FireEye Takes Off as Shares Rise 80 Percent in IPO Debut

After pricing yesterday at $20, shares of the Internet security firm FireEye rose by more than 90 percent as they debuted on the Nasdaq exchange today.

The shares closed at $36 even, up exactly 80 percent on their first day of trading.

I had a quick chat with CEO Dave Dewalt. Here’s a little of what we talked about:

AllThingsD: Dave, as we speak, your shares are up 96 percent from where you priced. I guess you can call that a pretty good day.

Dewalt: There’s still a few hours to go, so I’m crossing my fingers.

So let’s take it from the top. I know you’re a security firm, but what is it exactly that you do?

The company developed some really interesting technology. My background is that I came from McAfee. And I saw the technology here to secure virtual machines which was like nothing I had ever seen before. At the core of it is a virtual machine. Think of it like VMWare. Although VMWare was designed for workload management and data consolidation, there’s a similar parallel to what we’re trying to accomplish with security. We essentially put micro virtual machines across the enterprise. They replace anti-virus black-listing models. These virtual machines have amazing properties. They can detonate applications in realtime and study it for behaviors.

How is it different from more conventional security technology?

It’s different from signature and pattern-matching technology. In that case you only know about known attacks. The threat landscape has changed a lot recently. Now attackers are using code that hasn’t even run yet and so it can’t be matched. By using virtual machines, we can detonate it inside the virtual machine, study its behavior, and then create a threat score. It can detect and block zero-day attacks and pretty much any kind of attack at a high rate of speed.

Who are your customers? I know most security companies aren’t allowed to name them, but can you describe them?

We have a lot of customers. They range from 40 different military/intelligence organizations in 40 different countries to some of the biggest financial services companies. We now have 18 large global banks. We have critical infrastructure around the world. We can sell to the largest companies in the world, and the smallest.

Do you have strong exposure to any one sector, such as government or finance?

We haven’t released any of that data yet. But we don’t have any single industry that’s more than 10 percent of the business. There’s no concentration in a single customer or industry. The model can go across industries and geographies, and from large companies to small.

Do you have a second line of business down the road?

We typically sell a Web product. What it does is detonate Web pages in real time, so if you’re surfing the Web, all the objects can be checked in a virtual machine to make sure they’re okay. All the objects on the Web page are analyzed. That’s our primary product. But since the threats are so blended these days, we can put our products at every type of gateway. … Each virtual machine is able to communicate back and forth to the others through a cloud service, and so if we see a detonation of a Zero Day somewhere in the world the others can learn about it in minutes. So it’s a very dynamic architecture. It’s almost real-time, and so all the small companies we sign up get to benefit from what we learn about the new attacks being carried out against big ones.

When your customers adopt your products are you replacing another vendor? A lot of the old security measures were all about hardening the perimeter. What are you replacing when your customers adopt your products?

You’ve hit the nail on the head. We’ve almost been point-producted to death. Sometimes you’ll see companies that have 100 different security products, none which talk to each other. Can you imagine if that happened with databases? The prevailing model for years was to put in as many vendors as you could and hope that someone would catch the problem. What happened is that the bad guys exploit that very problem. These attacks come in one place like email and out another like the Web. You end up with a model that’s very ineffective. Most of our companies who have deployed the product did so as an augmentation strategy. But they find out they’re paying a lot for solutions that only find a few of the problems. This creates for the other vendors a compression problem in that the customer doesn’t quite want to take out the other company’s products, but puts pressure on the vendor to lower the price. We can do what they do, better than they do it, at about a tenth of the price. Over time you’ll see some changes as we disrupt their business.