Trellix

Last updated

Trellix
Company type Private
Industry Computer security
Founded2022
Headquarters Milpitas, California, United States
Key people
Bryan Palma, CEO
ProductsCyber Security Hardware and Software
  • Email Security
  • Endpoint Security
  • File Security
  • Cross Vendor Management Interface
ServicesIT Security Consulting Services
  • Incident Response
  • Vulnerability Testing
  • Preparedness Assessment
RevenueIncrease2.svg US$940 million(2020) [1]
Total assets Increase2.svgUS$3.245 billion(2020) [1]
Total equity Increase2.svgUS$732 million(2020) [1]
Owner Symphony Technology Group
Number of employees
~3,400 (December 2020) [1]
Website www.trellix.com

Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. [2]

Contents

In March 2021, Symphony Technology Group (STG) announced its acquisition of McAfee Enterprise in an all-cash transaction for US$4.0 billion. [3] STG completed the acquisition of McAfee’s Enterprise business in July 2021 with plans for re-branding. [4] In June 2021, FireEye sold its name and products business to STG for $1.2bn. [5] STG combined FireEye with its acquisition of McAfee's enterprise business to launch Trellix, an extended detection and response (XDR) company. [6] Meanwhile, McAfee Enterprise's security service edge (SSE) business would operate as a separate company to be known as Skyhigh Security. [7]

History

FireEye was founded in 2004 by Ashar Aziz, a former Sun Microsystems engineer. [2] [8] FireEye's first commercial product was not developed and sold until 2010. [9] Initially, FireEye focused on developing virtual machines to download and test internet traffic before transferring it to a corporate or government network.

In December 2012, founder Aziz stepped down as CEO and former McAfee CEO David DeWalt was appointed to the position [10] [11] [12] to prepare the company for an initial public offering (IPO). [9] [13] The following year, FireEye raised an additional $50 million in venture capital, bringing its total funding to $85M. [14] [15] In late 2013, FireEye went public, raising $300M. [11] FireEye remained public until 2021. [5]

In December 2013, FireEye acquired Mandiant for $1bn. [16] Mandiant was a private company founded in 2004 by Kevin Mandia that provided incident response services in the event of a data security breach. [16] [17] Mandiant was known for investigating high-profile hacking groups. [16] Before the acquisition, FireEye would often identify a security breach, then partner with Mandiant to investigate who the hackers were. [16] Mandiant became a subsidiary of FireEye. [16] Since acquiring Mandiant, FireEye has been called in to investigate high-profile attacks against Target, JP Morgan Chase, Sony Pictures, Anthem, and others. [18]

The company diversified over time, in part through acquisitions. In 2010, FireEye expanded into the Middle East [19] and the Asian Pacific [20] FireEye entered Europe in 2011 [21] and Africa in 2013. [22] At the time, FireEye was growing rapidly:revenues multiplied eight-fold between 2010 and 2012. [11] However, FireEye was not yet profitable, due to high operating costs such as research and development expenses. [11]

In late 2014, FireEye initiated a secondary offering, selling another $1.1bn in shares, to fund the development of a wider range of products. [23] Shortly afterward, FireEye acquired high-speed packet capture company, nPulse, for approximately $60M. [24] By 2015, FireEye was making more than $100M in annual revenue, but was still unprofitable, [25] largely due to research and development overspending. [8]

In January 2016, FireEye acquired iSIGHT Partners for $275M. [26] iSIGHT was a threat intelligence company [27] that gathered information about hacker groups and other cybersecurity risks. [28] This was followed by the acquisition of Invotas, an IT security automation company. [29] [30] DeWalt stepped down as CEO in 2016 and was replaced by Mandiant CEO and former FireEye President Kevin Mandia. [10] [8] Afterwards, there was downsizing and restructuring in response to lower-than-expected sales, resulting in a layoff of 300–400 employees. [31] [32] Profit and revenue increased on account of shifts to a subscription model and lower costs. [33]

