Tag Archives: FireEye

Black Hat USA Talks: Investigating PowerShell Attacks

| By | Threat Research |
Comments
0

Threat actors are always eager to adopt new tools, tactics, and procedures that can help them evade detection and conduct their mission. Incident responders from Mandiant have observed increasing use of PowerShell by targeted attackers to conduct command-and-control in compromised Windows networks. As a trusted administration tool built-in to all modern versions of Windows, PowerShell provides the ability to access remote systems, execute commands, transfer files, load malicious code, and interact with underlying components of the operating system – all tasks for which attackers must otherwise rely on malware. This has created a whole new playground of intrusion techniques for intruders that have already established a foothold on systems in a corporate network.

Ryan Kazanciyan and Matt Hastings will talk about the use of PowerShell throughout the attack lifecycle and the sources of evidence it leaves behind in memory, on disk, in logs, and elsewhere. They will demonstrate how to collect and interpret these forensic artifacts, both on individual systems and at scale. Throughout the presentation, they will include examples from real-world incidents.

Attend this presentation on August 7 at 4:05pm PT in South Seas GH. Make sure to use #BHUSA and @FireEye if you plan to tweet highlights from the talk.

To view the whitepaper, click here.

Black Hat USA Talks: Sidewinder Targeted Attack Against Android in The Golden Age of Ad Libs

| By | Advanced Malware, Threat Research |
Comments
0

While Google Play has little malware, many vulnerabilities exist in the apps as well as the Android system itself, and aggressive ad libs leak a lot of user privacy information. When they are combined together, more powerful targeted attacks can be conducted.

In this presentation, FireEye’s Yulong Zhang and Tao Wei will present one practical case of such attacks called “Sidewinder Targeted Attack.” It targets victims by intercepting location information reported from ad libs, which can be used to locate targeted areas such as a CEO’s office or some specific conference rooms. When the target is identified, “Sidewinder Targeted Attack” exploits popular vulnerabilities in ad libs, such as Javascript-binding-over-HTTP or dynamic-loading-over-HTTP, etc.

During the exploit, it is a well-known challenge to call Android services from injected native code due to the lack of Android application context. So they will also demonstrate how attackers can invoke Android services such as taking photos, calling phone numbers, sending SMS, reading/writing the clipboard, etc. Once intruding into the target, the attackers can exploit several Android vulnerabilities to get valuable privacy information or initiate more advanced attacks. We will reveal how to exploit new vulnerabilities we discovered in this phase.

In addition, they will show demos using real-world apps downloaded from Google Play.

Although they notified Google, ad vendors and app developers about related issues half a year ago, there are still millions of users under the threat of “Sidewinder Targeted Attacks” due to the slow patching/upgrading/fragmentation of the Android ecosystem.

Attend this presentation on August 7 at 10:15am PT in South Seas GH. Make sure to use #BHUSA and @FireEye if you plan to tweet highlights from the talk.

To view the whitepaper, click here.

Black Hat USA Talks - Leviathan: Command And Control Communications On Planet Earth

| By | Targeted Attack, Threat Research |
Comments
0

Every day, computer network attackers leverage a Leviathan of compromised infrastructure, based in every corner of the globe, to play hide-and-seek with network security, law enforcement, and counterintelligence personnel.

This presentation draws a new map of Planet Earth, based not on traditional parameters, but on hacker command and control (C2) communications. The primary data points used in this worldwide cyber survey are more than 30 million malware callbacks to over 200 countries and territories over an 18-month period, from January 2013 to June 2014.

First, this talk covers the techniques that hackers use to communicate with compromised infrastructure across the globe. The authors analyze the domains, protocols, ports, and websites used for malicious C2. They explain how covert C2 works, and how attackers keep their communications hidden from network security personnel.

