SOAPA Video with FireEye (Part 1)

Oltsik_Nguyen_SOAPAPaul Nguyen, VP of product strategy at FireEye, stopped by the ESG studio recently to talk about how the company is moving forward with SOAPA. Paul and I discussed things like:

  1. Technology integration. Through its history, FireEye has grown through acquisition, purchasing companies like iSight Partners, Mandiant, and nPulse. Heck, Paul joined FireEye because of its acquisition of Invotas in 2016. While each of these products can stand on its own, FireEye realized that it could deliver a lot more by stitching all these products together in a common platform. Paul spends a lot of his time figuring out how to combine the elements of each product into a FireEye security operations cocktail to maximize customer value. 
  2. SOAPA data. FireEye’s SOAPA stack is anchored by a distributed data management layer that collects, normalizes, processes, and stores terabytes of security data. This may seem mundane, but Paul got very excited when the conversation veered toward security telemetry and data management. FireEye believes that data analysis and management is a core strength as it collects and analyzes a potpourri of security data including endpoints, networks, malware analysis, cyber threat intelligence (CTI), etc. In this way, FireEye is always discovering new things, instrumenting lessons learned into its technology, and sharing this intelligence with customers. Given the growing volume of security data, FireEye recently acquired a big data platform company, X15 Software, to enhance its data management capabilities and provide a platform for integrating machine-generated data.
  3. Helix. For FireEye, SOAPA really revolves around Helix, its security operations platform. Paul described that Helix is where all of FireEye’s value comes together as it is designed for the processes and tasks of security analysts. In other words, Helix is meant to be a manager of managers for the personnel that make up the SOC team. FireEye uses its own experience to instrument Helix with best practice operations and the platform can be customized for individuals or organizational processes.
  4. Endpoint and threat intelligence. Security analytics and incident response processes are often built around endpoint data and threat intelligence. FireEye really aligns well here with its assets from Mandiant and iSight Partners. Paul agreed that this was a core strength of FireEye’s SOAPA but also reminded me that the company builds upon this telemetry with its managed detection/response services, threat hunting services, and machine intelligence. 

While we talked a lot about security telemetry, Paul’s background at Invotas really pushes him to think about what you can do with the data to improve decision making and automate processes. Once again FireEye is focused on building these capabilities into Helix to help its customers improve security efficacy and operational efficiency.

Stay tuned for part 2 of my interview with Paul Nguyen soon. FireEye gets SOAPA!

Topics: Cybersecurity SOAPA