The hacks that crippled computers and payment kiosks across San Francisco's Muni transit system over Thanksgiving weekend represent the new reality of ransomware.
"(Previously) they'd send phishing emails and anyone who clicked on the malicious attachment got encrypted," FireEye (FEYE) - Get FireEye, Inc. Report Chief Technology Officer Grady Summers said of cyber attackers. "That's bad but it used to happen one-sy, two-sy."
The attacks in San Francisco crashed payment systems across the city. A cyber crook going by the name Andy Saolis demanded $73,000 to get the system back online.
The attack was glaringly public, as transit kiosks throughout the city were out of order. It wasn't an anomaly, even if other attacks are not so visible.
"Now we're seeing these same types of attackers come in, get broad presence in the organization spread to 100, 200 a thousand machines and then suddenly encrypt them at once," Summers said. "It goes from being a nuisance to an existential problem for an organization."
These new age attacks come as many corporations are trying to tighten their cyber belts. Spending had ballooned after the spate of high-profile attacks on Target (TGT) - Get Target Corporation Report , Home Depot (HD) - Get Home Depot, Inc. (HD) Report and Sony (SNE) - Get SONY GROUP CORPORATION SPONSORED ADR Report , and companies spent freely on security. Now, they are trying to integrate all of the stuff they bought.
"The next couple of years will be about increasing efficiency," Summers said. "It's sort of the hangover after this crazy glut of spending over the last few years ."
FireEye is retooling its offerings with the late-November announcement of Helix, a new platform that integrates its portfolio of security products and as many as 300 types of security products made by other companies. Helix uses automation and artificial intelligence to reduce the amount of manpower needed to monitor and respond to alerts, and adopts a new pricing model that Summers said would reduce overall costs to customers and broaden the number of potential clients.
"We use artificial intelligence and machine learning to look for anomalous activity that we might generate an alert for," Summers said. "We see an unusual flow of data to a place in the world it shouldn't be flowing that's where artificial intelligence comes into play."
The system would gather data about the activity, check for network intrusion, put a block on firewall if necessary, potentially disable a device or computer and notify the help desk so they could reformat the drive.
Previously, he said, each step would involve a person. "As resource constrained as we are in security right now that just can't scale," Sommers said.
A pair of acquisitions in January helped FireEye complete Helix. Invotas provides the middleware, or plumbing, that lets devices and applications work together. "Customers don't have to write code to make these products talk to each other," Summers said. "They integrate with third parties too."
Network monitoring and threat intelligence group iSight, also purchased in January, improves FireEye's ability to detect and gauge the significance of incursions.
"They were the last pieces of the puzzle that clicked in," he said.
Helix is available to a limited pool of customers now, but will have its broader launch in 2017.