Fighting Cyberthreats With FireEye

A cybersecurity leader with CIA ties tries to expand abroad
Illustration by 731

Jan. 12, 2010, could go down as the day any illusion that the Web was a safe place to do business died. That was the day Google announced that it and several other tech companies had been attacked by Chinese hackers, who pilfered source code and other secrets. It was an especially bleak day for David DeWalt, then chief executive officer of McAfee, the maker of the popular antivirus software that failed to detect the attacks. Later that year, he managed to sell McAfee to Intel for $7.7 billion, but by then it was clear that old-school cyberprotection could no longer be counted upon to stop spies and hackers. DeWalt eventually moved on to become CEO and chairman of FireEye, another Silicon Valley security company that has come up with an entirely different way to protect people’s data.

FireEye was founded a decade ago by former Sun Microsystems engineer Ashar Aziz, who sought to develop a more predictive approach to computer network protection. The company sells software that tricks hacking programs into targeting phony machines, then alerts clients to the attempted intrusions. Big corporations and Wall Street investors have embraced FireEye. In September, DeWalt oversaw the company’s initial public offering, which had the third-largest first-day IPO gain of 2013 and was valued at $5.5 billion. But FireEye’s share price fell 23 percent on May 7 after the company downgraded its earnings forecast due partly to aggressive spending on R&D and marketing.

Edward Snowden’s revelations have helped turn FireEye into the fastest-growing star in the $12 billion cybersecurity business. As FireEye expands overseas, however, it’s facing a credibility test among some foreign governments and companies. The CIA helped guide its early development, and the agency’s investment arm, In-Q-Tel, retains a small (less than 1 percent) stake in FireEye. In a post-Snowden world, some international clients have raised questions about its intelligence community ties. “The farther into Asia or the Middle East you get, the more worried they are,” DeWalt says, though he adds that the company’s software is selling in Asia as well as in Germany and Brazil, where there have been diplomatic protests and a public outcry over National Security Agency spying on government officials. The question of FireEye’s loyalties “comes up all the time, especially if I’m talking to a military intelligence agency,” Aziz says. “My answer is very simple: Our loyalty is to our customer.”

Aziz developed the idea behind FireEye in 2004, while studying the U.S. Department of Defense’s list of requests for cybersecurity contract proposals. Most makers of commercial security software focused on the fast-spreading viruses known as worms. Aziz could see that the Defense Department was worried about more advanced—and silent—attacks. “The more I studied it, the more I became convinced this was one of the most potent and deadly problems of the 21st century,” he says.

The most sophisticated hackers download malware in stages, often leaving it dormant on PCs for weeks or months to throw detection systems off the scent. Aziz devised a system that replicates a client’s network on a series of virtual machines, down to the software versions loaded on each one. When malware attacks, the virtual machines speed up computer time to show in microseconds the effects the attack could have over many months. That allows FireEye to quickly determine how to beat even malware it hasn’t encountered.

Aziz’s promising start on his software was temporarily derailed by the financial crisis in 2008. Then the CIA came calling. At the time, FireEye’s virtual-machine trick was aimed at stopping attacks like Stuxnet that spread through holes in Web protocols. The CIA offered to become a client if FireEye could isolate malware buried in e-mail, which was fast becoming the tool of choice for hackers, says a person familiar with the deal who wasn’t authorized to discuss it publicly. A few months later, FireEye presented the retooled technology, and In-Q-Tel bought in.

After China’s attack on Google, FireEye’s client list expanded, as companies targeted by foreign intelligence agencies with bottomless budgets became desperate for spy-grade hacking defenses. Nawaf Bitar, senior vice president of networking-equipment maker Juniper Networks, calls FireEye “the gorilla” of the field when it comes to combating these advanced attacks. Edward Kiledjian, chief information security officer for Bombardier Aerospace, a Canadian aircraft maker that has used FireEye for more than a year, says he’s satisfied with the results. “This is a fantastic tool, and it provides invaluable information,” Kiledjian says, though he adds that some companies may need time to figure out how to use it effectively. “There is no use in buying a Cadillac if you’re just learning how to drive,” he says.

Raimund Genes, chief technology officer for Japanese digital security company Trend Micro, says some customers don’t want to buy anything made in America these days. The past year, Genes says, has marked the first time that being based in Tokyo has been an advantage for the company over U.S. security-software companies when competing around the world, especially in Europe. “I see deals where we are invited that we haven’t been invited before,” he says. FireEye’s DeWalt says some customers are particularly concerned about a feature that lets clients share information about attacks on their networks so FireEye can respond faster. Clients within foreign governments won’t do that; some customers require FireEye to hire locals to monitor that data, manually passing along threat intelligence they feel is safe to share.

To help maintain its growth, FireEye has been buying other companies that specialize in cybersecurity. On May 6 it announced the $70 million purchase of network forensics company NPulse Technologies. In December it acquired Mandiant, which focuses on Chinese espionage, for about $1 billion. Aziz says FireEye is “the cyber equivalent of Switzerland” and that U.S. intelligence agencies don’t get a free pass from his software. The proof, he says, is that his clients include more than 40 spy agencies, many of which target one another. “Our product is a shield designed to block bullets,” he says, “and it doesn’t matter who fired the gun.”

Before it's here, it's on the Bloomberg Terminal.