14 DAY TRIAL // FireEye’s decision to acquire Mandiant appears to be a great one, especially since the company’s market value increased considerably following the move. However, when it comes to the benefits for customers, some say there are still gaps in the companies’ offerings.
When the acquisition was announced, Kevin Mandia, the founder and CEO of Mandiant, noted, “The combination of FireEye and Mandiant will deliver end-to-end protection and meaningful value to customers.”
He added, “By joining FireEye and Mandiant, we will be able to deliver fully integrated products and services that help organizations protect themselves from attacks.”
However, Simon Crosby, co-founder and CEO of Bromium, argues that this is actually a “marriage forged around the idea of compromise.” He says that neither of the companies possesses the capabilities to protect customers from targeted malware.
FireEye has forensic intelligence capabilities that can be used by organizations to detect malware as it enters the enterprise network. Mandiant, on the other hand, has great investigative capabilities and its services are top-class when it comes to helping companies get back on their feet after a major cyberattack.
In addition to the revenue growth, the acquisition also addresses FireEye’s product limitation. However, there’s a problem.
“Neither FireEye nor its acquired Mandiant products prevent compromise of the end point. The FireEye appliance informs the SOC about attacks that it detects entering the enterprise. The Mandiant products inform the SOC about compromised end points, and assist with IR. But neither stops the attack,” Crosby noted.
One of the main issues is that both Mandiant and FireEye solutions rely on detection to determine if the traffic that enters an organization’s network is malicious. Furthermore, even if the attack is identified, remediation can be costly because Mandiant relies on human power, not automated solutions.
“If an end point is attacked and the attack is identified, neither FireEye nor Mandiant can automatically block the attack enterprise-wide. More humans are needed to turn the IOC into rules for the firewall, IDS or IPS, or even AV,” Crosby said.