FireEye: A Story of Vision and Conviction
In September 2004, Ashar Aziz took up residence at Sequoia, working by himself out of a windowless office that’s since become a server closet.
He had recently shared with us his vision for how computer attacks were likely to evolve and an innovative way for detecting them that took advantage of virtualization—the first time we’d heard anyone consider the technology for something other than simulation or efficiency gains. It made a lot of sense to us, so we provided him with seed funding and invited him to work out of our office in Menlo Park. He stayed here for nine months.
Every startup has ups and downs, but FireEye’s story stands out. That the company is now a publicly-traded one with a bright future ahead of it is a testament to Ashar’s and his team’s foresight, conviction and perseverance. It became clear early on that Ashar was ahead of his time. FireEye looks for malware by opening files in a virtual environment and making sure they behave normally. It’s an elegant way to find advanced persistent threats, or APTs, the sophisticated, targeted attacks that now account for most successful cyber crimes.
But the landscape was different back when FireEye got started. The big threat was “worms” that replicated themselves automatically, stealing bandwidth and deleting files. Standard anti-virus software did a pretty good job in these cases.
Ashar would demo FireEye’s product, it would work perfectly, but it wouldn’t find anything other products couldn’t. Several years on, sales were still modest.
Nonetheless, Ashar remained convinced that he had found a better way to stop cyber attacks. Sequoia thought so, too, as did some other early investors like Promod Haque of Norwest Venture Partners.
The rest of the world started to find out in 2008. That’s when FireEye started focusing more closely on the Web as the delivery vehicle of choice for malware.
In hindsight, this doesn’t sound like a big insight. But at the time most content on the Web was still curated by companies. User-generated content was just starting to burst into the mainstream and cyber threats were proliferating with it. APTs became prevalent and traditional anti-virus software was completely overmatched.
This time, when FireEye demoed its product for a big Silicon Valley tech company, it found 300 machines that had been compromised.
Meanwhile, FireEye faced another challenge. The recession had hit and the company hadn’t yet established itself. A lot of security companies would have tried to sell themselves—many did—but Ashar never wavered. He had total conviction that FireEye’s approach was right and that it was just a matter of time until everyone else realized it, as well.
Much of the outside world viewed FireEye as a dead company. When it struggled to raise money, Gaurav Garg, then at Sequoia and now an alumnus, and Promod led an inside round.
They were convinced that FireEye still had a big future. The company was starting to gain traction in the market as APTs became more common. Ashar guided the company through this sudden-growth phase as ably as he kept it together when it was struggling.
As the growth continued, Ashar and the board worked together to find a CEO who could get the company to the next level. Last year, we were fortunate to get Dave DeWalt. (I had joined FireEye’s board a few months earlier.)
Dave is a proven public company CEO, having led Documentum and McAfee, and was very much in demand. In his time at FireEye he’s managed to double the size of the company and set it up well for today and the future.
We can look at FireEye now and see a company that makes success look easy. It rarely is. But as FireEye shows, with passion, conviction and a really good idea, it’s possible to overcome even the most daunting challenges.
Congratulations to Ashar, Dave, Gaurav, Promod and the entire FireEye team. Today’s IPO is an important milestone, but it’s also just the beginning.