In March 2021, Symphony Technology Group (STG) acquired McAfee Enterprise for $4bn. [34] In June 2021, FireEye announced the sale of its products business and name to STG for $1.2 bn. [5] The sale split off its cyber forensics unit, Mandiant, [35] and the FireEye stock symbol FEYE was relaunched as MNDT on the NASDAQ on October 5, 2021. [36] On January 18, 2022, STG announced the launch of Trellix, an extended detection and response company, which is a combination of FireEye and the McAfee enterprise business. [6] On September 30, 2021, STG announced Bryan Palma as CEO of the combined company. [37]

Products and services

FireEye started with "sandboxing", [38] in which incoming network traffic is opened within a virtual machine to test it for malicious software before being introduced into the network. [16] [25] FireEye's products diversified over time, in part through acquisitions. [10] [38] In 2017, FireEye transitioned from primarily selling appliances, to a software-as-a-service model. [39]

FireEye sells technology products including network, email, and endpoint security, a platform for managing security operations centers called Helix, and consulting services primarily based on incident response and threat intelligence products. [40] [41]

The Central Management System (CMS) consolidates the management, reporting, and data sharing of Web MPS (Malware Protection System), Email MPS, File MPS, and Malware Analysis System (MAS) into a single network-based appliance by acting as a distribution hub for malware security intelligence. [42]

The FireEye Cloud crowd-sources Dynamic Threat Intelligence (DTI) detected by individual FireEye MPS appliances and automatically distributes this time-sensitive zero-day intelligence globally to all subscribed customers in frequent updates. Content Updates include a combination of DTI and FireEye Labs generated intelligence identified through research efforts.

As of its inception in January 2022, Trellix has more than 40,000 customers, 5,000 employees, and $2bn in annual revenue. [6] Trellix includes the endpoint, cloud, collaboration, data and user, application, and infrastructure security capabilities of FireEye and McAfee. [6] The business focuses on threat detection and response using machine learning and automation, with security technology that can learn and adapt to combat advanced threats. [34]

Operations

FireEye has been known for uncovering high-profile hacking groups. [10]

2008–2014

In October/November 2009, FireEye participated to take down the Mega-D botnet (also known as Ozdok). [43] On March 16, 2011, the Rustock botnet was taken down through action by Microsoft, US federal law enforcement agents, FireEye, and the University of Washington. [44] In July 2012, FireEye was involved in the analysis [45] of the Grum botnet's command and control servers located in the Netherlands, Panama, and Russia. [46]

In 2013, Mandiant (before being acquired by FireEye) uncovered a multi-year espionage effort by a Chinese hacking group called APT1. [47]

In 2014, the FireEye Labs team identified two new zero-day vulnerabilities – CVE - 2014–4148 andCVE- 2014–4113 – as part of limited, targeted attacks against major corporations. Both zero-days exploit the Windows kernel. Microsoft addressed the vulnerabilities in the October 2014 Security Bulletin. [48] Also in 2014, FireEye provided information on a threat group it calls FIN4. FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies.

The group has targeted hundreds of companies and specifically targets the emails of corporate-level executives, legal counsel, regulatory personnel, and individuals who would regularly discuss market-moving information. [49] Also in 2014, FireEye released a report focused on a threat group it refers to as APT28. APT28 focuses on collecting intelligence that would be most useful to a government. FireEye found that since at least 2007, APT28 has been targeting privileged information related to governments, militaries, and security organizations that would likely benefit the Russian government. [50]

2015

In 2015, FireEye confirmed the existence of at least 14 router implants spread across four different countries: Ukraine, the Philippines, Mexico, and India. Referred to as SYNful Knock, the implant is a stealthy modification of the router’s firmware image that can be used to maintain persistence within a victim’s network. [51]

In September 2015, FireEye obtained an injunction against a security researcher attempting to report vulnerabilities in FireEye Malware Protection System. [52]