Second, this talk looks at strategic impact. The authors examine relationships between the targeted industries and countries and the first-stage malware servers communicating with them. Traffic analysis is used to deduce important relationships, patterns, and trends in the data. This section correlates C2 communications to traditional geopolitical conflicts and considers whether computer network activity can be used to predict real world events.

In conclusion, the authors consider the future of this Leviathan, including whether governments can subdue it – and whether they would even want to.

Attend this presentation on August 7 at 10:15am PT in South Seas GH. Make sure to use #BHUSA and @FireEye if you plan to tweet highlights from the talk.

To view the whitepaper, click here.

FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malware

| By | Advanced Malware, Threat Research |
Comments
0

The FireEye Labs Advanced Reverse Engineering (FLARE) Team is dedicated to sharing knowledge and tools with the community. We started with the release of the FLARE On Challenge in early July where thousands of reverse engineers and security enthusiasts participated. Stay tuned for a write-up of the challenge solutions in an upcoming blog post.

This post is the start of a series where we look to aid other malware analysts in the field. Since IDA Pro is the most popular tool used by malware analysts, we’ll focus on releasing scripts and plug-ins to help make it an even more effective tool for fighting evil. In the past, at Mandiant we released scripts on GitHub and we’ll continue to do so at the following new location https://github.com/fireeye/flare-ida. This is where you will also find the plug-ins we released in the past: Shellcode Hashes and Struct Typer. We hope you find all these scripts as useful as we do.

Quick Challenge

Let’s start with a simple challenge. What two strings are printed when executing the disassembly shown in Figure 1?

figure1

Figure 1: Disassembly challenge

If you answered “Hello world\n” and “Hello there\n”, good job! If you didn’t see it then Figure 2 makes this more obvious. The bytes that make up the strings have been converted to characters and the local variables are converted to arrays to show buffer offsets.

Figure 2: Disassembly challenge with markup

Figure 2: Disassembly challenge with markup

Reverse engineers are likely more accustomed to strings that are a consecutive sequence of human-readable characters in the file, as shown in Figure 3. IDA generally does a good job of cross-referencing these strings in code as can be seen in Figure 4.

Figure 3: A simple string

Figure 3: A simple string

 

Figure 4: Using a simple string

Figure 4: Using a simple string

Manually constructed strings like in Figure 1 are often seen in malware. The bytes that make up the strings are stored within the actual instructions rather than a traditional consecutive sequence of bytes. Simple static analysis with tools such as strings cannot detect these strings. The code in Figure 5, used to create the challenge disassembly, shows how easy it is for a malware author to use this technique.

Figure 5: Challenge source code

Figure 5: Challenge source code

Automating the recovery of these strings during malware analysis is simple if the compiler follows a basic pattern. A quick examination of the disassembly in Figure 1 could lead you to write a script that searches for mov instructions that begin with the opcodes C6 45 and then extract the stack offset and character bytes. Modern compilers with optimizations enabled often complicate matters as they may:

  • Load frequently used characters in registers which are used to copy bytes into the buffer
  • Reuse a buffer for multiple strings
  • Construct the string out of order

Figure 6 shows the disassembly of the same source code that was compiled with optimizations enabled. This caused the compiler to load some of the frequently occurring characters in registers to reduce the size of the resulting assembly. Extra instructions are required to load the registers with a value like the 2-byte mov instruction at 0040115A, but using these registers requires only a 4-byte mov instruction like at 0040117D. The mov instructions that contain hard-coded byte values are 5-bytes, such as at 0040118F.

Figure 6: Compiler optimizations

Figure 6: Compiler optimizations

 

The StackStrings IDA Pro Plug-in

To help you defeat malware that contains these manually constructed strings we’re releasing an IDA Pro plug-in named StackStrings that is available at https://github.com/fireeye/flare-ida. The plug-in relies heavily on analysis by a Python library called Vivisect. Vivisect is a binary analysis framework frequently used to augment our analysis. StackStrings uses Vivisect’s analysis and emulation capabilities to track simple memory usage by the malware. The plug-in identifies memory writes to consecutive memory addresses of likely string data and then prints the strings and locations, and creates comments where the string is constructed. Figure 7 shows the result of running the above program with the plug-in.

