Despite what the documentaries about Steve Jobs say, the visionary game is not an easy one at all. Being first at something often results in years of toiling in obscurity as other ideas that are more “mainstream” take off and gain acceptance. Being years ahead of your time can, in the end, almost seem like more trouble than it is worth. However, if your vision is correct, and you stay focused and committed to it, there are moments when it can all be worthwhile. Yesterday was just such a day for AccessData when FireEye announced it had acquired nPulse Technologies, a network forensics company, in order to deliver an integrated enterprise forensics solution.
What is significant about this announcement is that, for the first time, a major security market player is acknowledging the importance of having an integrated forensics solution that combines network forensics and host-based forensics. The simple fact is FireEye is 100% correct. If you take security seriously, you need visibility into all of your data. Your investigation can’t stop at the network or at the host – it needs to move seamlessly from host to network and back to host so you can get the full scope of the compromise and chart an effective path to resolution. AccessData has been doggedly pursuing this exact strategy and delivering on it for over six years.
Back in 2008, no one seemed to understand this concept and we were the proverbial lone wolf, howling in the darkness. Despite the countless hours we spent communicating this message to the market, the story was largely lost because the big players were focused elsewhere. It is our hope that, with FireEye now validating our direction, the market as a whole will begin to wake up to the importance of having a true incident response platform, capable of providing comprehensive visibility across all parts of the network.
That said, it will be interesting to see where FireEye goes from here given that they are just starting in the forensics area. Many will ask how fast the Mandiant IR and nPulse solutions will come together? It is easy to make a network forensics solution and a host-based solution interoperate at the highest level but to truly integrate them in a seamless way is no simple feat – we know this all too well.
Another thought to ponder is our belief that having an effective forensics platform means you can’t be tied to one source of alerts or one type of investigation. The point of an investigative infrastructure is to be able to investigate just about anything. Will the market accept the idea of tying the solution into a single alerting platform, even a well-known and respected one like FireEye? AccessData’s customers have been very clear that their investigation needs range far and wide and they want diversity with respect to integrating with other technologies.
Finally, while security investigations are a key area of focus, today’s enterprises want to be able to leverage the capabilities for all investigations. What starts as a security issue can easily become an HR issue and then morph into a legal issue. Likewise what starts as an HR issue can become a legal and security issue. The point is it is very hard to predict in what direction an investigation, regardless of the source, will ultimately turn. Will FireEye be able to integrate incident response, forensics, legal, compliance, and eDiscovery capabilities to meet these challenges like AccessData already does?
At the end of the day, it is worth noting that I am convinced FireEye is making the right decision and AccessData is happy to finally have some company, with a partner no less. I am looking forward to the market buzz and validation FireEye will bring to this area. It raises the importance of implementing advanced forensic and incident response capabilities, an area we have defined and in which we have continuously innovated. Having been the lone wolf for so long, I have to admit I wasn’t sure about our place as a visionary until the last six months. It is nice to see someone has found our path and thinks it is worth following.