Smaller ransomware incidents account for more attacks, outpacing large compromises involving hundreds of systems—a trend that bodes well for businesses but less well for some security firms—according to threat-protection and response firm FireEye.
On Aug. 4, FireEye announced that the company's earnings fell short of analysts' forecasts and, among other factors, blamed criminals' move to quicker ransomware attacks and away from drawn-out compromises. As a result, the company responded to incidents that were shorter in duration and smaller in size than in the past, Kevin Mandia, FireEye's recently appointed CEO, said during the company's earnings call.
"While our services personnel are responding to more attacks this year than prior years, the scope and scale of these attacks is simply different," Mandia said. "The scale and scope went from hundreds of compromised machines by attackers who wanted to maintain and keep access to more of the ransomware-type attacks and extortion attack that are simply easier to remediate at times."
The bottom line for FireEye: The more focused attacks are good news for companies trying to clean up but mean less revenue for the service providers that help them recover.
FireEye grew in the second quarter, with revenue of $175 million, up 19 percent year-over-year , but that figure fell short of the company's guidance to analysts. While the company had 40 engagements exceeding $1 million, none of its service calls exceeded $10 million, reducing its average revenue per response. The company plans to lay off between 300 and 400 employees as a cost-saving measure, about 9 percent of its controllable costs, the company said.
FireEye's stock, listed on the NASDAQ, dropped about 12 percent to $14.50 since Thursday's close on the unexpectedly slow growth. The company has lost more than 70 percent of its market value in the past year.
It's unclear whether the change in attack patterns will affect other security firms outside of advanced threat companies, such as FireEye.
Yet analysts are not sold on the company's assertions for its slowing revenue. Competition is a more likely cause of the company's struggles, Lawrence Orans, research vice president for Gartner, told eWEEK. FireEye's major differentiator is its ability to sandbox executables to detect otherwise unknown threats, but other companies offer their own take on the technology as a feature to their endpoint security products, he said.
"I think the key thing for FireEye is that there is more competition in the market," Orans said. "Its big revenue generators are the sandboxing appliances, but the mainstream security vendors are selling sandboxing and for far less than FireEye."
Increasingly, companies such as FireEye will bundle security technology, services and incident response in an integrated package. FireEye has already stated that it will move more toward a cloud service offering that takes clients from initial detection to remediation. The increase in automation and move to subscriptions will make revenue from security services more predictable.
"I believe that going forward, we will address a larger market by offering solutions in multiple form factors that allow our customers to protect their assets wherever they are, whether they're on-premise, in the cloud or both," Mandia said. "We'll also address a large market as we drive toward security as a service, allowing customers to benefit from our technology, expertise, and intelligence seamlessly and on demand."