mimecast have gone public to take advantage of growing investor interest in them after a spate of hacking attacks on companies including major banks and retailers.

However, shares of Rapid7 and FireEye are now trading way below their IPO prices. Mimecast, which jumped 20 percent on its listing day, has also slipped below its offering price.

The Wall Street Journal first reported in October that Dell, the third-largest personal computer maker, had filed confidentially for listing SecureWorks, which it bought for $612 million in 2011.

Founded in 1999, SecureWorks has 4,200 clients in 59 countries.

 

Masque attack hits Apple iOS devices

blue-appleA security firm warned that a vulnerability in Apple’s operating system means apps can be replaced by maleficent apps.

FireEye warned yesterday that all apps could be replaced except iOS pre-installed applications.

The company has verified the vulnerability in various recensions of iOS and told Apple the problem existed as long ago as July 26.  It dubbed the vulnerability Masque Attacks and warned that apps such as banking and email apps can be hacked.

Despite Apple was informed months ago, no action seems to have been taken, which led FireEye to issue an urgent advice notice.

Users can protect themselves by not installing apps from third parties, other than Apple’s App Store.  It also warns people not to install apps from pop up.

And if iOS alerts you with the phrase “untrusted app developer”, don’t trust the app.

There’s more information at the FireEye page, here.

US companies take down Chinese hacker group

1220aAn alliance of US tech companies including Novetta and Microsoft hasbeen targeting the Hikit malware and have worked out a way to disrupt the Chinese cyber espionage gang Axiom’s antics.

Dubbed Operation SMN, the coalition of security companies has apparently given the hackers a Chinese burn after it detected and cleaned up malicious code on 43,000 computers worldwide infected by Axiom.

The effort was led by Novetta and included Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect Intelligence Research Team (TCIRT), ThreatTrack Security, Volexity, and was united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit.

Hikit is custom malware often used by Axiom to burrow into organisations and nick data. It works quietly and evades detection, sometimes for years.

Axiom used a variety of tools to access and re-infect environments including Derusbi, Deputy Dog, Hydraq, and others. Ludwig says, they expanded the group and its scope “so that we absolutely did the best possible job of clean-up and removal” and rolled it all into a Microsoft Malicious Software Removal Tool (MSRT) released Oct. 14.

Novetta thinks that while the MSRT was comprehensive, it may be only a temporary setback for Axiom, which will just work out another way of doing the same thing.

Novetta says it has “moderate to high confidence” that Axiom is a well-resourced and well-disciplined subgroup of the state-backed “Chinese Intelligence Apparatus.”

Axiom has been found in organisations that are of strategic economic interest, that influence environmental and energy policy and that develop integrated circuits, telecommunications equipment and infrastructure.

The target organisations are often related in some way, and once Hikit has burrowed its way into a computing environment, it can create a “mini-network,” communicating laterally with other Hikit installations within the organisation or related outside groups. What makes it difficult to track is that it uses proxies and never communicates with the command-and-control server directly. Hikit talks to companies in such a way that the traffic does not look dodgy.