In 2015, FireEye uncovered an attack exploiting two previously unknown vulnerabilities, one in Microsoft Office (CVE - 2015–2545) and another in Windows (CVE - 2015–2546). The attackers hid the exploit within a Microsoft Word document (.docx) that appeared to be a résumé. The combination of these two exploits grants fully privileged remote code execution. Both vulnerabilities were patched by Microsoft. [53]

In 2015, the FireEye as a Service team in Singapore uncovered a phishing campaign exploiting an Adobe Flash Player zero-day vulnerability (CVE - 2015–3113). Adobe released a patch for the vulnerability with an out-of-band security bulletin. FireEye attributed the activity to a China-based threat group it tracks as APT3. [54]

2016

In 2016, FireEye announced that it had been tracking a pair of cybercriminals referred to as the “Vendetta Brothers.” The company said that the enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information, and sell it on their underground marketplace “Vendetta World.” [55] In mid-2016, FireEye released a report on the impact of the 2015 agreement between former U.S. President Barack Obama and China's paramount leader Xi Jinping that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for economic advantage.

The security firm reviewed the activity of 72 groups that it suspects are operating in China or otherwise support Chinese state interests and determined that, as of mid-2014, there was an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries. [56]

In 2016, FireEye announced that it had identified several versions of an ICS-focused malware – dubbed IRON GATE – crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. Although Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed to FireEye that IRON GATE is not viable against operational Siemens control systems and that IRON GATE does not exploit any vulnerabilities in Siemens products, the security firm said that IRON GATE invokes ICS attack concepts first seen in Stuxnet. [57]

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player (CVE - 2016–4117). The security firm reported the issue to the Adobe Product Security Incident Response Team (PSIRT) and Adobe released a patch for the vulnerability just four days later. [58]

In 2016, FireEye discovered a widespread vulnerability affecting Android devices that permit local privilege escalation to the built-in user “radio”, making it so an attacker can potentially perform activities such as viewing the victim’s SMS database and phone history. FireEye reached out to Qualcomm in January 2016 and subsequently worked with the Qualcomm Product Security Team to address the issue. [59]

In 2016, FireEye provided details on FIN6, a cybercriminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors. The group was observed aggressively targeting and compromising point-of-sale (POS) systems, and making off millions of payment card numbers that were later sold on an underground marketplace. [60]

2017–2019

In 2017, FireEye detected malicious Microsoft Office RTF documents leveraging a previously undisclosed vulnerability, CVE - 2017-0199. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit. FireEye shared the details of the vulnerability with Microsoft and coordinated public disclosure timed with the release of a patch by Microsoft to address the vulnerability. [61]

In 2018, FireEye helped Facebook identify 652 fake accounts. [62]

2020–2021

FireEye revealed on Tuesday, December 8, 2020, that its systems were pierced by what it called "a nation with top-tier offensive capabilities". [63] The company said the attackers used "novel techniques" to steal copies of FireEye's red team tool kit, which the attackers could potentially use in other attacks. [64] [65] The same day, FireEye published countermeasures against the tools that had been stolen. [66] [67]

A week later in December 2020, FireEye reported the SolarWinds supply chain attack to the U.S. National Security Agency (NSA), the federal agency responsible for defending the U.S. from cyberattacks, and said its tools were stolen by the same actors. The NSA is not known to have been aware of the attack before being notified by FireEye. The NSA uses SolarWinds software itself. [68]

Within a week of FireEye's breach, cyber-security firm McAfee said the stolen tools had been used in at least 19 countries, including the US, the UK, Ireland, the Netherlands, and Australia. [69]

During the continued investigation of the hack of their data and that of federal agencies revealed on December 8, 2020, FireEye reported in early January that the hacks originated from inside the USA, sometimes very close to the facilities affected, which enabled the hackers to evade surveillance by the National Security Agency and the defenses used by the Department of Homeland Security. [70]

