There have been enough breaches of high profile cyber networks in recent years to see why security technology is a hot sector among investors and entrepreneurs alike.
We reported earlier this week that Milpas, CA-based cyber security company FireEye was prepping for a 2013 IPO on the strength of 100 percent revenue growth in 2012. That’s on top of a base of $100 million in revenue, with more than 1,000 corporation and intelligence agency clients. That IPO – while no doubt coming – doesn’t appear to be imminent.
Today the company is announcing $50 million in new venture capital funding from new and existing investors including Sequoia Capital, Norwest Venture Partners, Goldman Sachs, Juniper Networks, Silicon Valley Bank, CIA venture arm In-Q-tel, and others. The new capital brings FireEye’s total funding to $101 million. The latest round reportedly valued the company at a stout $1.25 billion.
“The degree of naivety in the world about the level of threat from bad actors out there is still pretty high,” says newly appointed FireEye CEO and former McAfee CEO Dave DeWalt. “Most companies think they haven’t been breached, but in nearly all cases they have. We’re seeing 10 to 15 big breaches per day.”
Just a few recent, high-profile examples: Sony was victimized by Anonymous offshoot Lulzsec, beginning with its Playstation Network and ending with what seemed like every website and server in the world that bore its name. The mighty Google, too, was hacked by a potential job candidate bent on impressing his future employer. Similar attacks by a group of Chinese hackers bested Dupont, Halliburton, LinkedIn, E.U. government officials, divisions of the US Department of Defense, and a dozen or more others. Even a prominent security company, Washington DC-based RSA Security, was targeted.
Some attacks prey on weak system security or rely on social engineering, while many other employ more sophisticated techniques. The security giants of a decade ago primarily rely on antiquated “blacklist” approach that scans some 60 million known malware signatures looking for a match. These methods fail completely in the face of unknown threats – aka “Zero Day” attacks.
FireEye utilizes a next-generation approach, instead isolating each file and application across a network within a virtual machine prior to executing it for the first time. The system then studies their behavior while looking for unauthorized or suspicious activity. Perfection is impossible in this industry, but FireEye claims “near 100 percent” detection rates.
The company is also announcing the addition of six new senior executives. They include vice president of corporate development and former AVAST Software chief strategy officer Ken Gonzalez; senior vice president of products and former Cisco Security Technology vice president of product management and marketing Manish Gupta; senior vice president of customer services and former EMC senior vice president of customer service Tony Kolish; vice president, managing director, and head of India Operations, and former McAffee managing director of India operations Sridhar Jayanthi; vice president of human resources and former McAffee vice president of global talent and diversity Barbara Massa; and fellow and Ensighta Security founder Dawn Song.
With the new cash and juiced up team, DeWalt plans to expand the company’s international sales and marketing, focusing on Asia, Eastern Europe, and the Middle East. FireEye requires little to no product localization, according to the CEO. The company also plans to broaden its engineering focus to sell more new products to existing customers.
I asked DeWalt specifically whether his company had confidentially filed its IPO registration statement, as a source close to the company had indicated. The chief executive denied this was the case, saying, “We have not, and I have no plans to do so in the near term. I will do it when the company is ready.” (We reached out to the company before we wrote our story and got no such denial then.)
DeWalt says too many companies rush to IPO, but aren’t prepared to deal with the consequences – such as earnings pressure and disclosure requirements. He’s in no such hurry. “I want to use funds to build out our core systems – IT, people, processes – to set ourselves up to operate excellently around the world,” he says.
There’s a reason there’s a $25 billion per year cyber security market, according to DeWalt. Bad actors have long had the leg up on cyber security technologists. Many in the industry consider FireEye as the market leader, and as one of the few companies with the prospects of turning this battle on its head.
There are others trying to summit the same mountain. Intel bought McAffee, DeWalt’s previous company, with the intention of embedding security technology directly into silicon. Mandiant is another standout, which DeWalt considered joining prior to FireEye, that offers incident response and computer forensics solutions. And several earlier stage companies have come out of the gates in the last year with massive VC backing and enormous hype, including Shape Security and Bromium.
Cyber threats are not going away anytime soon, and the industry could definitely use some vibrant new players. FireEye will continue to need resources to out gun the bad guys and the competitors. My bet is an IPO will be sooner than DeWalt is letting on. And it could be one of the bigger IPOs of the coming year.