FireEye, a provider of threat prevention solutions, announced on Tuesday that it has agreed to acquire privately-held nPulse Technologies, a provider of network forensics solutions, for roughly $60 million in cash and $10 million stock.
While the acquisition is significantly smaller than the roughly $1 billion deal to acquire mandiant, the technology gained will play an important role in FireEye’s overall product offering.
In an interview with SecurityWeek earlier this year, Tim Sullivan, President and Chief Executive Officer of nPulse Technologies, explained what the company actually does:
“nPulse Technologies does full packet capture. Consider it as a DVR for your network,” Sullivan said.”Say you’re watching a sports event such as soccer and want to see if the players hit a foul or if the ball went above the line – you’d go to the recording to validate. That’s the role we’re providing for security professionals. Security professionals are receiving alerts from firewalls, IDS, IPS and they need to go back in time – from the alert, which is the meta-data, to the actual data which is the packets. We provide the haystack and the tools to extract the needle from it.”
Bringing nPulse into the picture will give FireEye customers visibility into the entire attack lifecycle – from network intrusion to endpoint exploitation and lateral movement.
“If we want a longer term historical perspective on what may have happened with a breach in a network, we’ve got to have that data stored somewhere, but we need to be able to ask questions quickly if it’s going to be effective and useful to a security operations center every day,” Dave Merkel, CTO of FireEye, told SecurityWeek on Tuesday.
“The new reality of security is that every organization has some piece of malicious code within their network,” David DeWalt, Chairman of the Board and Chief Executive Officer of FireEye, said in a statement. “The more important question is has that code been able to execute any compromising activity that puts the organization at risk, and if so, what data left the network?”
When combined with the endpoint products recently-acquired from Mandiant, FireEye says it will be able to offer customers Enterprise Forensics capabilities across both gateway and endpoint nodes.
“With the addition of deep analytic capabilities, FireEye will continue to redefine the security architecture, providing customers with a single security platform that delivers precise alerts with detailed forensic data on the full scope of an attack,” the company said.
nPulse also complements the existing FireEye web and email products by augmenting FireEye’s MVX technology with deep analytics.
Founded in 2006 by Randy Caldejon, nPulse originated as a special high performance computing project for in U.S. Intelligence community, after one of the major Intel agencies askedCaldejonif he could build for them a 10GB full packet capture, according to Sullivan.
Taking just $3 Million in funding since inception, the company has since designed a solution that performs at 10 Gbps full duplex and provides capture, inspection, and exposes indications of compromise within minutes.
In addition caputring to full packet capture at high speeds, nPulse is able to index them in real-time, enabling big-data analytics and rapid search capabilities paired with layer seven visibility.
For the Mandiant services team, the addition of of nPulse’s network forensics solution will result in faster incident response capabilities and enable more detailed data for the Managed Defense service, the company said.
“When we established a partnership with FireEye, our customers immediately realized the value of having comprehensive threat information in one central dashboard,” Sullivan said. “As the security industry evolves, customers are looking for one trusted partner to provide a comprehensive solution that provides threat data as well as a path to remediation. We’re looking forward to joining the FireEye team and helping to transform the security industry.”
Shares of FireEye, which topped $97 per share in early March, have plummeted over the past few months, closing at $37.13 at the close of trading Tuesday.
Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:Microsoft Updates Reports on Software Supply Chain Security, Critical Infrastructure ProtectionFireEye to Acquire Network Forensics Firm nPulse Technologies in $70 Million DealIBM Unveils New Threat Protection SuiteTarget CEO to Step Down Following Massive Data BreachZeroFOX Secures $10.7 Million to Tackle Social Threats
Tags: Network Security