'Sandboxing' leader FireEye seen moving toward an IPO

Though still privately held, FireEye is getting plenty of attention right now because its anti-malware sandboxing technology is something a number of other vendors want to emulate -- and FireEye's growing commercial success is inching it toward possibly going public later this year.

McAfee and Palo Alto Networks are among the larger security firms that acknowledge some of their latest technologies are intended to "be like FireEye." Palo Alto's is a an anti-malware cloud-based technology dubbed WildFire, and McAfee just last week announced it acquired the ValidEdge sandboxing technology in order to develop a new on-premises product line later this year.

FireEye, based in Milpitas, Calif., does seem to be on a roll: Last November the company snagged former McAfee President Dave DeWalt to be its CEO, and last month it raised $50 million in new venture-capital funding. Though FireEye wants to tamp down the IPO talk that might make it a billion-dollar company, such a move remains possible before the year is out.

[ MORE: Hackers use corporate attacks as staging grounds for other cyber-assualts ]

So what is FireEye doing that's got the security industry fired up?

Founded in 2004 by Ashar Aziz, an engineer from Sun Microsystems, FireEye wasn't really much of a presence until 2006.

"Nobody cared," says Alex Lanstein, FireEye research engineer. The company's "malware fireboxing" technology can explode email attachments in a device that looks for undesirable aggressive actions. "Sandboxing is a totally different way to analyze malware content. When you can run it in a virtual engine, it's easy to tell that it's bad." You can block bad email before it hits the intended victim.

The company did get some early VC backing, including an undisclosed amount from In-Q-Tel, the not-for-profit firm whose sole purpose is to fund high-tech startups for purposes of supplying new technologies for the CIA and other intelligence agencies. That has helped FireEye gain federal customers, Lanstein says.

It wasn't until the past few years when the threat from botnets has grown exponentially and concerns about zero-day attacks and corporate espionage are rampant, that FireEye started to be noticed more. The disclosure by Google three years ago about cyber-espionage in China was a turning point, says Lanstein. Companies began looking at sandboxing technology as yet another line of defense they sorely needed.

FireEye's current on-premises sandboxing technology can be used to inspect content being downloaded from a website as well, the source for much malware these days. But Lanstein acknowledges FireEye can't look at all Web content but mainly Web links. But due to issues around latency (which email doesn't have), FireEye won't block the first malware-laden download but will detect and block any subsequent ones. In all, false positives hover at less than 1%, says Lanstein.

FireEye also shares its malware findings with some partners, including Mandiant. Lanstein adds that while FireEye has been open to working on technology alliances of varying types with antivirus vendors, so far this hasn't gotten too far.

FireEye says it now has what's roughly a $100 million business with about 525 employees serving more than 800 enterprise and government customers. Its competitors can be seen to include stand-alone and cloud-based sandboxing systems from AhnLab, Damballa, GFI, Norman Palo Alto, Sourcefire and, in the future, McAfee, which says its sandboxing tools, like FireEye's, will be used on-premises.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.