10 Things You Need To Know About The $250M FireEye-Verodin Deal
Here's a look at 10 of the biggest reasons FireEye and Verodin came together to automate cyberattack simulations and better measure the effectiveness of an organization's security controls.
Addressing Areas Of Weakness
FireEye announced its biggest acquisition in a half-decade Tuesday with the $250 million purchase of security instrumentation vendor Verodin, which will help provide businesses with the evidence needed to measure, manage, and improve their cybersecurity effectiveness.
The Milpitas, Calif.-based platform security vendor conducted 700 security breach investigations in 2018, and employs more than 150 intelligence analysts across 19 countries that are fluent in 30 languages, according to FireEye CEO Kevin Mandia. Infusing FireEye's threat intelligence into Verodin's automated platform will put customers in a better position to detect attacks before they occur, he said.
"I have no idea how you create great security products when you're blind to the front line of cyber attacks," Mandia told Wall Street analysts Tuesday. "Together, I believe we have the opportunity to disrupt our industry and lead it into the future."
From Verodin's plans to maintain vendor neutrality to the impact on FireEye's existing red team assessment services to how Mandia and Verodin CEO Chris Key met, here's a look at 10 of the most interesting components of the $250 million FireEye-Verodin deal.
10. Verodin Will Help Automate Cyberattack Simulations
Customers increasingly want FireEye to do red-team assessments, Mandia said, where the company's services experts test an organization's security control around critical assets during a realistic attack scenario, Mandia said. In these scenarios, hackers could steal executive or developer emails, break into environments with sensitive customer data, or take control of medical or manufacturing equipment.
FireEye conducted 400 red-team engagements in 2018, but Mandia said these assessments have typically been periodic rather than continuous due to a lack of automation. Verodin's platform will help automate realistic cyberattack simulations in an organization's network, according to Mandia.
9. Verodin's Measures The Effectiveness Of Security Controls Against Attacks
Verodin's security instrumentation portfolio identifies gaps in a customer's security program due to equipment misconfigurations, changes in the IT environment, and evolving attacker tactics, Mandia said. The platform tests against both publicly-known and new threats being discovered on a daily basis to identify risks and rapidly evolve defenses before a breach actually occurs, according to Mandia.
Unlike many other attack simulation companies, Mandia said Verodin shows how automated red team activity is detected regardless of whether it actualizes in a company's firewall logs or shows up in Splunk. Mandia said Verodin excels at connecting alerts to specific activity, as well as prioritizing and triaging if there are multiple security events taking place.
There's no better way to increase the effectiveness of cybersecurity programs than to continually simulate attacks against the network, Mandia said, and modify controls based on new or emerging threats. This is the most reliable and consistent way to measure real cyber risk, according to Mandia.
8. Verodin Helps Clients Get The Most Out Of Prior Investments
Verodin excels at going into new systems and getting them into a secure state by leveraging previous cybersecurity investments, Mandia said. The platform can be delivered on its own, with FireEye services, or through a managed or on-demand approach, according to Mandia.
Given the frequency with which CISOs change jobs and the multiple paths into customer ecosystems, Mandia said clients are increasingly desirous of a way to test their security controls. For this reason, Mandia said FireEye offers security program assessments that provide multi-vendor recommendations around the tweaks businesses should be making inside their infrastructure.
Ultimately, Mandia said the only way businesses can assess the effectiveness of their security posture is by launching attacks. "It's the only unvarnished truth," Mandia said.
7. FireEye Will Infuse Its Threat Intelligence Into Verodin
FireEye plans to embed Verodin in its internal evolutionary process to better protect customers as FireEye gains new intelligence that extends the company's expertise beyond its own products, Mandia said. Verodin can validate and improve the effectiveness of any security product in the environment, Mandia said, while an integration with FireEye Helix will result in stronger security controls.
The acquisition will make it possible for FireEye to weaponize and infuse its threat intelligence into Verodin, and Mandia said it can run on prior, production or development versions of the product. The linkage should make it easier for FireEye to communicate to customers what it's capable of detecting in an automated fashion, according to Mandia.
"All security vendors should know here's what we spot, here's what we detect, and here's where we have blind spots," Mandia said.
6. FireEye Will Use Verodin To Make Its Own Products More Effective
FireEye wants to be able to detect and prevent every attack the company's aware of, and Mandia said Verodin can help the company achieve that goal. Mandia said customers will run Verodin against their email, endpoint, and network security safeguards to get a sense of the different ways to measure the effectiveness of various security products.
