Jan 30, 2009 (07:01 PM EST)
Startup Of The Week: FireEye
Read the Original Article at InformationWeek
FireEye aims to protect enterprises from Web-based security threats, including malware and botnets. The company deploys an appliance on the customer premises that runs suspicious Web and network traffic against a set of virtual computers. It alerts administrators if a virtual computer gets compromised. It also can help IT find PCs that might have malware trying to contact a control server or botnet.
HEADQUARTERS: Milpitas, Calif.
FireEye deploys an appliance at customer sites. The appliance sits out of band but monitors all inbound network traffic. The company combines signatures and heuristics to examine inbound traffic for evidence of suspicious behavior. "We have tuned these algorithms to be highly sensitive, which increases the rate of potential false positives," says Aziz.
To counteract false positives, it captures and replays suspect traffic against a set of virtual machines that run inside the appliance. These VMs imitate full PCs, including operating systems and applications. If a virtual victim gets compromised, the system knows there was an attack on the wire and will alert administrators.
Administrators can share information with FireEye's Malware Analysis & Exchange Network. This network automatically updates other FireEye appliances so that they can identify exploit code without having to run traffic through a virtual machine.
The FireEye system can't block attacks.
FireEye combines concepts from intrusion detection, honeypots, and virtualization to create a new wrinkle for protecting against dynamic malware.
The product's inability to stop attacks may appeal to customers that don't want a startup to be responsible for blocking traffic. However, companies must be prepared to invest the resources into chasing down alerts and remediating exploits. The 4200 isn't a set-it-and-forget-it product.
We'd like to see FireEye more tightly integrate with URL-blocking technology and trouble-ticket systems.