FireEye Is “First in the Door” on Big Cyberattacks


As hackers invade the computer systems of major companies with greater frequency and their corporate victims scramble to contain the damage and prevent future intrusions, these are boom times for cybersecurity sleuths.

Perhaps no security specialist has benefited more than a small-but-fast-growing company called FireEye, which is based in Silicon Valley and staffed with a roster of former military and law-enforcement cyberexperts.

FireEye has been called in to investigate the high-profile cyberattacks against Target, JPMorgan Chase, Sony Pictures and, just last week, Anthem, the country’s second-largest health insurer.

“In any high-profile cyber breach, FireEye is usually first in the door,” said Daniel Ives, a technology-industry analyst at FBR Capital Markets.

FireEye CEO David DeWalt calls his employees “cyber SEALs” – as in Navy SEALs.

After a slew of prominent cases last year, FireEye ranked first in a recent Piper Jaffray survey of corporate IT officials who were asked which security contractor they planned to hire in 2015.

But Wall Street isn’t totally sold. The company, which made its market debut in late 2013, has roughly doubled its sales in each of the last four years but hasn’t yet turned a profit. The stock soared to nearly $100 a year ago after FireEye bought hot security startup Mandiant. But disappointing earnings and a sell-off by early investors caused the stock to plummet last spring.

Since then, FireEye shares have limped along, trading mostly in the $40 and below range. Analysts say the company could be ripe for takeover by a bigger tech firm, such as IBM Corp., Cisco Systems Inc. or Hewlett-Packard Co.

FireEye, based in Milpitas, Calif., gained some goodwill on Wednesday with a fourth-quarter earnings report that showed sales of $143 million, nearly triple that of a year ago, and a smaller-than-expected loss of $105.7 million. On Thursday, its stock soared $3.94, or 11 percent, to $39.63 during the regular trading session. In aftermarket trading, the shares rose 21 cents to $39.84.

“We’re a growth company with a huge opportunity,” DeWalt told The Associated Press. He said FireEye’s strength lies in its software capabilities and its deep bench of experts trusted by government officials. As a result, when a company like Sony gets hacked, it usually calls authorities first, “and the second call is to us, or vice versa,” he said.

Competitors like Palo Alto Networks Inc., CloudFlare and ProofPoint offer their own innovative approaches to cyberdefense. Rivals like CrowdStrike are known for tracking overseas hackers, while computer forensics firm Stroz Friedberg has its own lineup of ex-federal prosecutors and cops. But FireEye has become a “marquee name,” said industry analyst Jon Oltsik of the Enterprise Strategy Group.

It holds that status at a time when DeWalt says there’s been a “massive increase” in cyberattacks sponsored by governments. FireEye has played a role in investigations that pointed the finger at Chinese authorities seeking economic secrets, supporters of a Syrian president battling anti-government rebels and a North Korean regime bent on disrupting a studio.

A veteran tech executive, the plain-spoken DeWalt holds a top government security clearance and is a respected figure in Silicon Valley. His last job was CEO at McAfee, which Intel bought in 2010. These days, he contends that software from industry leaders like McAfee is no longer effective.

While older companies sold firewalls or anti-virus programs that block known malware, FireEye founder Ashar Aziz developed a system for spotting threats that haven’t been tracked before. Aziz, a former Sun Microsystems engineer, started FireEye in 2004 and is vice chairman today. His system uses software to simulate a computer network and check programs for suspicious behavior, before allowing them into the network itself.

“The world has changed. The bad guys have changed. And new solutions are needed,” said Matt Trotter, a managing director at Silicon Valley Bank, who’s seeing increased investment by venture capitalists in security startups.

FireEye raised its profile last year by acquiring Mandiant, known for expertise in assessing damage and tracing the source of cyberattacks. Mandiant founder Kevin Mandia, a former U.S. Air Force investigator, is now FireEye’s chief operating officer. His group handles high-profile “crisis response,” but their work also helps FireEye sell its other security tools.

While businesses are spending more on information security, FireEye itself has spent heavily on research, development, sales and marketing. Analysts expect it will post losses for the next two years.

“No one can deny they are a clear leader in cybersecurity, but ultimately, the company has not delivered the financial results yet,” said FBR’s Ives. If that doesn’t change over the next year, he added, “I’d view it as a top acquisition for a large company such as a Cisco or an IBM.”