Cash and stock deal brings added configuration and change management capabilities
FireEye this week ponied up $250 million for Verodin, purveyor of an instrumentation platform that identifies gaps in security caused by issues like misconfigurations and changes to the network.
The Lowdown: FireEye officials said they expect to couple their own cyberintelligence capabilities with Verodin’s feature set to give users additional ways to measure and test security environments against both known and newly discovered threats, to identify weaknesses in security controls, and to more readily adapt defenses based on pressing threats.
The Details: Verodin will integrate with FireEye Helix security orchestration capabilities to help customers prioritize and automate continuous improvement of security controls, officials said. Customers will also be able to implement Verodin cybersecurity measurement and validation solutions “as-a-service” through the FireEye Managed Defense service and as an “expertise-on-demand” automated service.
Verodin solutions will continue to be available as stand-alone solutions through Verodin resellers and through FireEye channel partners.
The Buzz: “Security effort does not equal security effectiveness,” said FireEye CEO Kevin Mandia, “That’s why security-conscious customers red-team their networks. They need the unvarnished truth of how effective their security programs are. Verodin gives us the ability to automate security effectiveness testing using the sophisticated attacks we spend hundreds of thousands of hours responding to, and provides a systematic, quantifiable, and continuous approach to security program validation.
“We believe there is no better way to train people and instrument better security than by continually attacking the environment and adapting security controls to the real threats,” Mandia added. “Finally, organizations will have a reliable and consistent way to quantify cyber risk in a manner understandable to front-line technicians and in the boardroom.”
“Cybersecurity today is based on assumptions that technologies work as vendors claim, products are deployed and configured correctly, processes are fully effective, and changes to the environment are properly understood, communicated, and implemented,” said Chris Key, Verodin co-founder and CEO. “However, the reality is much different for almost every organization, and often they discover this only after being on the wrong side of a breach. By joining FireEye, Verodin extends its ability to help customers take a proactive approach to understanding and mitigating the unique risks, inefficiencies, and vulnerabilities in their environments.”