Can FireEye up the cyber security ante through Microsoft partnership?

Can FireEye up the cyber security ante through Microsoft partnership?

Vendors strike mutually beneficial deal with deep levels of security in mind.

FireEye has recently struck a deal Microsoft, designed to place the security vendor's iSIGHT Intelligence into Windows Defender, an inbuilt Windows security offering.

According to both parties, the partnership is built around a licensing agreement of FireEye's iSIGHT Intelligence.

Sources close to ARN however claim that the terms of the deal could see FireEye gain access to telemetry from every device running Windows 10, serving up access to almost 22 per cent of the total desktop market, alongside laptops and Windows mobile phones.

"The nature of the deal between Microsoft and FireEye is to license threat intelligence content from FireEye iSIGHT Intelligence," a Microsoft spokesperson told ARN.

"This additional layer of intelligence includes indicators and reports of past attacks collected and edited by FireEye and enhances detection capabilities of Windows Defender Advanced Threat Protection (WDATP). The deal does not include the sharing of Microsoft telemetry."

Despite the flat denial from Microsoft, the agreement offers many plus points for FireEye, with Redmond previously intending to have one billion devices running Windows 10 by 2019.

While the vendor has since backtracked on this statement - stating that the process would take longer than originally predicted - the direction of travel is clear.

Windows users are able to use the Windows Defender service in a free trial before purchasing a subscription to Windows Defender Advanced Threat Protection (WDATP).

The partnership has benefits to Microsoft as well by offering credibility to its Windows Defender product through partnership with a well known cyber security vendor such as FireEye.

In addition, it also pits the software giant against the incumbent players in the already highly competitive endpoint security market.

WDATP customers have access to intelligence technical indicators, which will enable the program to highlight when such indicators are found on end-user computers or networks, before displaying a profile of the involved attacker.

This profile includes information such as the motivation of the attacker, tools used, sectors targeted and geographies, alongside a description of the attacker.

Despite denials, ARN sources believe security teams are also able to access the telemetry via a subscription billing model.

“FireEye has invested in nation-state grade intelligence and we are strategically partnering with industry leaders to operationalise this high-quality intel," FireEye senior vice president of corporate development, Ken Gonzalez, added.

By working with Microsoft, Gonzalez said FireEye is now able to offer "differentiated intelligence" within WDATP and together help make organisations more secure.

"With the Windows 10 Anniversary Update, we added this new layer of defence with WDATP - a new built-in OS sensor combined with powerful cloud-powered behavioural detection analytics - in order to help enterprises, detect, investigate and respond to targeted attacks and data breaches on their endpoints quicker and easier,” added, Windows Cyber Defence, general manager, Moti Gindi.

"As two security leaders working together, the combined Microsoft and FireEye adversary-based security intelligence ensures WDATP detections can provide the right context needed to prepare for and simplify response to attacks."

IBRS cyber security advisor, James Turner, told ARN that the deal brings wide-ranging benefits to both vendors.

"There are benefits here for both Microsoft and FireEye," he said.

James Turner - Cyber Security Advisor, IBRS
James Turner - Cyber Security Advisor, IBRS

"Microsoft are seen to be playing with a big brand name in the security space and FireEye potentially get access to a much broader distribution of endpoints than it would otherwise have."

While the partnership may be seen as a boon for FireEye, extending the vendors threat detection network to compete with major endpoint players such as Symantec and Kaspersky Lab, Turner warned that access to telemetry alone will not necessarily give the vendor an edge over its rivals.

"It’s a classic case of FOMO [fear of missing out]," he explained. "Everyone thinks that everyone else has got better intelligence than they do so everyone has a fear of missing out.

"So everyone talks about intelligence sharing but the most valuable threat intelligence is that which is made directly applicable to you and can take action on.

"When you start looking at this particular offering, it has to be fairly generic because there is no customisation - as far as I can tell - around this. It is literally going to be a case of seeing something out there and identifying it as bad.

“It is going to be very hard for this to be customised to any specific client."

Turner added that there could be exceptions to this rule including searching for pre-defined keywords but said it is going to depend on the actual mechanism around it.

“If it is a way of helping to commoditise more advanced, threat centric security for the endpoint, then that is a plus," he said. "But ultimately, I think anybody who is expecting a silver bullet will be disappointed.

“Obviously we need to see the proof of the pudding in the eating, but there is a definite potential here to help do a capable shift in the way things are going.”

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftIBRSFireEyewindows defenderJames TurnerWindows 10Windows Defender Advanced Threat Protection (WDAPT)



The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments