FireEye (NASDAQ:FEYE), the cyber security company dedicated to protecting companies against malware attacks, is drawing a glut of investor attention. The company has been aggressively expanding since it went public in September, raising more than USD $300 million at +80% higher than expected. Shares have continued to gain value (currently trading at USD $86), securing FireEye’s reputation as one of the safest bets across the Information Security sector.
Founded in 2004, the fast-growing firm, which operates out of Milpitas, California, sold every one of its 15.2 million shares at USD $20 each when it went public last year. It was a significant gain for company founder, Ashar Aziz; his 9.2 percent stake was worth a reported $392 million. FireEye’s venture capital backers that include Norwest, Sequoia Capital and the venture arm of the Central Intelligence Agency, also came away with a big win. In 2013 FireEye reported revenue of USD $161.6 million, a 94 percent year-over-year increase.
Since the Snowdon revelations, the corporate world has lost a lot of faith in the reliability of government security warnings, and as the sector attracts attention this year holds much promise for web security firms. With the more widespread use of internet enabled devices and products, breaches are an increasing concern. In February, FireEye Senior Engineer Alex Lanstein and Include Security Founder Eric Cabetas were discussing security problems in Apple’s iOS on Bloomberg TV having discovered a vulnerability in the operating system that could allow hackers to gain more permissions than Apple would intend, including the possibility of reading raw data like your thumbprint scanner.
But it’s for this reason the services provided by FireEye have become necessary. One of Silicon Valley’s hottest tech startups, the firm specialises in cloud-based detection systems. It protects against “zero-day” attacks that target publicly-known but still unpatched security holes, often before vendors and developers are even aware of a security breach. FireEye’s platform works quite differently to most other antivirus products. Most monitor the web and identify malicious software but by the time the attack has been identified and blocked, the damage has been done. The FireEye software isolates incoming traffic and looks for suspicious activity in a kind of ‘virtual container’ before deciding whether it’s bad or good. The process takes a fraction of a second, and reduces the amount of false alerts which means that security teams need only concentrate on genuine threats.
The arrival of Dave DeWalt as CEO and Chairman of the FireEye board in 2012 (he reportedly turned down some 40 other job offers) sparked fresh interest from investors. Previously head of McAfee, DeWalt oversaw its buyout by Intel in 2011 and since joining FireEye has been channeling money into his sales and marketing departments. The high spending brought about operational losses in 2013 (in January FireEye announced that it had it lost USD $2.5 million, or 2 cents per share, in the fourth quarter), but his plan to create a strong infrastructure to support future growth looks likely to pay off.
There are interesting plans afoot for the firm. In December, FireEye purchased cyber forensics and security software firm Mandiant Corp for about USD $1 billion. The collaboration is an astute one, joining together the expert skills of one company that detects attacks and another that responds to them. Together they now provide security strategies and solutions from first alert though to remediation. Mandiant has raised USD $70 million from Kleiner Perkins Caufield & Byers, the venture capital firm, and One Equity Partners, an investment arm of JPMorgan Chase. News of the merger sent FireEye’s stock up 22.5 percent in after-hours trading.
FireEye’s strategy is to expand into the Intrusion Prevention System (IPS) market, adding to its web security offer so that it can compete against other big players such as Intel Corp, Palo Alto Networks and Cisco. To put this in context, Reuters reported, “The intrusion prevention systems (IPS) market totaled nearly USD $1.9 billion in 2012, according to market research firm IDC. That is nearly 10 times the size of the market for specialized threat analysis and protection technology, for which FireEye is best known.” Moving from a small pond with many competitors to a large pond with fewer, albeit larger, competitors, gives FireEye greater scope for future profit.
The forward-thinking firm has continued to add more products to its repertoire. Until now other IPSs have been flawed for two reasons – they were signature-based, therefore unable to detect modern threats, and they created excessive alerts, so customers have still had to integrate products from other companies for complete security. But FireEye’s MVX-IPS technology (their newest release) uses a Multi-Vector Virtual Execution (MVX) engine that filters alerts and reduces the number of false positives. Importantly, it moves away from signature-based technology.
Hackers intent on siphoning a company’s trade secrets, erasing data or emptying a customer’s bank account could be facing an increasingly harder task, something that’s invaluable in this day and age.