How Does FireEye Find So Many Zero-Day Flaws?

VIDEO: Dave Merkel, CTO of FireEye, explains why zero-day vulnerability disclosure is just a byproduct of what his company is really all about.

zero-day flaw

More often than not over the last several years, FireEye has been one of the most often credited vendors for zero-day vulnerability disclosures. Although it discovers more than its fair share of zero-day flaws, that's not necessarily FireEye's core business.

In a video interview with eWEEK, FireEye CTO Dave Merkel explains why his company finds zero-days and how its technology platforms are continuing to evolve in the ever-changing threat landscape.

Merkel joined FireEye by way of the $1 billion acquisition of Mandiant in January of this year. Merkel had been at Mandiant since 2006 and was the company's CTO when it was acquired by FireEye. Merkel noted that so far the acquisition has been a positive thing, as the larger organization provides more opportunities for global growth.

The core FireEye technology platform is about solving a number of security challenges.

"You have to be able to detect advanced attacks, you have to effectively respond to them, and ultimately you have to contain attacks because something is going to get through," Merkel said.

Fundamentally, Merkel said that FireEye is aiming to help organizations with advanced attacks that other technologies are not detecting. The goal is not just about finding zero-days.

"At the end of the day, we're really just trying to find stuff that other folks missed, and we're always evaluating our efficacy in that fashion," he said. "In the process of doing that, what is the big thing everyone else is missing? It's the zero-day."

Merkel added that zero-days are a byproduct of FireEye's core mission of helping its customers. The first step is actually detecting the attack, which is a function of FireEye's product technology platform.

"So we're at the customer site and we have our virtual engine and we don't need to know what an attack looks like in order to find it," he said.

The FireEye customer will need to enable information sharing and if the exploit in question has never been seen before, it's likely a zero-day vulnerability. The ultimate determination of what is a zero-day is made by human researchers, based on the data and intelligence that the FireEye system delivers.

When it comes to disclosing the zero-day threats, Merkel said that FireEye has a good working relationship with key vendors, including Microsoft.

In terms of how the zero-day vulnerabilities and attacks are exploited within organizations, Merkel places the blame largely on social engineering.

"Social engineering in some form or fashion, tricking the user into doing something that ultimately is against their best interest, remains the No. 1 mechanism to get the user to click on a link or take an action," he said. "They're exploiting human weakness."

Watch the full video interview with Dave Merkel, CTO of FireEye, below:

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.