Black Eye for FireEye - Hitting Researchers with Injunctions

Sometimes security companies can be a little too heavy handed. Or their lawyers have too much time on their hands. FireEye cleared this hurdle, recently.

Felix Wilhelm, a security researcher working for  Germany based ERNW, was going to present his findings on some vulnerabilities he had found with FireEye’s software.  He was going to present at the 44CON Cyber Security Conference (www.44con.com ) during the week of September 9.  The flaws had been fixed, by the way.

The two parties had a series of discussions regarding what could go into the report (FireEye was concerned about not exposing information on their product’s IP).  To be brief, the parties supposedly agreed on a final report around August 5.  FireEye then sent Wilhelm a cease and desist letter on August 6, obtained a court injunction on August 13 and delivered it to Wilhelm on September 2, a week before the 44Con conference.  Ultimately, Wilhelm did present his findings with some material redacted.

FireEye has a procedure for researchers   to “disclose and inform us of potential security issues”. In this case, FireEye was extremely heavy handed . Their action does little to encourage researchers to share (stifle?) at security conferences.  This comes across as “attacking the messenger”. They also attacked the messenger with  NSS Labs a couple of years ago when FireEye e came in last in a multi-company Breach Detection Systems Test. 

FireEye came in last again in a NSS Break Detection Systems Test (BDS) earlier this year. Eight companies were in the test:   Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro. The test measured security effectiveness, performance, and total cost of ownership.

To obtain a copy of the Value Map:  NSS Security Value Map Graphic

To read the complete Forbes article “FireEye Scolded For Injunction Stopping Security Researcher Revealing Source Code”: Forbes - FireEye Scolded 

Is FireEye Fireproof?

Addendum - December 7 :  On 12/7 - FireEye reached a fifty two week  low of  $19.76  This is lower than their IPO opening bell price.

To date, FireEye seems impervious to poor test results.  The market has been more interested in revenue growth. In the NSS Labs Breach Detection Systems Comparative Report issued in Augst, five of the eight vendors tested received a Recommended rating. FireEye was not one of them. 

   

FireEye did not test well in the   NSS Labs report, finishing last, with the lowest security effectiveness (in the 50’s, with the next lowest vendor in the 80’s) and the highest TCO per protected Mbps.

September 28 Addendum - FEYE closed at $31.51. Its opening day closing price was around $36.

Cisco had the highest effectiveness of the eight products tested and Blue coast the lowest TCO per protect Mbps.  FireEye protested the testing methodology when NSS first performed this test a couple of years ago.   

A Frost and Sullivan report “Network Security Sandbox Market Analysis, APTs Create a “Must Have” Security Technology”, gives FireEye 62% of the market.

 From a financial perspective, FireEye sales and marketing expenses as a percent of revenue have finally dropped below 100%. Operating cash flow is finally positive. The company is still losing ”tons” of money. The market finally seems to be paying more attention cash flow, margins, and future profitability.  

The company as of mid August is trading in the low $40’s, well off its peak of $97 in March 2014 (giving executives a chance to cash in for a nice gain) and   above the bottom of $25 in October 2014.  The $40’s is in the area of the pop FireEye had when it first went public. The company CFO, Michael Sheridan, resigned shortly after the last earnings announcement to join DocuSign.

 A free copy the Breach Detection Systems Security Value Map can be obtained at https://www.nsslabs.com/bds-security-value-map-graphic  The full report is available for purchase. A number of the vendors in the report are making their individual vendor reports available.  

Cyphort, one of the vendors tested, is aggressive on their website explaining why they would make a great addition to companies already using FireEye and why they feel they’re the “clear alternative” for companies considering FireEye. People can learn about this at http://www.cyphort.com/products/firewhy/  as well as view a (small) capabilities comparison grid.