The frequency of high-profile cyber attacks have thrust security companies into the spotlight.
But the reality, according to FireEye Inc FEYE CEO Kevin Mandia, is that these intrusions are and will continue to be commonplace.
“The problem is it is very hard to get over 98 percent efficacy no matter what you do, whether it’s antivirus, which is nowhere near 98 percent effective, whether it’s a firewall — it’s just really hard to get higher than that,” Mandia told Benzinga.
Security gaps will always exist, and breaches are inevitable.
“You cannot solely rely on preventative measures,” Mandia said. “[With] security in mature organizations, people who care about cyber security recognize we’re going to build the wall, but people still always get through. We have to have a ‘detect and respond’ component.”
Managing Public Relations
Misunderstanding of intruder capacities and defense priorities has long translated into underwhelming stock performance for FireEye.
“What the market has always favored is the prevention component, not the ‘detect and respond’ component,” Mandia said. “We own the ‘detect and respond’ component, but we are now getting into prevention as well. We have no choice. It does matter.
“You might as well build the moat to prevent all the attacks you can, but have the motion sensor inside your networks on. Did anybody get across the moat? Is there any evil on the inside, and what can we do about it? So, that’s a transition FireEye is doing, as well.”
The company ultimately intends to take on the unfilled roles of prevention, detection, investigation and response — from the start of a breach to its end.
The Alarm And The Defense
As it is, Mandia likened FireEye to a sort of cyber ADT that not only sounds the alarm on intruders, but takes additional steps to combat them. That, he said, is the model that differentiates FireEye from alarm-only or protection-only competitors.
“Our innovation begins with owning that moment,” he said.
Innovation is equally critical to FireEye’s mission, as are its existing services, and the two arms are generally interdependent.
“You have to respond to every breach that matters with the services component to [see firsthand] how bad actors are invading everybody’s technology,” Mandia said. Then, with a team of engineers and a wealth of information, the company can actively and appropriately innovate.
For this reason, FireEye’s strategy is a defensive one. It begins with the breach and develops products “to withstand the onslaught of the folks coming over the wall in cyberspace.”
Sweeping Up After The Competition
The company is also distinct from others in its feedback loop. The alarm sounds, FireEye reacts, and it incorporates new knowledge into its response system.
“I’ve often wondered how those other companies, the firewall companies — do they even know how companies are being breached?” Mandia said. “Do they even know how they can contribute to the defense of the breaches?”
He said nearly every breach FireEye responds to requires clean-up for alleged competitors that ultimately did not offer comparable services, such as email monitoring.
“I think all the firewall companies are going to have to expand what they do as well if they want to continue to be security companies, but right now I’d largely say they are appliance companies and gate guards, and they don’t help you when something gets through.”
Firewall in particular, he said, is easily evaded by attackers because it is not an adaptive defense.
“A lot of people don’t understand,” he said. “They’ll feel like, wow, 98 percent protection efficacy is great. It’s terrible on the Internet. That’s the reality.”
Nick Donato contributed reporting.
Related Links:
FireEye Will Get Worse Before It Gets Better
FireEye Is Hot After Bank Of America Upgrade
______ Image Credit: By HD061116 (Own work) [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.