US-based security appliance company FireEye claims it can count half of Australia-New Zealand’s banks as customers despite entering the Asia Pacific market little more than a year ago.
Doug Schultz, FireEye vice president for Asia-Pacific and Japan, told journalists at the NetEvents IT industry conference held in Thailand late last month that his company’s technology was also in use at a “major telco” in Australia and there was “another one that we are about to sign with.” He declined to name any of the banks or telcos concerned however, citing client sensitivity.
FireEye specialises in protecting organisations from “advanced persistent threats” by scanning web traffic, emails and files in the company’s proprietary virtual machine appliances. Any executable code found in email attachments for example is run safely in the appliance’s virtual environment – Shultz uses the word “detonated” – and its behaviour is analysed.
“We could be likened to the emperor’s food taster of ancient times,” says Shultz.
Unlike rival security company Palo Alto Networks, which operates a cloud-based virtual threat analysis environment, any malware detected by FireEye appliances usually remains on the customer’s premises.
“Most of our customers don’t want this kind of material to be in the cloud at all,” Shultz says.
“The largest banks and technology companies have been very particular about this. But it doesn’t mean that there isn’t an approach for cloud.”
Founded in 2004 FireEye now employs 500 people globally. Shultz says the company has a policy of employing citizens of the countries it operates in wherever possible, and that many staff hold security clearances.
While FireEye works “closely with governments and government security agencies” – Shultz claims to be able to provide an “Australian federal government security organisation” as a reference to appropriate potential clients – he says it is up to the customer whether any malware activity is reported to the authorities.
“Sometimes they report it, sometimes it’s under an NDA [non-disclosure agreement] and they want to keep it quiet. We advise on the presence of a threat and where possible its intent, but it’s the customer’s call whether authorities are informed.”
While Shultz says that protecting customers from threats is the company’s main focus, he says FireEye has been “tracking some [criminal] groups for years” and carries out forensic work where required. However, if identifying the source of malware is a priority, FireEye will usually work with outside forensic specialists such as Mandiant.
• Michael Foreman attended the NetEvents conference in Thailand as a guest of NetEvents.