It has also agreed to $10 million in stock consideration that is subject to the achievement of “certain milestones.”
FireEye plans to combine the nPulse network forensics solution with the FireEye Security Platform, to create an enterprise forensics play that gives visibility into the entire attack life cycle - from network intrusion to endpoint exploitation and lateral movement. Coupled with the FireEye threat analytics solution, the suite will form a comprehensive intelligence platform. It will also be offered as a managed service.
Also, the FireEye Network Threat Prevention Platform with intrusion prevention capabilities will add nPulse’s forensics to create an expanded threat management platform.
“The new reality of security is that every organization has some piece of malicious code within their network,” said David DeWalt, chairman of the board and CEO of FireEye, in a statement. “The more important question is has that code been able to execute any compromising activity that puts the organization at risk, and if so, what data left the network? With the addition of the nPulse solution, the FireEye platform will have a ‘flight recorder’ for security analytics. By incorporating real-time breach information from the endpoint and the network, we’re building a single platform to provide the most in-depth attack information and the right data to protect and remediate before a compromise turns catastrophic.”
The nPulse product portfolio provides full packet capture and indexing for search and analysis of network traffic. When combined with the endpoint products acquired from Mandiant, FireEye will be able to offer customers forensics capabilities across both gateway and endpoint nodes.
The end goal for the company is to add that kind of deep analytic capabilities to give customers a single security platform that delivers precise alerts with detailed forensic data on the full scope of an attack.
In the event of a breach, detailed attack information is recorded to track the incident so security teams can move quickly to incident response and remediation, in theory saving hours of investigation time and reducing operational expense.
“With this acquisition, FireEye continues to align its endpoint security offerings with emerging requirements,” said John Oltsik, senior principal analyst at ESG. “Today, enterprises need as much insight into breaches to understand them in tremendous detail. By combining endpoint and network visibility, FireEye gives security teams the information they require to respond to attacks and remediate threats of advanced attacks quickly with the right intelligence, analytics, and automation."
The transaction is expected to close during the second quarter of 2014, subject to standard closing conditions.