Cyphort is taking a different tact versus the others in the
breach detection, Advanced Persistent Threat (APT) market with their Cyphort Advanced
Threat Protection solution (claim: complete 360ยบ APT defense!) Cyphort positions the company as both
superior to FireEye and able to coexist with FireEye. Getting their nose
under the tent for when renewals coming up? Shortening the review cycle when
renewals come up? Coverage for areas of
a company where there aren’t FireEye appliances? Cyphort
didn’t participate in the NSS Labs Breach Detection study.
FireEye is the 800-pound gorilla with respect
to market revenue and visibility. The
David vs. Goliath analogy won’t work since FireEye’s CEO’s first name is Dave! Cyphort’s
2014 revenue was around $14 million. FireEye’s was $426 million (this includes
revenue from the Mandiant acquisition).
Cyphort claims that their solution delivers malware lateral
movement detection. They define this as "the ability to combine advanced
targeted attacks and Advanced Persistent Threats (APT) detection with lateral
movement." They say that their product provides a picture of the attack as it happens and the potential
spread within an organization, in real-time.
The Cyphort solution is delivered as software that can be
installed on general-purpose hardware, virtual machines and cloud environments.
The solution consists of four core components:
Collector: Software-based probes deployed at strategic
network locations (Internet egress points, data centers, etc.) to
collect suspect objects and communication.
Core: This is the centralized detection component
of Cyphort’s solution; Cyphort Core analyzes the collected suspicious network
objects and associated metadata from the Collectors
Manager: This is
a web-based, administrative Interface. It enables someone to manage the distributed
deployment and provides access to reports
Threat Network: This
cloud service feeds global threat intelligence to the Cyphort Core for enhanced
detection of current threats. It aggregates threat information across all
Cyphort installations
At RSA earlier this year,
Cyphort's co-founder and Chief Strategy Officer Fengmin Gong said, "Today, solutions must look at
every stage of the cyber kill chain."
It’s always good to have more competition. Based on press,
one would think that the APT market is the exclusive domain FireEye
and the other seven companies that are part of the most recent NSS Breach
Detection Systems (BDS) test!
Is FireEye Cyphort’s Friend or Foe?
On the Cyphort site at http://www.cyphort.com/products/firewhy/ there
are pair of threads prospects can go down.
For those who already have FireEye, Cyphort claims that
their Cyphort Advanced Threat Protection solution can be used to address gaps
in the FireEye solution. Their pitch is
that they enhance protection.
Enterprise-wide
Coverage: Unprotected sites and data centers can be covered with a single
global license
Enterprise-wide Deployment:
Deployment in days using the virtual machine approach
No appliance
proliferation: Cyphort claims that
they cover & correlate email/web/file traffic across multiple operating
systems, all in one solution
The second thread is for those considering FireEye. Cyphort claims that they are “the clear alternative”. They have a nice (of course, it’s selective)
grid containing points of differentiation (FireEye in ( ) :
Detection: Sandbox
evasion detection, Data exfiltration detection, Multi-part threat detection, Golden
image sandbox for contextual detection.
(no for all four )
Coverage:
Distributed/Decoupled Design for Global Deployment using collectors
(Monolithic) , Hardware/Software/VM deployment
(hardware only), Integrated Web/Email threat detection for Windows and
Mac OSX threats (multiple appliances needed)
Action:
Risk-based Threat Prioritization , Containment Using Existing Firewall, Web
Gateway and IPS Devices, Endpoint Infection Verification (no for all three)
Scale and
Flexibility: Scalability, clustered design to support any load (limited by
highest appliance capacity for FireEye ); IT ecosystem Integration, open API (limited);
Licensing is enterprise wide by bandwidth (per appliance for FireEye)
The Radicati Group has a
APT market share and 2015-2019
APT forecast report available for
purchase ($3000) Radicati
APT-Protection-Market-2015-2019-Brochure.pdf
For those wanting another company’s view of Cyphort’s and
FireEye’s offerings, LastLine has performed their own analyses:
Products in the Breach Detection Systems (BDS) Security Value Map™ 2015
In the August NSS Breach Detection Systems Test, Cisco
had the highest detection rate, Blue Coat the lowest TCO. FireEye - lower left in the grid. As mentioned earlier, Cyphort was not in this
study.
Five of the eight received a recommended rating (Those on
the upper right corner of the value map). Some of the companies tested have the
individual reports available on their web site.
To purchase reports, see below.
For the BDS Security Value Map Graphic:
Participants in the NSS Breach Detection Systems Study:
- Blue Coat
Security Analytics and Blue Coat Malware Analysis Appliance
- CheckPoint
13500 Next Generation Threat Prevention Appliance with Threat Emulation
Cloud Service
- Cisco
Advanced Malware Protection
- Fidelis
XPS Direct 1000 & Fidelis XPS Internal 1000
- FireEye
EX-3400 & NX-4400
- Fortinet
FortiSandbox-1000D
- Lastline
Breach Detection Platform
- Trend
Micro Deep Discovery Inspector
Studies are available on the NSS site. Some are available for free on the participant's site.
Posts