2022

A 2022 report by Trellix noted that hacking groups Wicked Panda (linked to China) and Cozy Bear (linked to Russia) were behind 46% of all state-sponsored hacking campaigns in the third quarter of 2021 and that in a third of all state-sponsored cyber attacks, the hackers abused Cobalt Strike security tools to get access to the victim's network. [71] In a January 2022 report on Fox News, Trellix CEO Bryan Palma stated that there is an increasing level of cyberwarfare threats from Russia and China. [72]

A 2022 Trellix report stated that hackers are using Microsoft OneDrive in an espionage campaign against government officials in Western Asia. The malware, named by Trellix as Graphite, employs Microsoft Graph to use OneDrive as a command and control server and execute the malware. The attack is split into multiple stages to remain hidden for as long as possible. [73]

Acquisitions

Announcement dateCompanyBusinessDeal sizeReferences
December 30, 2013 Mandiant Information security$1bn [74]
May 8, 2014nPulse TechnologiesInformation security$60M [75]
January 2016iSight PartnersCyber Threat Intelligence$275M [76]
February 2016InvotasSecurity Orchestration [77]
October 2017The Email LaundryEmail Security [78]
January 2018X15 SoftwareMachine and Log Data Management$15M in equity and $5M in cash [79]
May 2019Verodin, Inc.Security InstrumentationApproximately $250M in cash and stock [80]
January 2020CloudvisoryCloud Security$13.2M in cash [81] [82]
November 2020Respond SoftwareDecision AutomationApproximately $186M in cash and stock [83]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security, or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google on January 12, 2010, by a weblog post, the attacks began in mid-2009 and continued through December 2009.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.

<span class="mw-page-title-main">Symphony Technology Group</span> American private equity firm

Symphony Technology Group (STG) is an American private equity firm based in Menlo Park, California. Its Managing Partner and Chief Investment Officer is William Chisholm who co-founded the firm with Bryan Taylor and Dr. Romesh Wadhwani in 2002.

The following outline is provided as an overview of and topical guide to computer security:

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

Fancy Bear, also known as APT28, Pawn Storm, Sofacy Group, Sednit, Tsar Team and STRONTIUM or Forest Blizzard, is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Numbered Panda is a cyber espionage group believed to be linked with the Chinese military. The group typically targets organizations in East Asia. These organizations include, but are not limited to, media outlets, high-tech companies, and governments. Numbered Panda is believed to have been operating since 2009. However, the group is also credited with a 2012 data breach at the New York Times. One of the group's typical techniques is to send PDF files loaded with malware via spear phishing campaigns. The decoy documents are typically written in traditional Chinese, which is widely used in Taiwan, and the targets are largely associated with Taiwanese interests. Numbered Panda appears to be actively seeking out cybersecurity research relating to the malware they use. After an Arbor Networks report on the group, FireEye noticed a change in the group's techniques to avoid future detection.

EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network. The NSA knew about this vulnerability but did not disclose it to Microsoft for several years, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

Red Apollo is a Chinese state-sponsored cyberespionage group which has operated since 2006. In a 2018 indictment, the United States Department of Justice attributed the group to the Tianjin State Security Bureau of the Ministry of State Security.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

Ghostwriter, also known as UNC1151 and Storm-0257 by Microsoft, is a hacker group allegedly originating from Belarus. According to the cybersecurity firm Mandiant, the group has spread disinformation critical of NATO since at least 2016.

Pipedream is a software framework for malicious code targeting programmable logic controllers (PLCs) and industrial control systems (ICS). First publicly disclosed in 2022, it has been described as a "Swiss Army knife" for hacking. It is believed to have been developed by state-level Advanced Persistent Threat actors.

