FireEye takes the next step in IPO prep, files confidential registration statement

By Michael Carney , written on January 8, 2013

From The News Desk

For months now, we’ve been hearing public statements from cyber security company FireEye that it plans to IPO in 2013. It seems the company has finally taken the next step.

PandoDaily has learned from a source with direct knowledge of the situation that FireEye has filed its registration statement with the SEC, the first step towards making an IPO a reality. But it’s a hesitant first step. The company has taken advantage of the new provision in the JOBS Act that allows companies with less than $1 billion in revenue to register confidentially. It’s a clever way for companies to test the rocky public markets, without having everyone know you are testing the public markets. (Until now, that is.)

FireEye has taken additional concrete steps to prepare for its IPO in recent months, not the least of which was hiring a “professional CEO” in former McAffee chief executive Dave DeWalt, who was previously Chairman of its board. Founder and former Sun Microsystems engineer Ashar Aziz remained with the company as its Vice Chairman and CTO.

DeWalt left McAffee in 2011 following its acquisition by Intel for $7.68 billion and was considered a frontrunner for several pre-IPO security companies, including Palo Alto Networks, which ultimately listed in July 2012 – the company’s stock has gained 30 percent in the six months since.

When he joined FireEye in late November, DeWalt said that the company had more than $100 million in yearly revenue, with sales doubling annually. The company had 400 employees at the time, a number it expects to double in the next six to 12 months. FireEye was ranked the fourth fastest growing company in North America on the Deloitte 2012 Technology Fast 500. The new CEO has called a 2013 IPO his “top priority.”

FireEye seems to have what the public markets are looking for: Substantial, scalable revenues from actual enterprises (as opposed to a consumer site suddenly calling itself “enterprise” to get more funding) and strong growth. So why the caution? Well, given the ability to file this way and the uncertainty of the market, why not? Even Workday, one of the most successful Silicon Valley IPOs of 2012, took a similarly coy approach.

Most cyber security companies rely on what’s called a “blacklist approach,” comparing incoming emails and data files against signatures of known malware. This reactionary approach is by definition powerless against new and unknown malware – sometimes called “Zero Day” attacks. FireEye, on the other hand, silos an organizations applications in “virtual computers,” keeping them isolated from other secure assets while studying their behavior. Algorithms detect unauthorized or suspicious activity, such as sending data outside the company’s secure network. While no system is perfect, FireEye claims near 100 percent detection rates.

One private company making similar security paradigm-shifting promises and worth keeping an eye on is Shape Security, which yesterday raised a $20 million Series B round led by FireEye investor Sequoia Capital and other top VC firms.

Eight-year-old FireEye raised $51 million in venture capital across four rounds of funding from Sequoia Capital, Norwest Venture Partners, DAG Ventures, Jafco Ventures, Juniper Networks, SVB Financial Group, and In-Q-tel. The company has more than 700 corporations and many intelligence agencies as customers, including the US Department of Defense, Juniper Networks, Equifax, and Sallie Mae according its website.

PandoDaily reached out to FireEye for comment on this story but did not hear back by the time of publishing. We will provide updates as additional information becomes available.