You're hard at work in your office, burning the midnight oil for an important presentation, when you click on the wrong email. It looks like it's from your bank; busy and distracted, you open its attachment.
But of course, it's not from your bank at all, and it's loaded with "zero day" malware, which makes your entire business network vulnerable to the hackers. They lie in wait and observe the inner workings of your business, including when you actually do go to your bank's website. As you log on to your financial account, a keystroke logger snags your ID and password, and then the real fun begins. Hackers begin moving money from your bank account to a repository overseas, where you never see it again.
That's exactly the sort of nightmare scenario that's helping a company called Palo Alto Networks sell its firewalls. The 10-year-old company, based in Santa Clara, California, specializes in beating back the hackers that are relentlessly attacking corporations large and small, including corporate giants Ebay, Target, JP Morgan Chase, and Home Depot. It's a worrying but inescapable consequence of doing business in the online age, and one that's providing business opportunities to a raft of cybersecurity upstarts, including fellow Founders 40 member FireEye.
Palo Alto Networks specializes in building a proactive, dynamic type of firewall, one that doesn't merely respond to known threats. "While our competitors are focused on detection and remediation, we have proved to customers that we can actually stop these attacks," says Palo Alto founder and chief technology officer Nir Zuk.
Zuk saw a unique set of challenges in 2005 when he started the company with $10 million from venture firm Sequoia Capital. Basically, there had been very little change in network security for a decade. Companies that defined the security market in the 1990s, including McAfee and Symantec, had focused almost exclusively on eliminating known threats that targeted web browsing and email, he says.
"It was clear that being disruptive in the market would make us very successful. The only thing we needed was the actual disruption," Zuk says.
As it turns out, that wasn't too hard for Zuk to figure out; he'd worked to develop network security since he was a teenager in Tel Aviv, Israel. He did a stint in the Israeli military where he, according to Forbes, worked in an elite intelligence unit, creating packet-filtering devices. (Zuk says he won't comment on any aspect of his time in the Israeli military.) Then he met and went on to work for Gil Shwed, who co-founded one of the first commercial firewall companies, called Check Point. After five years at Check Point, Zuk founded his own company, called OneSecure, which produced intrusion detection software. It was ultimately acquired by another one of Zuk's current day competitors, Juniper Networks.
Palo Alto was one of the inventors of the so-called "next generation firewalls," security experts say. Its software protects against cyber attacks targeted at applications ranging from Facebook to your customer relationship management software. Its protection system also offers something known as advanced endpoint security, which means it can detect threats at the level of individual desktop and mobile devices, analyzing all of the information it collects about your system in its own security cloud.
"They've changed the game for firewalls," says Rick Holland, an analyst covering security and risk for research firm Forrester.
Since going public in 2012, Palo Alto Networks has scaled rapidly. It has 21,000 customers across 120 countries, and has added 1,000 new customers every quarter for the past three years. It counts among its clientele some of the biggest companies in the U.S., including Dell and Motorola. And during its fiscal year 2014, revenue increased 51 percent to just shy of $600 million.
Like a lot of young tech companies, however, Palo Alto Networks is still running at a loss. For the full-year 2014 the company lost $226 million, a nearly 10-fold increase from 2013. And Palo Alto Networks has a lot of competition from other network security startups, as well as from established players like Juniper, Cisco, and SonicWall, which are all pursuing their own next versions of a next generation firewall.
But that doesn't phase Zuk, who says his competitors still focus their efforts primarily on detection and remediation, more than prevention.
"If you can detect it, you can prevent it," Zuk says. "Our aspiration is to be the biggest enterprise security vendor in the world."