Figure 7: StackStrings plug-in results

Figure 7: StackStrings plug-in results

 

While the plug-in is called StackStrings, its analysis is not just limited to the stack. It also tracks all memory segments accessed during Vivisect’s analysis, so manually constructed strings in global data are identified as well as shown in Figure 8.

Figure 8: Sample global string

Figure 8: Sample global string

Simple, manually constructed WCHAR strings are also identified by the plug-in as shown in Figure 9.

Figure 9: Sample WCHAR data

Figure 9: Sample WCHAR data

 

Installation

Download Vivisect from http://visi.kenshoto.com/viki/MainPage and add the package to your PYTHONPATH environment variable if you don’t already have it installed.

Clone the git repository at https://github.com/fireeye/flare-ida. The python\stackstring.py file is the IDA Python script that contains the plug-in logic. This can either be copied to your %IDADIR%\python directory, or it can be in any directory found in your PYTHONPATH. The plugins\stackstrings_plugin.py file must be copied to the %IDADIR%\plugins directory.

Test the installation by running the following Python commands within IDA Pro and ensure no error messages are produced:

Screen Shot 2014-08-01 at 1.06.24 PM

To run the plugin in IDA Pro go to Edit – Plugins – StackStrings or press Alt+0.

Known Limitations

The compiler may aggressively optimize memory and register usage when constructing strings. The worst-case scenario for recovering these strings occurs when a memory buffer is reused multiple times within a function, and if string construction spans multiple basic blocks. Figure 10 shows the construction of “Hello world\n” and “Hello there\n”. The plug-in attempts to deal with this by prompting the user by asking whether you want to use the basic-block aggregator or function aggregator. Often the basic-block level of memory aggregation is fine, but in this situation running the plug-in both ways provides additional results.

Figure 10: Two strings, one buffer, multiple basic blocks

Figure 10: Two strings, one buffer, multiple basic blocks

 

You’ll likely get some false positives due to how Vivisect initializes some data for its emulation. False positives should be obvious when reviewing results, as seen in Figure 11.

Figure 11: False positive due to memory initialization

Figure 11: False positive due to memory initialization

The plug-in aggressively checks for strings during aggregation steps, so you’ll likely get some false positives if the compiler sets null bytes in a stack buffer before the complete string is constructed.

The plug-in currently loads a separate Vivisect workspace for the same executable loaded in IDA. If you’ve manually loaded additional memory segments within your IDB file, Vivisect won’t be aware of that and won’t process those.

Vivisect’s analysis does not always exactly match that of IDA Pro, and differences in the way the stack pointer is tracked between the two programs may affect the reconstruction of stack strings.

If the malware is storing a binary string that is later decoded, even with a simple XOR mask, this plug-in likely won’t work.

The plug-in was originally written to analyze 32-bit x86 samples. It has worked on test 64-bit samples, but it hasn’t been extensively tested for that architecture.

Conclusion

StackStrings is just one of many internally developed tools we use on the FLARE team to speed up our analysis. We hope it will help speed up your analysis too. Stay tuned for our next post where we’ll release another tool to improve your malware analysis workflow.

Black Hat USA 2014: The Ultimate Cybersecurity Event

| By | Business of Security, Security Perspective |
Comments
0

Black Hat USA is about to return for its 17th year in Las Vegas, NV. The show will bring together the brightest minds in the world of cybersecurity for a six-day period where learning, networking, and skill-building top the activity list. FireEye will be there in full force.

