Who Gets Called In When a Company Is Hacked?

After nearly every large-scale corporate cyber attack that occurred in the past few years -- like the huge breaches that struck Target and Community Health -- cybersecurity specialist FireEye (MNDT) was the company called in to investigate and sort through the wreckage.

In this clip of Industry Focus: Healthcare, Kristine Harjes and Dylan Lewis discuss how the company keeps its clients' data secure in the wake of an attack, the preemptive measures it uses and how effective they are, implications for the healthcare industry, and what FireEye does to distinguish itself in its market.

A full transcript follows the video.

This podcast was recorded on Feb. 10, 2016. 

Kristine Harjes: I don't know a ton about the tech space, but it seems like there's a huge market for this.

Dylan Lewis: Yeah. The cybersecurity space is very nuanced, and we'll try to do just a broad brushstroke kind of look at things. There are a whole bunch of different elements that go into it. But, case in point with a company that's very relevant right now in cybersecurity is the company that responded to the issues that Anthem (ELV 0.15%) had. So, Mandiant, which is a division of FireEye, publicly traded company, was the one that was hired to investigate their issues. And so this is very common for FireEye -- they come in quite often for postmortems on cybersecurity problems. I believe they were also the ones who investigated a major attack on the healthcare industry. It was a hospital provider or operator?

Harjes: Community Health.

Lewis: Right. So, this is only part of FireEye's business. They also do active monitoring and securing. And some of the things they specialize in, and one of the reasons that I'm super bullish on the cybersecurity space in general is, it's very difficult to go more than a quarter without hearing about some major company or healthcare provider or whatever running into some sort of leak issue. It happens. These companies are becoming larger and larger targets because they're just a treasure trove of the very sensitive information they have, whether they're doing credit card processing or healthcare record. Either way, it's very easy to take that kind of thing and steal someone's identity.

Harjes: So, with FireEye, I don't know a lot about the company, what exactly is their business? They come in after a big breach and say, "Hey, you screwed up in these four ways, fix it, do better"?

Lewis: Yeah, their postmortem stuff is very much like digital forensics. It's like, "Hey, this is what happened, this is what went wrong, here were your vulnerabilities, and we're going to help you fix them." So, it's kind of diagnostic looking back. And that's a big part of their business consulting, and you'll see, almost anytime there's a major breach, they'll get called. You'll see the press releases like, "Anthem experienced this, yadda yadda yadda." And then, down at the bottom, it's like, "They brought in FireEye for postmortem consulting and to diagnose what the issues were." So, that's part of their business. They also do ongoing monitoring. And I think that's where you're going to continue to see the market grow. 

Harjes: There's such a parallel there to the healthcare industry and preventive care.

Lewis: Yep, exactly. That's a perfect way to put it. Why expose yourself to these huge liabilities that these data breaches pose when you can pay someone on a subscription basis to make sure you're Fort Knox locked down and don't run into any issues?

Harjes: And that's recurring revenue, too, so that's going to be to FireEye's advantage.

Lewis: Yeah. And that's something they're moving toward. A lot of their business now is not set up that way, but they're trying to build up that segment. So, on the monitoring side, they kind of specialize in Day Zero attacks. Basically, these are vulnerabilities that are not previously known, so they can't be thwarted. That's the problem. So, they're doing it on a proactive basis, basically using test environments and virtual machines to try to find these vulnerabilities, and then patch them before they become issues that other people discover. So, it's beating the bad guys to being the bad guys. So, that's another thing they do. I think one of the awesome things and one of the reasons that I'm personally a shareholder is they enjoy a unique certification that no other tech safety firms currently do. This is from a press release, and I think it underscores how strong they are and why it's so important to the business.

The U.S. Department of Homeland Security has certified FireEye's multivector virtual execution engine and dynamic threat intelligence cloud platform under the Safety Act. Certification is the highest level of liability protection available under the Safety Act. Customers of these certified FireEye technologies now have protection under the Safety Act from lawsuits or claims alleging failure of the technologies to prevent or mitigate an act of cyber terrorism. FireEye is the only cyber security company with products, technologies, or services certified under the Safety Act.

Harjes: Wow. So, they're blowing the competition out of the water is what I'm hearing.

Lewis: Yeah.