In late November, Sony Pictures found its planned release of the Seth Rogen comedy The Interview turning into a disaster of cinematic proportions. Hackers had seized control of the studio's computer systems, leaking troves of sensitive information, including executive salaries and embarrassing emails. The studio canceled and then reinstated the film's theatrical release, costing Sony an estimated $15 million.
It was one of the best things to happen last year to FireEye.
Though not a household name, the Milpitas, California-based company has become a go-to security firm when big companies fall victim to cyberattacks. FireEye customers include recent cybervictims Home Depot, JPMorgan Chase, Neiman Marcus, and Target; the CIA and the FBI have called the firm in for help with investigations. So when Sony's Los Angeles security team realized the studio's network had been breached, they asked FireEye to help figure out exactly what had happened and where the systems were vulnerable. That's the first step for many FireEye clients, most of which then ask the company to repair and improve their data defenses.
"We were founded on the idea that cyberattacks would ultimately overrun all existing defenses. Now this has been overwhelmingly demonstrated," says Ashar Aziz, the company's founder, chief strategy officer, and vice chairman. (Sony declined to comment.)
While cybersecurity can be a difficult and technically demanding business to enter, the rewards for qualified entrepreneurs are clear: FireEye is one of two such companies on this year's Founders 40, along with Palo Alto Networks. Both companies have gone from inception to IPO in under a decade, and both continue to grow in one of the fastest-moving parts of the tech industry: FireEye nearly tripled its annual revenue in 2014. The companies' growth "has been rapid and constant, and it's only going to continue this year," says Lawrence Orans of consulting firm Gartner.
FireEye developed its reputation by commercializing a security technique that creates a mirror image of a company's systems to assess the online threats it is facing. It's one of a new breed of startups benefiting from what is a growing, if dismaying, feature of 21st-century commerce: relentless hack attacks. Last year alone saw one billion files hit by 1,540 data breaches--a 46 percent increase in the number of attacks from 2013, according to security firm Gemalto.
FireEye and Palo Alto Networks use different approaches to defeat so-called zero-day attacks, which exploit unknown weaknesses in the code of well-known applications. Now they're taking on the giants of cybersecurity, including Cisco Systems, Juniper Networks, McAfee, and Symantec. Analysts say those incumbents have struggled with what the scrappy newcomers are best at: developing commercial products that can nail new bad behavior on the fly, rather than just react to threats that are already known. Market leader Cisco, for example, saw total revenue decrease 3 percent to $47 billion for its past fiscal year, which ended July 26. But FireEye's sales, while much smaller ($425.7 million in 2014), are on an opposite trajectory, and its billings and sales double every quarter.
Aziz, who grew up in Islamabad, Pakistan, studied at MIT and Berkeley before going to work for Sun Microsystems as an engineer, where he got the startup bug big time. He started an early cloud computing company, Terraspring, which he sold to his old employer for $35 million in 2002. Two years later, he started FireEye. By 2012, as the company prepared for its IPO, it had brought in former McAfee CEO David DeWalt to take over day-to-day operations. Now Aziz focuses on creating new products and "keeping my hand on the tiller" so the company knows where the threats are.
There's still room to grow: FireEye, which went public in 2013, controls a small fraction of the roughly $9 billion global market for network security, according to research firm IDC. But despite increasing demand for its services, the company has yet to turn a profit, and lost $443.8 million last year.
Technology analysts tend to shrug off such losses at young security companies, which need to hire expensive engineers and ramp up their marketing spending as business grows. FireEye plans to continue running at a loss this year, which Aziz argues is a smart strategy given the mounting demands for its services in the current cyberenvironment. "The threat actors have not gone away through all of this," Aziz says. "They have only gotten bigger and better." And what's bad news for pretty much anyone else is excellent news for those in the business of fighting such cybervillains.