Here is what you need to know:

  • Be on the Look Out: FireEye and Mandiant will have a presence at the conference in booths 411 and 246, respectively. You’ll be able to watch live demos, attend presentations, and get the latest updates on our full platform of technologies and services.
  • Jump into the Trenches: Join FireEye CTO Dave Merkel on Thursday, August 7 from 1-2PM for his insightful presentation “Lessons from the Trenches: Advanced Techniques for Dealing with Advanced Attacks” which will review the latest approaches attackers are using to compromise organizations and, more importantly, what the most innovative security teams are doing to stay ahead. Mr. Merkel will be drawing on data and anecdotes from hundreds of organizations, and will outline how leading security teams have reorganized, re-architected and realigned their security strategies.
  • Take a Practical View: Visit the FireEye booth (411) for ongoing presentations with a focus on various case studies that can be applied to everyday activities. Presentations will be interactive and include audience responses.
  • View Live Demonstrations: FireEye will have eight demo stations networked to live products and solutions to recreate real and recognizable environments.
  • Come out and Party: Join the FireEye crew for an event co-sponsored by Rapid7 on Wednesday, August 6 at XS Nightclub in Wynn/Encore. Register for the party here!
  • M After Dark: There is nothing quite like Mandiant’s “M After Dark” party, which will take place on August 5, from 7-9PM at the Eye Candy Sound Lounge at Mandalay Bay. Click here for registration information.

We hope to see you in Las Vegas the week of August 2 through August 7. If you are unable to attend, check back on the blog for insights from the conference.

 

Security as a Differentiator: Investis Partners With FireEye Managed Defense to Offer Its Clients the Very Best in Cybersecurity

| By | Business of Security, Incident Response, Security Perspective, Technology |
Comments
0

This is a contributed post from Alex Booth, COO, Investis

As a provider of digital corporate communication services to many of the world’s leading companies, information security is of critical importance to us here at Investis. In order to be the world’s safest platform for managing digital communications and hosting corporate sites, we wanted the strongest security partner in the business. As COO of Investis, this was a critical decision which is why I wanted to share the reasons we chose FireEye Managed Defense. To give you the short version, though, the choice was easy - the long version of which you can see in the video below or get a synopsis of in this post…

We are an ISO 27001 certified company and a member of CISP, the UK government’s cybersecurity information partnership. We believe you can never take security too seriously, especially in a digital landscape with increasingly sophisticated cybercrime. With that in mind, we wanted the most advanced solution to protect our environment and clients, and FireEye was the perfect partner to help us safeguard against advanced threats.

FireEye is the cybersecurity partner of choice for many of the US’s largest firms and its subsidiary, Mandiant, was selected by the UK Government Communications Headquarters (GCHQ) as one of four vendors certified to respond to cybersecurity attacks targeting the UK’s national infrastructure.

As a result of an on-site assessment by Mandiant consultants, we chose to augment our security team with the FireEye Managed Defense service.

We are looking forward to working with the great team over at FireEye to ensure we offer our clients the very best in cybersecurity.

Announcing the FLARE Team and The FLARE On Challenge

| By | Advanced Malware, Threat Research |
Comments
0

I would like to announce the formation of the FireEye Labs Advanced Reverse Engineering (FLARE) team. As part of FireEye Labs, the focus of this team is to support all of FireEye and Mandiant from a reverse engineering standpoint. Many FireEye groups have reversing engineering needs: Global Services discovers malware during incident response, Managed Defense constantly discovers threats on monitored client networks, and Products benefit from in-depth reversing to help improve detection capabilities.

We primarily focus on malware analysis, but we also perform red-teaming of software and organizations, and we develop tools to assist reverse engineering. Our research and tools assist with automatic malware triage to quickly get initial results out to incident responders in the field. Auto-unpackers unravel obfuscated samples without the need for an analyst. Automatic clustering and classifying samples helps identify if a binary is good or bad and whether we have analyzed it before. We develop reverse engineering scripts for IDA Pro and systems that help us quickly share our analysis results. We also write scripts that can help incident responders decrypt and interpret malware network traffic and host artifacts.