References

  1. 1 2 3 4 "FireEye, Inc. 2020 Annual Report (Form 10-K)". last10k.com. U.S. Securities and Exchange Commission. February 2021.
  2. 1 2 Springer, P.J. (2017). Encyclopedia of Cyber Warfare. ABC-CLIO. p. 109. ISBN   978-1-4408-4425-6 . Retrieved September 18, 2018.
  3. "McAfee Announces Sale of Enterprise Business to Symphony Technology Group for $4.0 Billion". stgpartners.com. March 8, 2021. Retrieved April 20, 2022.
  4. "Symphony Technology Group Closes Acquisition of McAfee's Enterprise Business". stgpartners.com. July 28, 2021. Retrieved April 20, 2022.
  5. 1 2 3 "FireEye is selling its products business and name for $1.2 billion". cnbc.com. June 2, 2021. Retrieved February 8, 2022.
  6. 1 2 3 4 "McAfee Enterprise and FireEye combo is now Trellix". itworldcanada.com. January 27, 2022. Retrieved February 8, 2022.
  7. "McAfee Enterprise cloud security biz relaunches as Skyhigh". venturebeat.com. March 22, 2022. Retrieved July 12, 2022.
  8. 1 2 3 Anderson, Mae (August 24, 2018). "FireEye is tech firms' weapon against disinformation, staffed with 'the Navy SEALs of cyber security'". latimes.com. Retrieved September 18, 2018.
  9. 1 2 "FireEye shares double as hot security firm goes public". USA TODAY. September 20, 2013. Retrieved September 22, 2018.
  10. 1 2 3 4 Hackett, Robert (May 6, 2016). "FireEye Names New CEO". Fortune. Retrieved September 18, 2018.
  11. 1 2 3 4 Owens, Jeremy C.; Delevett, Peter (September 20, 2013). "FireEye's price more than doubles on Wall Street after eye-popping IPO". The Mercury News . Retrieved September 22, 2018.
  12. "FireEye names former McAfee exec Dave DeWalt as CEO, plans IPO". Reuters. November 28, 2012. Retrieved September 18, 2018.
  13. Kelly, Meghan (August 5, 2013). "FireEye brings more legitimacy to new security solutions with IPO filing". VentureBeat. Retrieved September 22, 2018.
  14. Westervelt, Robert (January 10, 2013). "FireEye Scores $50M Funding, Beefs Up Executive Team". CRN. Retrieved September 22, 2018.
  15. Bort, Julie (January 10, 2013). "Now Worth $1.25 Billion, FireEye Is The Next Hot Enterprise Startup To Watch". Business Insider. Retrieved September 22, 2018.
  16. 1 2 3 4 5 6 Perlroth, Nicole; Sanger, David (January 3, 2014). "FireEye Computer Security Firm Acquires Mandiant". The New York Times. Retrieved September 18, 2018.
  17. "FireEye Buys Mandiant For $1 Billion In Huge Cyber Security Merger". Business Insider. Reuters. January 2, 2014. Retrieved September 22, 2018.
  18. "FireEye has become Go-to Company for Breaches". USA Today. Retrieved May 21, 2015.
  19. Enzer, Georgina. "FireEye Inc steps into the Middle East". ITP.net. Retrieved September 18, 2018.
  20. "Security Watch: FireEye appoints first ever Asia Pac president". CSO. November 15, 2018. Retrieved November 15, 2018.
  21. Brewster, Tom (March 17, 2011). "FireEye looks to break into UK". IT PRO. Retrieved September 18, 2018.
  22. Doyle, Kirsten (August 7, 2013). "FireEye opens local office". ITWeb. Retrieved September 22, 2018.
  23. de la Merced, Michael J. (March 10, 2014). "With Its Stock Riding High, FireEye Sells More Shares for $1.1 Billion". DealBook. Retrieved September 22, 2018.
  24. Miller, Ron (May 6, 2014). "FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite". TechCrunch. Retrieved September 18, 2018.
  25. 1 2 Weise, Elizabeth (May 20, 2015). "FireEye has become go-to company for breaches". USA TODAY. Retrieved September 18, 2018.
  26. Finkle, Jim (January 20, 2016). "FireEye buys cyber intelligence firm iSight Partners for $200 million". U.S. Retrieved September 22, 2018.
