Network guardians FireEye said Wednesday they will focus on a more practical, hands-on way to improve the cybersecurity of businesses and federal agencies – by simulating the hackers they are trying to stop.
The announcement officially launched two new security products offered by FireEye subsidiary Mandiant – Red Team Operations and Penetration Testing. Both services help clients identify weaknesses in their network security by attempting actual cyberattacks. Red team operations are more realistic, seeking persistent access to client networks and accessing real data — rather than just trying to break into a Web server, subvert an app or take over a mobile device, like penetration tests do.
The new offerings are part of a trend toward a more holistic and realistic approach to cybersecurity, as opposed to static documentation of security protocols and vulnerability scans — especially in the government sector, which has traditionally relied on these less dynamic measures.
While FireEye has been offering these services for a decade or more, the company will be putting more focus on them and shifting personnel to work on these more proactive security measures, said Marshall Heilman, vice president and executive director of FireEye’s incident response and red team operations.
“Most people try to look at security from the perspective of defender not the attacker, but you have to think about the problem like an attacker,” Heilman said. “You’re thinking about the fact that there is some goal, whatever it may be, and the hacker is going to do everything they need to do to get to that goal. Whereas the defender is thinking about walls and blocking the attacker, but he’s not thinking about how the attacker is going to get around that wall.”
Pen tests or red team operations could have helped prevent the Office of Personnel Management’s massive security breach last year, Heilman said. A simulated test might have shown the holes OPM needed to patch up to protect their data.
“One of the reasons hackers target IT professionals [is] because the credentials that hackers want to access the environment are usually held by them,” he said. “If you can compromise one of their accounts, you either have the key to the kingdom or the key that get you to the key of the kingdom.”
Previously, the company helped the U.S. National Laboratory and a government research firm determine how to improve their malware protection. Launched in 2004, FireEye was the fastest growing cybersecurity firm in the U.S. tech market, according to Deloitte’s 2015 North America Technology Fast 500. The company was also the first to win cybersecurity SAFETY ACT certification from the Department of Homeland Security.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on.