FireEye just announced they would be acquiring nPulse Technologies. You can find more on this via their website HERE and nPulse HERE. A summery of nPulse is they provide network forensics through a 10 Gbps full duplex solution that can capture, inspect and expositing indications of compromises.
My personal thoughts:
It looks like FireEye is attempting to address what happens when somebody breaches a network beyond gateway detection. FireEye recently failed during the NSS report regarding its ability to identify and stop malicious attacks that have breached a network. (More on the NSS report can be found HERE).
NSS 2014 Breach Report Results
It makes sense that they should invest in doing more than identifying attacks at the gateway hence both the recent Mandiant and nPulse acquisitions. The concept looks like FireEye’s original technology will act as the doorway monitor, Mandiant will monitor endpoints and nPulse will be the network forensic solution. This way threats can be seen and remediated inside the network.
Possible FireEye roadmap with recent acquisitions
If you ask me, I look at how SourceFire has been addressing post compromised detection in this manner for a while. SourceFire can act as a Next-Gen firewall blocking attacks before they happen. If an attack is executed, SourceFire is the leader for IPS/IDS built on the open source Snort IPS. If an attack gets through the perimeter, SourceFire monitors the network and endpoints for malicious files via file hashes, monitoring behavior, identifying file encoding trends, sandboxing and other means. If a threat is detected, SourceFire can tell you the history of the infected file both from a network and endpoint view providing a method to stop the breach on all impacted devices. This is why SourceFire led the recent NSS report for post compromise detection.
SourceFire stops threats before during and after compromise with single appliance
That’s just my personal opinion but I will say it will be interesting to see how these FireEye acquisitions mature. I’m sure other vendors that provide full packet capture technology such as RSA / NetWitness and Solera/Blue Coat will be interested in this announcement.