  27. Hackett, Robert (January 20, 2016). "FireEye Makes a Big Acquisition". Fortune. Retrieved September 22, 2018.
  28. Kuchler, Hannah (January 20, 2016). "FireEye bulks up for 'cyber arms race'". Financial Times. Retrieved September 22, 2018.
  29. Morgan, Steve (February 2, 2016). "FireEye acquires Invotas; Who's next?". CSO Online. Retrieved September 22, 2018.
  30. Beckerman, Josh (February 2, 2016). "FireEye Buys Invotas International". WSJ. Retrieved September 22, 2018.
  31. Wieczner, Jen (August 5, 2016). "What FireEye's Stock Crash Says About Hacking". Fortune. Retrieved September 22, 2018.
  32. Owens, Jeremy C. (August 4, 2016). "FireEye plans layoffs as new CEO takes the helm, stock plunges". MarketWatch. Retrieved September 22, 2018.
  33. Sharma, Vibhuti (October 30, 2018). "FireEye earnings boosted by lower costs, higher subscriptions". Reuters. Retrieved November 15, 2018.
  34. 1 2 "McAfee Enterprise and FireEye are now called Trellix". ZDNet . Retrieved February 8, 2022.
  35. "FireEye Announces Sale of FireEye Products Business to Symphony Technology Group for $1.2 Billion". FireEye. Retrieved June 10, 2021.
  36. FireEye's press release Archived October 19, 2021, at the Wayback Machine about relaunch of Mandiant in NASDAQ
  37. Symphony Technology Group Announces Bryan Palma Appointment
  38. 1 2 Oltsik, Jon (October 15, 2015). "FireEye Myth and Reality". CSO Online. Retrieved September 18, 2018.
  39. "Cybersecurity Firm FireEye's Revenue Beats Street". Fortune. July 1, 2017. Retrieved September 22, 2018.
  40. Casaretto, John (February 14, 2014). "FireEye launches a new platform and details Mandiant integration". SiliconANGLE. Retrieved September 22, 2018.
  41. Kuranda, Sarah (November 30, 2016). "FireEye Brings Together Security Portfolio Under New Helix Platform". CRN. Retrieved September 22, 2018.
  42. "FireEye Forecasts Downbeat Results for Current Quarter; Shares Tumble (NASDAQ:FEYE) – Sonoran Weekly Review". Sonoran Weekly Review. May 6, 2016. Archived from the original on August 10, 2016. Retrieved May 6, 2016.
  43. Cheng, Jacqui (November 11, 2009). "Researchers' well-aimed stone takes down Goliath botnet". Ars Technica. Retrieved November 30, 2009.
  44. Wingfield, Nick (March 18, 2011). "Spam Network Shut Down". Wall Street Journal. Retrieved March 18, 2011.
  45. "FireEye Blog | Threat Research, Analysis, and Mitigation". Blog.fireeye.com. Archived from the original on January 31, 2013. Retrieved April 12, 2014.
  46. "Cybercriminals no longer control Grum botnet, researchers say". computerworld.com. July 19, 2012. Retrieved February 15, 2022.
  47. Sanger, David E.; Barboza, David; Perlroth, Nicole (February 18, 2013). "China's Army Is Seen as Tied to Hacking Against U.S." The New York Times. Retrieved October 15, 2018.
  48. "Microsoft Security Bulletin Summary for October 2014". Microsoft. Retrieved June 21, 2017.
  49. Sullivan, Gail (December 2, 2014). "Report: 'FIN4' hackers are gaming markets by stealing insider info". Washington Post. Retrieved June 21, 2017.
  50. Fox-Brewster, Tom (October 29, 2014). "'State sponsored' Russian hacker group linked to cyber attacks on neighbours". The Guardian.
  51. Leyden, John (September 15, 2015). "Compromised Cisco routers spotted bimbling about in the wild". The Register. Retrieved June 21, 2017.
  52. Goodin, Dan (September 11, 2015). "Security company litigates to bar disclosure related to its flaws". ArsTechnica . Retrieved September 12, 2015.
  53. "Acknowledgments – 2015". Microsoft. Retrieved June 21, 2017.
  54. "Security updates available for Adobe Flash Player". Adobe. Retrieved June 21, 2017.
