'Sandboxing' leader FireEye seen moving toward an IPO

Though still privately held, FireEye is getting plenty of attention right now because its anti-malware sandboxing technology is something a number of other vendors want to emulate -- and FireEye's growing commercial success is inching it toward possibly going public later this year.

McAfee and Palo Alto Networks are among the larger security firms that acknowledge some of their latest technologies are intended to "be like FireEye." Palo Alto's is a an anti-malware cloud-based technology dubbed WildFire, and McAfee just last week announced it acquired the ValidEdge sandboxing technology in order to develop a new on-premises product line later this year.

FireEye, based in Milpitas, Calif., does seem to be on a roll: Last November the company snagged former McAfee President Dave DeWalt to be its CEO, and last month it raised $50 million in new venture-capital funding. Though FireEye wants to tamp down the IPO talk that might make it a billion-dollar company, such a move remains possible before the year is out.

[ MORE: Hackers use corporate attacks as staging grounds for other cyber-assualts ]

So what is FireEye doing that's got the security industry fired up?

Founded in 2004 by Ashar Aziz, an engineer from Sun Microsystems, FireEye wasn't really much of a presence until 2006.

"Nobody cared," says Alex Lanstein, FireEye research engineer. The company's "malware fireboxing" technology can explode email attachments in a device that looks for undesirable aggressive actions. "Sandboxing is a totally different way to analyze malware content. When you can run it in a virtual engine, it's easy to tell that it's bad." You can block bad email before it hits the intended victim.

The company did get some early VC backing, including an undisclosed amount from In-Q-Tel, the not-for-profit firm whose sole purpose is to fund high-tech startups for purposes of supplying new technologies for the CIA and other intelligence agencies. That has helped FireEye gain federal customers, Lanstein says.

It wasn't until the past few years when the threat from botnets has grown exponentially and concerns about zero-day attacks and corporate espionage are rampant, that FireEye started to be noticed more. The disclosure by Google three years ago about cyber-espionage in China was a turning point, says Lanstein. Companies began looking at sandboxing technology as yet another line of defense they sorely needed.

FireEye's current on-premises sandboxing technology can be used to inspect content being downloaded from a website as well, the source for much malware these days. But Lanstein acknowledges FireEye can't look at all Web content but mainly Web links. But due to issues around latency (which email doesn't have), FireEye won't block the first malware-laden download but will detect and block any subsequent ones. In all, false positives hover at less than 1%, says Lanstein.

FireEye also shares its malware findings with some partners, including Mandiant. Lanstein adds that while FireEye has been open to working on technology alliances of varying types with antivirus vendors, so far this hasn't gotten too far.

FireEye says it now has what's roughly a $100 million business with about 525 employees serving more than 800 enterprise and government customers. Its competitors can be seen to include stand-alone and cloud-based sandboxing systems from AhnLab, Damballa, GFI, Norman Palo Alto, Sourcefire and, in the future, McAfee, which says its sandboxing tools, like FireEye's, will be used on-premises.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags palo alto networksmcafeesecurityFireEyeanti-malwaresandboxing

More about Cisco SecurityCisco SecurityFireEyeGFIGoogleIDGIn-Q-TelMcAfee AustraliaNormanNormanPalo Alto NetworksSun Microsystems

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place