More often than not, whenever there is a major breach, the company that is called in to do incident response is FireEye's Mandiant division. Among the organizations that FireEye has helped deal with high-profile breaches are Sony Pictures and health insurance provider Anthem. Incident response isn't the only thing that FireEye does, but it does help to inform the company's other services and its products too.
In a video interview with eWEEK, Grady Summers, chief technology officer (CTO) of FireEye, details how his company's product direction is influenced by its incident response expertise and provides insight into best practices to improve security.
Most modern IT organizations use multiple sets of tools and technologies to provide security. In Summers' view, for his clients, it is the FireEye technology that provides the proverbial "source of truth" about security. That doesn't mean that FireEye is the only source of security information though. Summers emphasized that FireEye's goal is to be able to integrate and partner well with other security vendors.
From a product and services perspective, Summers sees a cycle where there is learning from one segment of the business, helping the other.
"We see this really neat flow where we take what we learn in the field with services and drive that information right into our products," Summers said. "Then we take what our products tell us and let that educate our consulting."
In addition to security products and incident response services, FireEye has proactive services that help prepare organizations to withstand attacks in the first place. From those engagements, Summers said that FireEye sees a number of common trends and weaknesses.
One key weakness that FireEye often sees is a lack of proper network and data segmentation, with organizations running flat networks. In a flat network, there is no proper segmentation, and once an attacker is able to breach one area of the network, the attacker can pivot to reach any other corner of the enterprise.
There is also a problem with a lack of two-factor authentication for both email and VPN access.
"I'm still shocked by big, leading companies--brand names that we all know--still only having a single-factor VPN, and it's a real thorn in their side," Summers said.
Watch the full video interview with Grady Summers below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist