It’s more than a little unnerving for a big company to purposely experience an attack. But that’s just what FireEye, a cyber security leader, does when it “Red Teams” for clients.

“Red teaming is a valuable service for companies, because often they may not know what it’s really like to face the adversary,” Tony Lee, FireEye Inc.’s technical director of security consulting services, told Jeff Frick, cohost of theCUBE, from the SiliconANGLE Media team, during Splunk.conf 2015. “We show clients what it’s like to be specifically targeted. After seeing one attack and learning from mistakes, they are more ready to face the real world.”

Enabling event correlation

Lee said that Splunk is a great partner for FireEye because it augments FireEye data. “We want our data to be available for all of Splunk’s users, and it enables event correlation,” Lee stated.

Much of that data relates to some of the largest security breaches in the industry. “We are on the ground level,” said Lee. “We see things that nobody else sees. The attacker techniques and procedures are always evolving. We see new tools being integrated into hacks; in particular, WMI, PowerShell attacks. It’s ever evolving. We have to stay one step ahead of the attackers. We can apply our incident response knowledge to our proactive services to emulate the adversary because we see what they’re doing firsthand.”

Watch the full interview below, and be sure to check out more of SiliconANGLE and theCUBE’s coverage of Splunk .conf2015.

Photo by SiliconANGLE