FireEye Cyber Security

Day To Day Operations of Information Security Firms – FireEye Cyber Security

Select an industrial or commercial U.S. based company that is listed on one of the major stock exchanges in the United States. Each student should select a different company. Avoid selecting an insurance company or a bank�the financial ratios for insurance companies and banks are different. Write a seven- to eight-page double-spaced paper about your selected company answering the questions posted under the Week 2 Minicase assignment posted in Doc Sharing. This Minicase paper should be submitted to the Week 2 Minicase Dropbox.

FireEye Cyber Security

Introduction and Background

FireEye Cyber Security is an information technology security firm that deals in combating advanced persistent threats; providing security that is far beyond the usual firewalls, antivirus and sandbox tools. FireEye assists over 2,200 organizations in 60 countries in storage, protection and management of vital information. The company’s vision is to ensure that the clients’ most valuable information is protected and runs by the mantle ‘Security Reimagined’. FireEye aims at investing in the best technology to detect and fix malware; in such a way that its innovation strategies are as quick as attackers.

The main activities at FireEye include information technology security, aimed at protecting clients’ data from malicious possession including hacking; protection from cyber attacks; resolving data security issues; information technology risk assessment; debugging of information systems; data back up; and installation and provision of technical support for information security systems.

Process flows

On typical day, engineers at FireEye spend their day doing surveillance on client systems to detect any bugs, threats, potential attacks and hacks on client data. The aim is to move from ‘alert to fix’ in the shortest time possible through timely detection, analysis and threat elimination. Brewer (2015) notes that in the current in the face of rising cyber criminal activities, companies providing data security services should aim at reducing the time period between detection and response to reduce damage; an aspect that FireEye uses to maintain its current niche in the market. The figure below is an illustration of FireEye’s approach to managing IT security.

Once a threat has been detected, the team goes ahead to launch an investigation and eventually clear the threat to save the clients data. A flow chart showing how an information breach is addressed is shown by the diagram below:

The process begins by detection of an incident, followed by a notification to the owner.  The team then goes ahead to investigate whether to quarantine the hosts that have been compromised. In the event that the hosts are in the white list, the team requests the system owner to contain the incident using predesigned plans. The incident handler then goes on to recover the data once it has been identified not to be of high criticality. Data with high criticality and restricted data have to go through the critical incident response; a process that involves a series of investigations and corrective measures including confiscation of hardware, up to the point where data breach is confirmed. The critical incidence flow is illustrated as follows:

Besides solving data breach issues, employees at FireEye must ensure that the clients’ needs are addressed as far as information management is concerned. Activities at FireEye on a day to day basis can therefore be summarized as follows:

1. Risk assessment and tactical planning to ensure protection of data
2. Evaluation of system bug reports
3. Incidence  preparedness including initial set up of systems to support security of information such as virus detection systems, software licenses, content filtering systems and firewall among others
4. Review of security exploit reports, system bug reports and security alerts in systems and mails
5. Information security program management
6. Management of projects meant to respond to unexpected breaches of information security.
7. Provision of technical support and consultancy for clients on matters related to information security
8. Email and data backup services

Responsibilities and Interfaces

FireEye’s activities are mostly executed by data handlers, who consist of engineers and IT specialists, under the authority of the chief technology officer. Data handlers can be considered the ‘ground men’, whose role is to capture all threat signals and re-direct them to the right channels to ensure they are resolved as soon as possible. The chief technology officer and chief information work together, to ensure continuous investment in research to promote the company’s ability to resolve data threats.

FireEye data handlers take attack notification as the input to begin investigating the process. The user and the system are at the same time prompted to manage process execution by checking the possibility of dealing with the attack using the installed security programs. The system at this juncture may invoke external applications and other predesigned programs with the possibility of blocking the attack. The data handlers and chief information officer continue to monitor the process to establish the need for further action if the attack is not automatically managed by the system. These interfaces are outlined in the diagram as below:

Equipment and logistics

Being a service company, FireEye interacts directly with customers and therefore employs over 2000 staff to ensure that the needs of clients are well addressed. The company does not advocate for outsourcing because the management believes in providing first hand service to clients and thus assure quality service delivery. This philosophy can be explained by Parliament of Australia (2015), who notes that the use of intermediaries in the service sector to a large extent distort the quality of service, hence the relevance of direct service.

Servers and computers remain the most equipment in managing IT security. Servers can be described as computers whose primary role is to provide a location for shared storage. A single server can connect several computers in a network, allowing authorized persons to access available information. FireEye’s high capacity servers ensure that data handlers, IT security manages and other IT security staff can access client files and thus easily detect and correct any attacks on data.

FireEye has invested in both cable and wireless internet to ensure that data is always accessible when needed and that attacks can be remotely accessed at any time. The company also ensures that the clients have reliable internet connection as this helps in sending signals to FireEye’s server whenever there is an information threat on their side (Castelluccio, 2015). In consideration of how important internet connection is, FireEye has a team of engineers whose role is to ensure that all servers and rooters are connected and that any mishap disconnection is addressed immediately before it can compromise client data. 

Quality control

In a field that is highly competitive, quality assurance cannot be underestimated (Sherry, 2014). In this regard, FireEye seek to maintain the highest possible standards through investing in the most current technology. FireEye aims at providing clients with the best value for their money and thus constantly engages in research to identify new trends in information technology management. FireEye has invested in winning technologies to ensure that threats are detected and blocked in a matter of minutes. Engineers and IT specialists are trained to be vigilant and move in the same speed or even faster than attackers to ensure that they can manage any kind of new threat. This to a large extent reduces the need to physically deal with the malware or visit client offices, except during installation; thus saving time and increasing customer satisfaction. Borrett, Carter and Wespi (2013) notes that investing in innovative technology should be the main concern for IT security companies that seek to succeed and FireEye has been successful in achieving this. Sherry (2014) further maintains that organizations must now be vigilant in identifying new threat intelligence to promote detection of  cyber threats. 

References

Borrett, M., Carter, R., & Wespi, A. (2013). How is cyber threat evolving and what do organisations need to consider? Journal of Business Continuity & Emergency Planning, 7(2), 163-171.. Cyber threats: reducing the time to detection and response. Network Security, 2015(5), 5-8.