This elite technical enclave of reversers, malware analysts, researchers, and teachers, will team up with our FireEye Labs peers to help bring the best detection to our customers and promote knowledge sharing with the security research community. We’ll continue to provide technical training on malware analysis privately and at conferences like Black Hat. Look for us to present webinars on malware analysis and a blog series of scripts for IDA Pro to aid reverse engineering of malware.

The Challenge

To commemorate our launch, the FLARE team is hosting a challenge for all reverse engineers and malware analysts. We invite you to compete and test your skills. The challenge runs the gamut of skills we believe are necessary to succeed on the FLARE team. We invite everyone who is interested to solve the challenge and get their just reward!

The puzzles were developed by Richard Wartell, a reverse engineer with a PhD in “IDA Pro” (actually Computer Science, but his thesis used IDA Pro) from the University of Texas at Dallas where he worked on binary rewriting techniques for the x86 instruction set. He recently presented this work at the REcon conference in Montreal. At Mandiant Richard focused on incident response, but now on the FLARE team he reverse engineers malware, teaches malware classes, and helps develop our auto-unpacking technology.

As reverse engineers we’ve seen a variety of anti-reverse engineering techniques. Oftentimes the armoring malware authors employ is sophisticated and requires time to unravel. Sometimes it is misguided and easily circumvented.

Writing these binary puzzles has given us a chance to recreate some of the sophisticated (and sometimes ridiculous) techniques we see. The seven puzzles start with basic skills and escalate quickly to more difficult reversing tasks. At FLARE we have to deal with whatever challenges come our way, so the challenge reflects this. If you take on the challenge you might see malicious PDFs, .NET binaries, obfuscated PHP, Javascript, x86, x64, PE, ELF, Mach-O, and so on.

And after completing the final challenge, you’ll win a prize and be contacted by a FLARE team member. The full details can be found at: www.flare-on.com.

So on behalf of the FLARE team, I say Happy Reversing!

Economics of Security Part II: Qualifying the Economic Return From Cybersecurity Solutions

| By | Business of Security, Executive Perspectives, Security Perspective |
Comments
0

In part one of this series, my colleague, Bryce Boland, CTO, APAC touched on aligning a security program with the value-areas of a business. To be successful in this endeavor, you must calculate the return on investment (ROI) that a robust security program will offer. In part two, I will offer recommendations to achieving this.

The economics of security is an interesting challenge. I polled some contacts and discovered that, as much as we focus on reducing the capex on software and hardware, the majority of costs are actually opex. Therefore if we want to drive efficiencies in security, we should look at the usability (i.e. the time and costs required to achieve the desired outcome) of the tools as much as what they actually do.

Cybersecurity is a multi-dimensional problem, so whilst we consider efficiencies we must look at them in the context of outcomes and value. Our value question in cybersecurity has two factors: (1) are we able to leverage the most efficient path to obtain the solution and (2) being able prioritize on events/incidents that have the greatest business impact.

Simple event/incident response process

The rudimentary processes behind cyber have been around for years and are well documented in various standards. There’s a catalyst event that drives us to understand the problem, so we can qualify and prioritize if and when we need to respond – i.e. solve the problem.

Screen Shot 2014-07-02 at 10.41.08 PM

Are we increasing or decreasing efficiencies?

In recent years many have suggested the logic that “big data” can help us make smart decisions. Yet there is danger that this can create a spiral effect that has the potential to cripple us. By adding more content, we increase the cycles required to understand, qualify and respond. There is also a key question around the quality of that data. Take for example all the events we aggregate into a SIEM tool today, how many of those are truly worth taking action on?

How do we measure success and value?

If we are to evaluate the economic value cyber security solutions bring we need to look less at what they do and instead more how they do it. We need to understand the quality of the information they provide, both in terms of business impact and conversion to action, as well as the operational cycles required to achieve this; which are the cost & time multipliers.

