Startup FireEye made its debut, announcing plans to ship a switch-based network-access control appliance next month that will let customers identify network-borne malware and attacks in order to quickly contain them.
Ashar Aziz, the firm's CEO who founded the company after a 12-year engineering career at Sun, says FireEye's NAC appliance, as yet unnamed, will make use of what FireEye calls its virtual-machine technology to identify attack traffic.
This approach entails duplicating the desktop and server operating systems and applications within the FireEye appliance as a virtual CPU and analyzing how traffic passing through a managed switch might impact it.
"The idea is to model vulnerability to malware," Aziz says about the virtual-machine approach adopted by FireEye security purposes. Only Avinti, a startup funded by Symantec and two venture-capital firms to detect unknown keyloggers and Trojans in e-mail, is known to be applying the virtual-machine concept in similar fashion in its iSolation Server.
Aziz says the virtual-machine technique will be effective at the network level to quickly identify incoming malware or attacks that might disseminate in the enterprise. If the FireEye appliance determines network traffic is harmful, it can direct the switch to take action. "We can then shut down the ports or quarantine the device," Aziz says.
The FireEye appliance isn't an in-line device, so it doesn't block packets, but it will let network managers isolate LAN segments to protect them from attack or isolate infected machines at an early stage before a threat has been analyzed by the broader security community.
The first version of the appliance will run copies of Windows-based applications, both patched and unpatched, to analyze how incoming traffic might adversely impact them. FireEye also plans support for Linux towards the end of the year.
Ashar, whose background includes founding and then selling startup Terraspring to Sun in 2002, has confidence that FireEye's virtual-machine approach will find a corporate audience, even as the market for NAC products mushrooms with vendors announcing new products practically every day.
"You can have your anti-virus up to date and still get infected if there's a new worm," Aziz says. "Our model tells you you're infected through passive monitoring in a virtual-machine environment."