Start-up FireEye debuts with ‘virtual-machine’ security approach

Start-up FireEye made its debut, announcing plans to ship a switch-based network-access control appliance next month that will let customers identify network-borne malware and attacks in order to quickly contain them.

Start-up FireEye made its debut last week, announcing plans to ship a switch-based network access control appliance next month that will let customers identify network-borne malware and attacks in order to contain them quickly.

Ashar Aziz, the firm’s CEO, founded the company after a 12-year engineering career at Sun. He says FireEye’s NAC appliance, as yet unnamed, will make use of what FireEye calls its virtual-machine technology to identify attack traffic.

This approach entails duplicating the desktop and server operating systems and applications within the FireEye appliance as a virtual CPU, and analyzing how traffic passing through a managed switch might affect it.

“The idea is to model vulnerability to malware,” Aziz says about the virtual-machine approach. Only Avinti, a start-up funded by Symantec and two venture-capital firms to detect unknown keyloggers and Trojans in e-mail, is known to be applying the virtual-machine concept in similar fashion in its iSolation Server.

Aziz says the technique will be effective at the network level to identify quickly incoming malware or attacks that might disseminate in an enterprise.

If the FireEye appliance determines network traffic is harmful, it can direct a switch to take action. “We can then shut down the ports or quarantine the device,” Aziz says.

The FireEye appliance isn’t an in-line device, so it doesn’t block packets, but it will let network managers isolate LAN segments to protect them from attack or isolate infected machines at an early stage before a threat has been analyzed by the broader security community.

The first version of the appliance will run copies of Windows-based applications, both patched and unpatched, to analyze how incoming traffic might adversely affect them. FireEye also plans support for Linux in the fall.

Aziz, whose background includes founding and then selling start-upTerraspring to Sun in 2002, has confidence that FireEye’s virtual-machine approach will find a corporate audience, even as the market for NAC products mushrooms with vendors announcing new products practically every day.

“You can have your anti-virus up to date and still get infected if there’s a new worm,” Aziz says. “Our model tells you you’re infected through passive monitoring in a virtual-machine environment.”