As our technology world complexity continues, the operational aspect as a multiplier can only increase. Today I hear more companies asking for partnerships to solve problems rather than products; they see the time and skills challenge in solving the problem as prohibitive. If we are to succeed today, we need outcome focused solutions; that is they are efficient in providing actionable responses that are business oriented in their focus and/or services that reduce the operation costs associated with time to action. So how do we evaluate this in our buying criteria?

There have been many ROI tools that try to qualify the potential value that come from security investments. However if we are to align to business goals, we must drill into the process behind event correlation/validation – the heart of security – for business impact assessment and response actions.

Qualifying economic value from event/incident management

The framework below aims to give you a reference point to start to map out the economics of your security program.

Given solving this problem is entirely dependent on each individual organization; we must be able to qualify what makes our businesses profitable and how technology enables this. The model does not include metrics in each part of the incident lifecycle but does highlight some of the common key success metrics.

To make economic judgments, you need to assess the following:

  1. What is the ratio between events received and action taken?
  2. What is the efficacy level in the events & incidents you identify (i.e. the real cyber attack event to false positive ratio)?
  3. How many cycles do you iterate through to get from an event(s) to an action; is it timely and cost efficient? (Can you rank the processes/tools you leverage today in terms of man-hours and skills required to get to to action?)
  4. Do you align, prioritize and qualify events against against business goals and impact (How many cycles does this take)?
  5. Make the assessment using the framework & success criteria below to evaluate the key time and cost multipliers in your event/incident security process, so you can validate the economic value that comes from the processes and tools you leverage today, to see which are effective and which are not?
Measures of effectiveness of event/incident management

Measures of effectiveness of event/incident management

In conducting the evaluation process above (and visually outlined above), there is a defined process for tying operational expenditures with investments for securing the processes that generate business value. By analyzing the actions taken to conduct security operations and the, ideally, efficiencies in doing so, security leaders will be able to provide a full picture of their impact on the business. Ultimately, this changes the security conversations from just security to business practices overall.

Economics of Security Part I: Translating Information Security Risks to Business Risk

| By | Business of Security, Executive Perspectives, Security Perspective |
Comments
0

In this two-part series, my colleague, Greg Day, VP & CTO EMEA and I will focus on making the business case for security solutions that will protect your organization.

One of the many challenges IT Security professionals face is translating the security risks of technologies into the business risks they pose to the company. This translation is critical to building buy-in from your business to fund security initiatives and ensure your projects are funded properly relative to the myriad other things your business is pursuing with its money.

But where should you start? I’ve found that the best place to start is by looking at the processes in the business that generates value. These are the parts of the business that a results-oriented manager will want to protect from threat. By describing security risks in terms of how critical business processes – and their subsequent value generation – could be disrupted, your concern will resonate better with management. Consider the total business value that process generates today – is it 15 percent of the business or 85 percent? Give it a dollar figure. Given your assessment of the likely threat actors and security risks, how much of that value could be destroyed? This is a simple measure of the possible direct or immediate loss that could be experienced – something management are often measured and rewarded on.

Next you can look at knock-on impacts – this too helps speak to the management incentives. If the security risk manifests and creates a specific and significant business impact, would the market, regulators or customers notice? Would the stock price of the company drop as a result? Most business leaders will have a significant and direct interest in market valuation as their remuneration is often closely linked to the company’s stock market performance. Similarly, ask what is the business impact if a security failure leads to a loss of customers, of transaction volume, or increased regulatory scrutiny? Could you face a class action suit?

Sometimes the link between the business value generated and the technology underpinning it is a little hazy, but any modern business process that creates value will leverage and create data. It might be your customer data, the “secret sauce” of your products, a manufacturing capability that ensures your product has the best quality, the output from your R&D team, or perhaps it’s the plans for your next new business. Whatever this data is, and how you depend on it in your business, ensuring it is protected from threats is the difference between success and failure for many companies. Often this data is what the attacker is after. From a business perspective, the reliance on this data to operate the business effectively is how you connect the security risk to the business risk.

