Megan Fox works with James Franco in Zeroville

Megan Fox to work with James Franco in Zeroville

Win $5,000 in the Big I4U News Black Friday 2014 Giveaway

Win $5,000 in the Big I4U News Black Friday 2014 Giveaway

Minka Kelly is Dating Captain America Star Chris Evans

Minka Kelly is Dating Captain America Star Chris Evans

Samsung Galaxy S5 to get Android 5.0 Update in December

Samsung Galaxy S5 to get Android 5.0 Update in December

Jenny McCarthy Dishes on Donnie Wahlberg's Penis

Jenny McCarthy Dishes on Donnie Wahlberg's Penis

The Product Management Logic of the FireEye-Mandiant Deal

Jan 3 2014, 12:16pm CST | by , in News

The Product Management Logic of the FireEye-Mandiant Deal
Photo Credit: Forbes

The coverage of FireEye’s acquisition of Mandiant in most business publications (see reports in the New York Times and Wall Street Journal) has focused on the dynamic personalities of the CEOs rather than on the implications for delivering security capabilities. But a closer look at this deal shows that the logic driving the future shape of cyber-security products has changed. The new model is a hybrid product that will be a mix of cloud-based capabilities, analytics, SaaS applications, distributed monitoring, and professional services, deployed in several layers. CIOs and CISOs should study this new model and prepare their organizations to adopt it in a series of stages.

Here’s what’s happening:

Here’s the challenge then: How do you detect and respond to threats? How can a CEO say to his board, “We have done everything that is prudent to protect our company. Our spending is at an adequate level and we are vigilant about expanding our ability to protect ourselves”?

The problem is that very few companies can afford to have the talent found at Mandiant working on staff, but from time to time, almost every company will need such talent to determine if an attack has succeeded and what to do about it.

The product management logic of the FireEye acquisition of Mandiant now becomes clear. Cybersecurity will become a form of technology enabled insurance. You will buy FireEye enhanced by Mandiant to implement a model along the following lines:

  • A monthly fee will cover the license for FireEye, the brain, and any additional eyes and ears that will be needed to protect and monitor your environment.
  • It is likely that FireEye will make recommendations about best practices for products it doesn’t sell such as perimeter security or special scanning technology for file systems and such.
  • Your security operations team will run this environment, keep it up to date, and analyze attacks as they come in. A distilled form of the data from the eyes and ears will be shipped to FireEye’s operations center for further analysis.
  • Another monthly fee will cover automated advanced analysis of your security data and incident response. When your team cannot figure out what’s happening, the pros from Mandiant will be on retainer and come in and save the day. That’s their business now.

With this offer in place, a CEO can rest easy, knowing that in the face of a serious breach, he can rely on the experts from FireEye to explain why his security was adequate. Of course, if the CEO, CIO, and CISO reject recommendations after they have bought this insurance, they will likely be held responsible.

My guess is that cybersecurity companies will start formally using the insurance analogy quite soon. In addition, with such a model in place, insurance companies will then be able to write policies about cybersecurity risk, because the risk can be better understood. This is something that the Department of Homeland Security is seeking to promote, and FireEye may make possible.

This model will put FireEye in a hugely powerful role in the deployment and operations of cybersecurity, which is exactly why FireEye CEO Dave DeWalt acquired Mandiant.

Follow Dan Woods on Twitter:
Follow @danwoodscito/>

Dan Woods is CTO and editor of CITO Research, a publication that seeks to advance the craft of technology leadership. For more stories like this one visit Dan has performed research for FireEye and other cybersecurity companies.

Source: Forbes

Recommended For You


blog comments powered by Disqus