ESG's Jon Oltsik talks with Paul Nguyen of FireEye about SOAPA and Cybersecurity. This is part 1 of a 2-part series.
Read the related ESG Blog: SOAPA Video with FireEye (Part 1)
Announcer: The following is an ESG 360 video.
Jon: I'm here with Paul Nguyen, Vice President of Product Strategy from FireEye. Welcome, Paul.
Paul: Thanks, Jon.
Jon: So we're talking about SOAPA, and SOAPA is about technology integration. Now, FireEye has purchased a lot of companies, you purchased nPulse, Mandiant, iSIGHT Partners. How does that work for technology integration at FireEye?
Paul: Yeah. This is actually a topic near and dear to my heart with Invotas, which I started as one of the first security orchestration companies. So our whole job was to integrate, and so I'm taking a lot of those concepts now that I run the product business, and bringing all the assets that we have, and really blending it together as a platform. And people use platform as a different term, but we're trying to build common capabilities, like a common interface, common backend, so that we can now integrate them more tightly together, more so than I could with Invotas before where you're outside loosely coupled.
Jon: Okay. Now, I know the last time we talked, we talked about data. And data is the fundamental layer of the SOAPA architecture. So how do you treat the data at FireEye? And what have you done with acquisitions to improve that?
Paul: Yeah. I think data is one of the most exciting topics for me when I look at our assets and our portfolio. So we have endpoint data, network data, email data, our intelligence, our instant response data, and our iSIGHT data. So we've got a lot telemetry from the ecosystem, and we're looking at ways to unlock that. So in a lot of ways, we're a data company as well. I'd say we have some of the most rich telemetry in the industry. And so we're using that for multiple purposes. One is certainly detection, that's one of our core pillars as a company. The second is intelligence from a contact standpoint. So bringing it all together really to drive those two pillars, and then now, as we evolved into a security operations platform, it's about how do you provide the right data to the right person at the right time from an analyst standpoint to help them, you know, execute their job from alert to fix standpoint.
Jon: And you just did something around big data. Tell me about that.
Paul: Yeah, we acquired a company called X15, which was a unique asset. We were looking to them to bolster our data management because we do have a lot of data. And so, one, it's a data ingest method that they use that is good for structured and unstructured data, and allows us to bring data at scale in a way without having a lot of overhead, and being able to manage that to add scale is critical. So we'll be folding that into the platform from a Helix standpoint. So we're pretty excited about that.
Jon: Yeah, data's a fundamental piece. And we don't often talk about the data management, but there is a lot of data. So that's intriguing development for you guys. Now, you mentioned Helix, and Helix is sort of where everything comes together for FireEye. So tell me about that. What are you doing strategically, and what's Helix as a product?
Paul: Sure. I think you mentioned some of the companies that we acquired. They're great point products, and they're best of breed in their respective areas. And when I looked at it, I said, "How do we start to bring all the pieces together?" And really, when you look at it, we're trying to solve the security operations problem, and we're trying to serve the security operations analysts, tier one, tier two, tier three, and we obviously have our own capabilities internally for managed defense which we provide as a managed service. So Helix is gonna be the hub of our platform, right, where all the different components plug into, a common interface where, one, we can provide a single pane of glass for analysts. I mean, that's one of the key areas I think we can solve for that hasn't been solved for before, is literally keeping the analysts in the console so they do have to click and pivot between not only our products but also third-party products, which is some of the orchestration things that we are working on as Invotas.
Jon: Right. And to me, that's the top layer, is you get all this information, you analyze it, but then what do you do about it. Now, one other question. I think of FireEye and I think of this rich history in endpoint data, forensic data, activity data, behavioral data, and then I think of threat intelligence. And those are two pillars of security analytics. So how are you bringing together with Helix?
Paul: Probably some of the most exciting times for me is sitting with Mandiant folks. And if you look at the evolution of our endpoint, it's really driven by Mandiant in a lot of ways because they are, you know, the best of the best in terms of the respond side, and they're constantly using endpoint as one of their primary tools out there. So we're having to evolve and deploy new capabilities non-stop with some of the new breaches that we're always working. So that endpoint data is one of our richest data sets because we get to see what's happening on the frontline and bring that back, and help with our investigations from not just, you know, singular customers but from a broad standpoint. So the endpoint data is probably one of the most important, critical data sets that we have.
And then our intelligence, you know, we have three facets of it. We have the machine intelligence, which is traditionally what you get from our network capabilities, our email. And that machine telemetry is also important from an intelligence standpoint as we look at the grid of customers that we protect, you know, from thousands of boxes being deployed. And then iSIGHT with more of, you know, the forward deployed analyst with the adversary intelligence, really understanding what the adversary's motivation is, what their tools and techniques are, and what they're really thinking about, and why they're targeting certain customers. So if you blend that all together, I think we have one of the richest intelligence sets. And we use that for both detection and from a contact standpoint, as we're trying to serve that to an analyst.
Jon: So you're taking endpoint data, network data, threat intelligence, blending it together, presenting it to the analyst through Helix?
Jon: That's what SOAPA is about.
Paul: That's right.
Jon: Can you stick around for another video?
Jon: All right. Thanks so much, Paul.
Paul: Thank you.