Symbol List Views
FlashQuotes InfoQuotes
Stock Details
Summary Quote Real-Time Quote After Hours Quote Pre-market Quote Historical Quote Option Chain
CHARTS
Basic Chart Interactive Chart
COMPANY NEWS
Company Headlines Press Releases Market Stream
STOCK ANALYSIS
Analyst Research Guru Analysis Stock Report Competitors Stock Consultant Stock Comparison
FUNDAMENTALS
Call Transcripts Annual Report Income Statement Revenue/EPS SEC Filings Short Interest Dividend History
HOLDINGS
Ownership Summary Institutional Holdings Insiders
(SEC Form 4)
 Save stocks for next time

Sourcefire, Inc. (FIRE)

February 26, 2013 6:50 pm ET

Executives

Martin F. Roesch - Founder, Interim Chief Executive Officer, Chief Technology Officer and Director

Todd P. Headley - Chief Financial Officer, Principal Accounting Officer, Treasurer and Assistant Secretary

Analysts

Keith Weiss - Morgan Stanley, Research Division

Presentation

Keith Weiss - Morgan Stanley, Research Division

Next one. Thank you, everyone, for joining us. My name is Keith Weiss. I'm a member of the software research team here at Morgan Stanley, and we're very pleased to have with us here this afternoon both Marty Roesch, CEO; and Todd Headley, CFO of Sourcefire. Still interim CEO?

Martin F. Roesch

Yes.

Keith Weiss - Morgan Stanley, Research Division

No one else wants to be?

Martin F. Roesch

No.

Keith Weiss - Morgan Stanley, Research Division

I thought given RSA's going on this week, I thought a good place to start would be on one of the recent product announcements that you made, a dedicated appliance for FireAMP. Maybe you could start off talking to us more broadly about FireAMP. It's one of the newer product initiatives you have going on, I think it's very interesting. Start off with kind of the framework of this sort of next generation threat management management, how FireAMP fits in there, then maybe drill down to today's announcement of the dedicated appliance.

Martin F. Roesch

Okay. So FireAMP is a technology that's primarily oriented around dealing with modern malware. One of the primary attack vectors that is being used to break in the modern enterprises is malware, it is the transport for getting attacks into many environments, and it's largely file-based. So attackers generate files, they get the files into various environments, those files contain malware and then it's off to the races. Once malware has penetrated an environment, you get into this malware's spreading effectively. It doesn't just get into an environment -- you don't get infected by one piece of malware, you get infected by 10 very rapidly, when you get infected these days. Traditional defenses for dealing with this revolve around antivirus systems, maybe some more recent anti-malware developments, but largely they're ineffectual against things that haven't been seen before. So what the AMP technology does is -- it's a new approach to doing Advanced Malware Protection, which is what AMP stands for, based on collecting large amounts of information about what's being observed in the environment, forwarding that information up to a cloud-based back end, where we have a big data analytics infrastructure back there that can look at the data and do a number of interesting things. So when you look at our AMP product, what you really get is you've got a cloud up in the sky, that's got all of our detection logic in it, it's got all of our intelligence in it, and then you've got a variety of connectors that talk to the cloud. So I've got an endpoint connector that rides on desktops or laptops or whatever, on Windows systems. I've got a mobile connector that rides on Android devices. I've got a virtual connector that rides on virtual infrastructure like VMware, and then I've got a network connector that rides on Sourcefire's FirePOWER appliances which is what this announcement was about today. So all of these connector technologies talk back to the same cloud, they stream telemetry up to the cloud continuously about what they're observing in their environment. So as files do activities, whether it be installing a file, copying itself, moving some other file, executing, doing network -- or generating network traffic, we bring all that information together in our cloud, and then once it's in the cloud, we do real-time analytics on it. So we look for things like known bad files, so I can look for things based on a blacklist and whitelist I have. I have prevalence analyzers and heuristics and machine learning engines to detect zero days, and then I keep that information. So I keep this information in the cloud persistently, so that if I figure out something is bad later, I can go back and see exactly what happened. So I have a comprehensive record of when the file showed up, what its attack vector was, what else it did, who else it talked to, I have comprehensive information on everything it did, everything it installed and everything that those installed items did. And if I don't like it, I can wind it back to the beginning very easily and get rid of it. So we call this retrospective security. So Sourcefire is really driving hard in the space right now because what we are observing is people are getting compromised. And one of the things I'd like to do is I like to go in to customers and I'll say, "So Mr. Customer or Mr. Investor or analyst, when you think about security these days, the questions you should really be asking yourself is if you were going to be compromised, would you do security differently?" And most people would say, "Yes, yes. If I knew I was going to be compromised I would probably spend my money a little differently and things like that." Well, guess what, everybody is being compromised. I mean I don't have -- I'm not trying to like scare anybody or anything like that, but this is happening, right? It's in the papers everyday, Facebook, Apple, Twitter, New York Times, Lockheed Martin, you name it. And what we're seeing is that the industrialization of hacking that's happening right now, a lot of it is a being driven out of China, like the Manit [ph] reporter referred to last week. And with this happening, people have got to start realizing that the security game is not just putting up firewalls and deploying antivirus because I've got PCI compliance checklist get to through and things like that. This game is changing, and it's changing very rapidly, and if you are not paying attention, if you don't have a security technology that is developed to deal with the modern realities, then you're eventually going to have a really bad day or a really bad year because the average amount of time it takes for detection of an attacker who breaks into an environment is, according to the Manit [ph] report, on average, 356 days. So most enterprises, when they get popped, don't figure it out for almost a year. Imagine the damage that can be done at that time, and that's what we're doing. So we've built this AMP infrastructure so that people can figure out when they've been attacked using a variety of methods. Right? We have all the standard classic models for being able to detect malware, plus big data analytics for detecting previously unidentified malware, plus retrospective security. So if we identify malware later, we can see comprehensively what happened and continuously evaluate the health of our environment. This is what we talked about when we're talking about continuous capability. Every time a piece of malware operates, we have another opportunity to detect it. It's not like the classic model where, this data is presented to some security engine, the security engine makes a determination, good or bad, and if it misses something, it's gone forever. In the AMP model, every time this thing operates, we have another opportunity to detect it, and we have -- if we figure it out on our own that's something has gone wrong, we can simply click a few buttons and get rid of it. So this is a transitional model. We believe that security is transitioning to a continuous-model security as opposed to point-in-time security, which is the way that firewalls, Intrusion Prevention Systems, classic antivirus systems work. We believe that this transition to the -- this continuous-security model is happening, and FireAMP is very uniquely positioned in the market as being one of the pioneering technologies in this space. And the appliance, to answer your question --

Read the rest of this transcript for free on seekingalpha.com