  55. Korolov, Maria (September 29, 2016). "Diversified supply chain helps 'Vendetta Brothers' succeed in criminal business". CSO. Retrieved June 21, 2017.
  56. Hackett, Robert (June 25, 2016). "China's Cyber Spying on the U.S. Has Drastically Changed". Fortune. Retrieved June 21, 2017.
  57. Cox, Joseph (June 2, 2016). "There's a Stuxnet Copycat, and We Have No Idea Where It Came From". Motherboard. Retrieved June 21, 2017.
  58. "Security updates available for Adobe Flash Player". Adobe. Retrieved June 21, 2017.
  59. Goodin, Dan (May 5, 2016). "Critical Qualcomm security bug leaves many phones open to attack". Ars Technica. Retrieved June 21, 2017.
  60. Taylor, Harriet (April 20, 2016). "What one criminal gang does with stolen credit cards". CNBC. Retrieved June 21, 2017.
  61. "CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API". Microsoft. Retrieved June 21, 2017.
  62. Conger, Kate; Frenkel, Sheera (August 23, 2018). "How FireEye Helped Facebook Spot a Disinformation Campaign". The New York Times. Retrieved September 22, 2018.
  63. "FireEye hacked, red team tools stolen". December 8, 2020.
  64. Sanger, David E.; Perlroth, Nicole (December 8, 2020). "FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State". The New York Times.
  65. agencies, Guardian staff and (December 9, 2020). "US cybersecurity firm FireEye says it was hacked by foreign government". the Guardian.
  66. Newman, Lily Hay. "Russia's FireEye Hack Is a Statement—but Not a Catastrophe". Wired. Archived from the original on December 16, 2020. Retrieved December 17, 2020 via www.wired.com.
  67. "fireeye/red_team_tool_countermeasures". GitHub. Retrieved December 17, 2020.
  68. Sanger, David E.; Perlroth, Nicole; Schmitt, Eric (December 15, 2020). "Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit". The New York Times.
  69. "SolarWinds Orion: More US government agencies hacked". BBC News. December 15, 2020. Retrieved December 17, 2020.
  70. Allen, Mike, Russia hacked from inside U.S. , Axios, January 3, 2021
  71. "Bracing for cyber-spying at the Olympics". politico.com. Retrieved February 15, 2022.
  72. "Russia and China ramping up cyber threats: Trellix CEO". foxnews.com. Retrieved February 15, 2022.
  73. "Trellix finds OneDrive malware targeting government officials in Western Asia". ZDNet . Retrieved February 15, 2022.
  74. Perlroth, Nicole; Sanger, David E. (January 2, 2014). "FireEye Computer Security Firm Acquires Mandiant". The New York Times.
  75. Miller, Ron (May 8, 2014). "FireEye Buys nPulse Technologies For $60M+ To Beef Up Network Security Suite". TechCrunch.
  76. "FireEye Announces Acquisition of Global Threat Intelligence Leader iSIGHT Partners | FireEye". investors.fireeye.com. Archived from the original on November 8, 2020. Retrieved December 9, 2020.
  77. "FireEye Announces Acquisition of Invotas International Corporation (None:FEYE)". investors.fireeye.com. Archived from the original on March 27, 2016. Retrieved January 13, 2022.
  78. "The Future is Bright for FireEye Email Security". FireEye. Archived from the original on July 12, 2018. Retrieved July 12, 2018.
  79. "FireEye Announces Acquisition of X15 Software". FireEye.
  80. "FireEye Acquires Security Instrumentation Leader Verodin". FireEye. Archived from the original on May 28, 2019. Retrieved May 28, 2019.
  81. "FireEye Acquires Cloudvisory". FireEye.
  82. "SEC Form 10-Q, quarter ended March 31, 2020". FireEye. May 1, 2020. p. 8. Archived from the original (PDF) on November 29, 2020. Retrieved April 27, 2021.
  83. "FireEye Announces Acquisition of Respond Software". FireEye.