Cisco Subnet An independent Cisco community View more

FireEye buys nPulse to see deeper into the network

The combination of Mandiant and nPulse, along with its own technology, gives FireEye a broad security framework now that can gather and analyze data from the core of the network to the hand of a user.

This week, FireEye acquired nPulse technologies to strengthen its security platform. FireEye’s security platform is built on the concept that securing a business cannot be done at singular points, as is the case with legacy security platforms. FireEye’s approach is to gather as much information as it can, from sources such as Web, email, mobile devices, and the network, and analyze the data to more accurately find and analyze threats and intrusions.

The accuracy of FireEye’s platform is based on the data that it has to analyze. The more you can see, the more accurate the security. Given that the company ponied up about $70 million ($60 million in cash and $10 million in stock based on milestones) for one of its partners, nPulse technologies is intended to allow FireEye to see more. nPulse was actually a partner of FireEye’s prior to the acquisition, and I’m guessing the value that nPulse provided as a partner led to the purchase.

The product from nPulse processes and indexes network packet data very quickly, as well as providing the capability to query the information to gain visibility into what happened during any kind of breach or intrusion. Without nPulse, customers would have to sift through reams and reams of data and log files and somehow manually correlate the data with the intrusion. Unless you’re Mr. Spock, manual analysis and correlation is almost impossible unless it’s the full-time job of a team of people. Personally, I’d prefer having Spock on staff (the Leonard Nimoy version; no offense to Zachary Quinto) but a tool like nPulse is almost as good.

This acquisition follows up on FireEye’s billion-dollar purchase of Mandient, which gave the company end-point monitoring capabilities. The combination of Mandiant and nPulse, along with its own technology, gives FireEye a broad security framework now that can gather and analyze data from the core of the network to the hand of a user. This “core to hand” breadth becomes more important as mobility continues to be the wave of the future. Additionally, the combination enables security teams to not only detect security activity, but also go back and review why it happened.

This is a much different world we live in today than even a decade ago. The reality is that almost every company has vulnerabilities or malicious code within their walls. The question is whether security professionals have the tools to understand the impact when something does occur. I’ve heard the nPulse solution described as a flight recorder or DVR for security analytics.

As I said at the beginning of this post, you can’t secure what you can’t see, and businesses need as much insight into an intrusion to understand what happened. The combination of Mandiant and nPulse gives security professionals a wider lens to see more and analyze more.

Given the rapid evolution of security, it’s good to see FireEye put some of that money it raised in the IPO to good use by investing in technologies that can strengthen its position in security.

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.