FireEye’s recent acquisition of incident response and forensics specialist Mandiant for around $1 billion has been a real high profile eye catcher. The move greatly broadens the FireEye product and services portfolio, of course, although the cost of the acquisition has sparked a few mutterings of ‘overpriced’ amongst the analyst community. That said, several analysts cited Mandiant’s service revenues as a great addition to FireEye and it’s hard to argue with that.
Certainly, Mandiant is a good complement for FireEye, strengthening its security intelligence capability and increasing its detection capability at the endpoint (albeit not its endpoint protection capability), while also providing FireEye with a services arm.
Possible issues? Perhaps around efficient integration & synergies between the two technology platforms, although the two companies have held a relationship since 2012. What is possibly more of concern is the differences between the companies in terms of customer focus and while the move only provides integration between the network and endpoint on 2 million endpoints (by contrast, Symantec has well over 200 million); the maturing Mandiant endpoint capability is focused on detection only, not prevention. And then there’s the danger of a possible conflict with existing FireEye services-based partners.
So, what does all of this mean for enterprise customers? Well, although it is clearly a good technology acquisition, does this fully address the ’cyber problem‘ as claimed? Cyber resilience is more than just good technology with customers needing to respond to a broader set of business and technical challenges such as:
- Increasing dependency on connected and internet reliant business services
- IT infrastructure complexity due to rapidly evolving technologies such as mobile, cloud, virtual, big data, social, ‘etc’
- Malicious actors & malware are making hay in this increasingly connected and complex world.
Customers just don't have the holistic IT security technology to deal with all of the issues that arise from the above. In other words, a breach will happen. So exactly how you prepare for a breach is equally as important as how you respond to it. It’s true that there are innovative technology providers out there that will go some way to help customers manage some of these challenges, but there is no silver bullet to fix the cyber problem.
As far as customers are concerned, the approach they should really take is to:
- Be business led – ensure the business sponsors and supports any cyber security initiative
- Manage risk by aligning to well defined business processes
- Be cyber aware within your own estate
- Gain understanding of the external threat landscape
- Be agile & proactive in cyber defences – in all areas of people, process and technology
- Make the right technology investment choices to provide sustainable cyber security and resilience.
While Symantec has for some time been at the leading edge in delivering security software solutions, our 4.0 transformation is a key factor in driving innovation for our customers. Through our change, we are leveraging our existing broad profile of security software and services solutions, covering more vectors of threat than emerging vendors, while focusing on solving the advanced attack problem and wider customer cyber resilience issues.
Specifically, Symantec’s portfolio strengths embrace:
- Endpoint Protection – capabilities such as our SONAR behavioural protection and our Insight reputational database that tracks billions of file reputations; blocking both known and unknown threats
- Targeted Attack Protection – multiple vector protection in the form of web security, mail security, server security, and data loss protection. Including new capabilities from Symantec such as‘DISARM’ that strips malware from email attachments in real time delivering clean attachments.
- Managed Security Services– leading managed services offerings, supported by contextual security intelligence, providing customers actionable insights into internal security incidents cross referenced by our deep knowledge of the evolving threat landscape
- Finally, the Symantec 4.0 transformation is driving closer integration across our wide portfolio connecting capabilities from our endpoint, gateway, datacenter technologies and managed & hosted services
Also, there are new Symantec 4.0 offerings on the way that will leverage our increased integration & market-leading deep contextual security intelligence to provide actionable cyber visibility and protection.
The point is that, in cyber security, you must have a proactive strategy that is inclusive. As mentioned, there is no ‘silver bullet’ that solves this problem in one hit. What Symantec offers, however, is breadth and capability right across its solutions to get end users safely and securely to their individual destinations.