FireEye, which is being purchased by a consortium led by Symphony Technology Group (STG), on Monday rolled out its new extended detection and response (XDR) platform.

FireEye XDR helps organizations break down silos and evolve security by extending FireEye’s endpoint detection and response (EDR) capabilities beyond the endpoint to network, email and cloud, as well as support for log and event feeds from more than 600 applications and services.

Customer Struggles

FireEye’s Michelle Salvado

Michelle Salvado is FireEye’s senior vice president of engineering.

“When we talk about the channel and the folks they’re servicing, they really can’t build a highly expert security team,” she said. “And they struggle with all the data that is needed to be able to perform their job, how do they manage that data and the tool proliferation. So customers are trying to consolidate that. We know ultimately they can’t go down to just one vendor. But of the vendors they pick, they want the vendors that work together. They want all of those pieces to work together because you need all of that data, that view, to really find what’s being missed by your protection stance, and then be able to respond to that, and also remediate, change your protection stance so that it doesn’t happen again.”

Over the next few quarters, the FireEye products business plans to introduce new features to the XDR platform. Those include enhanced endpoint cloud capabilities, FireEye Helix upgraded dashboards and threat graphing capabilities, additional support for third-party security tools, and continued integration with the Mandiant Advantage platform, which includes automated defense.

XDR Flagship Offering of New FireEye

FireEye’s Bryan Palma

Bryan Palma is executive vice president of FireEye products. He said the XDR platform is going to be FireEye’s flagship offering and it’s “where we’re going all in from a FireEye product side.”

“That’s where the future of the company is,” he said. “And as we get through the divestiture, this is where our investments are going to be. This is the platform customers can expect from us. We’re going to make both organic and inorganic investments to get there. We’re open as well, which is pretty unique. There’s a lot of folks out there who are either native or open, and we can kind of straddle that fence a bit. We can also leverage the value of Respond Software, which was an acquisition we made late last year on the Mandiant side. That gives us some great artificial intelligence (AI) and machine learning (ML) models, and helps make our system much better.”

Separation On Track

In June, FireEye announced it’s selling its products business, including the FireEye name, for $1.2 billion. The transaction will separate FireEye’s network, email, endpoint and cloud security products, along with the related security management and orchestration platform, from Mandiant’s controls-agnostic software and services. FireEye and STG should close the deal by the end of the fourth quarter.

Palma said the acquisition is on track to close in the fourth quarter.

“We’re making sure we’re setting up all the right agreements to make sure that our customers don’t have any impact by the separation,” he said. “We have a reseller agreement where both sides are able to resell the other side’s products. We’re going to continue to provide the tools for Mandiant, our consulting and managed defense. There’s a collaboration agreement where we’re going to flow telemetry to Mandiant. They’re going to flow intelligence to us so none of that gets disrupted. That’s most material to our customers.”

In addition, FireEye is working on a transition services agreement where Mandiant will provide back office for FireEye products.

“That’s very important because that’s our order processing,” Palma said. “We want to make sure that that’s very smooth through the transition and that’s why we’ve set up that agreement. So that’s some of the work that’s been going on. The rest of the work is focused on the employees and making sure we’re making the transition for them.”

More Competitive Advantage

FireEye partners will continue to be partners of both FireEye and Mandiant, Palma said.

“We will be replicating those contracts with similar terms and then able to just transact business in the same way,” he said. “They’ll be no change there. On the FireEye product side, we’re excited to be able to work with more partners, because one of the feedback that we often got was that we had competitive offerings and that made some of the partners nervous. So because we have our own managed defense service, some of the MSP players were nervous that we would take the customers for ourself and not honor those commitments. Now, we’ll have a lot more ability to do that and same thing on the consulting side. So this is really a net positive, I think, for us to be able to expand our impact in the channel. We look forward to doing that, obviously.”

The new FireEye will have more of a competitive advantage than the old one, Palma said.

“We believe both companies get more competitive on the other side, he said. “Our business model is around SaaS and the transition to making this XDR platform completely available from the cloud, and being a product organization. So this allows us to focus on that. The struggle that we had within FireEye Mandiant was there were so many things under the umbrella that it’s difficult to get the proper funding.”

Both FireEye and Mandiant will be well positioned to go after their perspective segments of the market, Palma said.

FireEye acquired Mandiant in late 2013. Post-closing, the company will continue to publicly trade as Mandiant.