FireEye expects to use Verodin to test its own software so that it can be fine-tuned and then adopt proper safeguards, Mandia said. If businesses on the Verodin platform are able to see that FireEye's products have been updated to the optimal security posture, Mandia said the company could see a cross-sell windfall.
FireEye, though, will have to prove itself on Verodin's platform just like every other security vendor, Mandia said.
5. Verodin Won't Cannibalize FireEye's Red Team Assessments
Verodin's automated platform can verify security controls, simulate data leakage in really smart ways, and test endpoint efficiency in a really smart manner, Mandia said. But when it comes to custom applications or the research required to carry out an effective social engineering operation, Mandia said FireEye's red team personnel can go above and beyond what Verodin's platform is able to deliver.
Mandia estimated that Verodin's technology can do between 85 percent and 95 percent of what FireEye's red team personnel do today. Given the long wait time that currently exists for red team simulations, Mandia said this will free red team employees up to focus on more specialized scenarios such as custom applications or complex environments.
Given the extremely high demand for red team services, Mandia said he doesn't see Verodin's technology cannibalizing the company's existing red team business for at least a half-decade, and maybe longer than that.
4. Verodin's Platform Won't Give FireEye Products Favorable Treatment
The Verodin platform helps customers quantify the cyber effectiveness of their entire stack, and Key said it has always been objective and vendor-agnostic. Even though FireEye has its own email, endpoint and network security products, Key said Verodin's platform will continue to be open and provide quantifiable data to customers regardless of the specific vendors in their security stack.
FireEye's Mandiant services business has always been vendor-agnostic as well, and Mandia said Verodin's technology must continue to provide customers with the unvarnished truth. Specifically, Mandia said Verodin's platform will allow clients to evaluate the effectiveness of FireEye's controls as compared with the controls offered by other suppliers.
"The Verodin product is going to have no bias," Mandia said. "It's going to launch what it needs to launch, and it's going to provide unvarnished truth as to those results."
3. Verodin Will Help Make Breach Simulation Simple, Affordable
Other breach and attack simulation providers focus primarily on running attacks and telling businesses whether they could successfully block them, Key said, but typically lack the precise control data offered by Verodin. Verodin quantifies the effectiveness of a company's overall security program by examining the effectiveness of the configurations as well as opportunities to rationalize spending, he said.
Security software testing doesn't happen enough in the industry, and as a result, Mandia said products sometimes aren't doing what users expect them to do. Security-conscious organizations need to go beyond patching, Mandia said, and determine whether the things they're most worried about could actually happen with the technology they have in place.
"If you're out there building bulletproof vests, you ought to test them with bullets," Mandia said. "Once you make this affordable and simple, I think it's then mandatory."
2. Deal Will Expand Reach, Cross-Sell Opportunities For Channel
Between 75 percent and 80 percent of Verodin's sales today are through the channel today, Key said, with the company serving a predominantly North American audience. Becoming part of FireEye immediately provides Verodin with access to a global salesforce, Key said, allowing the company to address overseas demand.
Verodin's channel partners often wrap additional services around the company's software, Mandia said. And making Verodin available through FireEye's global channel will expand their distribution, creating new revenue opportunities for FireEye partners, according to Mandia.
The acquisition should also provide expanded opportunity to cyber insurance providers and law firms that work with FireEye, Mandia said. Specifically, Mandia said Verodin will offer partners new ways of engaging with existing or prospective customers such as providing a health check for an existing product at renewal time.
1. First Meeting Between The Two CEOs Lasted Three Hours
FireEye looked at hundreds of companies, Mandia said, but found that Verodin stood apart in terms of how it implemented, managed and measured security infrastructure. The opportunity to integrate with Verodin would make it possible for FireEye to scale out its red team and security vulnerability testing business through the use of automation, according to Mandia.
Verodin's Northern Virginia headquarters offer FireEye an opportunity to co-locate and take advantage of large opportunities in the region, according to Mandia. Mandia said his first meeting with Verodin CEO Christopher Key lasted for three hours, and motivated him to find a way for the two companies to do business together.
"When I first met Chris, about ten minutes into the meeting, I was like, 'Dammit, this is going to be a long meeting.' Because I liked what I heard, and it was very late at night," Mandia said. "And I knew that we'd have to continue with this."