The U.S. Military’s Favorite Cyber Platform
Old-school firewalls and antivirus software try to block or at least detect hackers, but when those systems fail, they can’t do much to limit the trail of destruction. More often than you might think, corporate IT staffers are reduced to wandering around to physically tinker with infected machines to figure out the problem. And the most advanced security software can be undone by the dumbest of human errors. Equifax Inc. blamed the hack of 145 million Social Security numbers on an unnamed IT guy failing to install a security update.
Even the U.S. Department of Defense has proved vulnerable to hackers, who are still making use of the National Security Agency cyberweapons that began leaking online last year. In the military, the gap between developer and user can be more profound, says Nate Fick, the chief executive officer of security-software maker Endgame Inc., which has built its business on Pentagon contracts. “When it comes down to the individual, you’re dealing with a 19- or 20-year-old operator on a 12- to 18-month duty rotation,” says Fick, a former U.S. Marine Corps commander in Iraq and Afghanistan. “You better build a product that’s easy to use.”
Endgame is part of a growing slice of the security software industry known as “endpoint detection and response,” or EDR. An endpoint, in this case, is a particular computer or server that can be hacked. Endgame’s software is designed to stop an attack from spreading any further by remotely examining, quarantining, and fixing a hacked endpoint. The nine-year-old company’s gear is sophisticated enough to detect hacking techniques that have never been cataloged by tracking minute upticks in computer processing power. Yet the platform is also meant to be foolproof, responding to voice commands as complex as “find all systems running Apache Struts 2 2.3.x”—the software exploited at Equifax—and as simple as “take those machines offline.”
Software such as Endgame’s is having a moment because other tools have failed, says Lawrence Pingree, a research vice president at Gartner Inc. “Traditional providers lost some trust over the last five or six years because of the number of data breaches that were caused in part by the failure of malware detection,” he says. Gartner predicts that the EDR market, which more than doubled, to $500 million, in 2016, will top $800 million this year and $1.5 billion in 2020. That’s far faster than the single-digit growth of the $9.6 billion firewall market.
Among EDR companies, Endgame is dwarfed by Carbon Black Inc. and CrowdStrike Inc. But its collection of government contracts, which are typically stable, stands out, Pingree says. That’s important in a hypercompetitive field likely to be winnowed down in the next few years through acquisitions and mergers.
Endgame started out selling hacking tools to the feds. Selling offense was great training for playing defense, Fick says. He joined as CEO in 2012, when the company was remaking itself as a guardian of federal agencies. “Nobody is more attacked than the Pentagon,” he says. Last December the company nabbed the U.S. Air Force as a client with a $19 million deal. It recently won a $1 million contract with the U.S. Navy and is wooing the U.S. Army. Civilian clients include a financial-services firm and a health-care company. Endgame says its annual recurring revenue has more than doubled this year and will do so again next year, but it wouldn’t share more detailed figures.
The company is moving beyond government contracts; more than half its clients are commercial. The Texas A&M University system, which spans 13 universities and state agencies and about 148,000 students, began using Endgame last year. Before that, A&M’s in-house security team of five full-time staffers and a handful of student workers had to rely on the IT help desk, entering a ticket to request a physical inspection of suspicious computers or servers, says Christopher De La Rosa, one of the staff security analysts. Now, he says, he can examine most systems remotely and keep his attention on high-risk data such as health or financial information.
In some cases, De La Rosa says, the team can resolve problems twice as fast as it used to. “Instead of waiting for something to occur, we’re actively out there hunting and preventing attacks,” he says. “You only have so much time and so much manpower.”