What are the most important assets and data in your business that create real value? This is very specific to every business. Think like an attacker: if you were to attack your business, what information would you steal, and why? What could you monetize, use to gain economic advantage, or gain market share? You can assess the value of that asset to your company in terms of potential losses from the dependent business processes, and the value of that asset to an attacker. Then determine how much you should invest to protect against the risks from cybersecurity threats. By going through the process of understanding how data and IT assets are part of the value creation in your business, you actually create the story to help understand the business risk, because you construct the discussion starting from the business process first.

Sometimes the most valuable thing you have is access to your customers. If your customers are large companies, this might make you a springboard to attack a smaller company – and likewise for a larger company your greatest security risks could be exposure to the less security aware vendors in your operations and supply chain. Make sure to consider these scenarios when talking to your business. As larger organizations consider the risks in their supply chain, they will increasingly consider security requirements in MSAs and demand not just compliance but demonstrable security capabilities in their business partners. It is a logical extension of risk management thinking to consider the broader supply chain risks as part of overall business risk management, and this will drive many smaller businesses to invest in improved security capabilities.

More than half the organizations we surveyed do not regularly assess their information security investments in terms of their value relative to the business process they protect. My recommendation is to re-evaluate your investment plan annually, and ensure that your continued security investments are relevant to the threats your business faces. You might also consider using a risk framework like ISO27005 as a tool to help you manage this in a consistent way, to prioritize risks and corresponding investments.

To summarize: understand how and where your business makes its money, illustrate the dependency on technology and data, then explain security risks in terms of the business impact.

In the second part of this series, Greg will discuss how to measure the economic value of your cybersecurity solutions.

CRN’s “Women of the Channel” Highlights Growing Role in Cybersecurity

| By | Business of Security, Security Perspective |
Comments
0

In a male dominated industry like cybersecurity, it is not often that women are recognized for their contributions to the field. However, as the industry grows and more women step forward into the field and offer themselves as role models, we hope to see a shift in our industry. FireEye has seen this shift start to happen within our own company with five females at the executive level and eight VPs; and we’re thrilled that this recognition goes beyond our own corporate culture.

This year, CRN announced its Women of the Channel project, which recognized 340 female executives for their accomplishments over the past year, as well as the long-term impact that their work is having on the channel and technology sector. It is a special recognition of those female channel executives who have risen in the ranks of their organizations.

CRN editors were also tasked with selecting 100 executives from that very list for special recognition as “The Power 100: The Most Powerful Women in the Channel,” which honors those who have earned a special distinction, one based on an exemplary record of success, as well as a high level of influence in the channel.

FireEye’s own Kristi Houssiere has been recognized as one of the year’s most influential women in business, and has also been recognized as one of this year’s “Power 100.” She has made a significant impact on the FireEye team and has played a tremendous role in delivering cybersecurity solutions as well as marketing our message and brand with and through the channel.

Kristi Houssiere serves as FireEye’s senior director of global partner marketing, and is responsible for the company’s marketing initiatives and strategies for all indirect routes to market, including alliance and distribution partners. In 2014, she helped advocate and expand FireEye’s highly successful global partner program, “FUEL,” which has reached over 700 partners worldwide. It also continues to drive more than 90 percent of FireEye sales through channel partners.

Robert Faletra, CEO of the Channel Company, had some encouraging words to say about the honorees: “It is our privilege to acknowledge the exceptional achievements of the women in this year’s Power 100.” He continued, “We are committed to raising the visibility of the contributions of women in the channel, and we applaud the far-reaching influence of these executives who are defining today’s channel and helping to shape its future.”

When asked to give advice for young women looking to succeed in the workplace, Kristi stated, “Work to build a solid foundation in selling, as it is essential to any successful career. Ask questions, get involved, listen and create trust with your partners, customers and work teams.”

We are honored to have Kristi at FireEye and hope that her example will lead other women to take hold of the cybersecurity industry.