Ashar Aziz has raised US$50m for his network security company since 2004
Thinks malware is the defining problem of the 21st century digital economy
ASHAR Aziz (pic) is founder, CTO and CEO of FireEye, a leader in stopping targeted attacks that use advanced malware. But from the time he launched FireEye in 2004, he has held a lot more roles than these and jokes that his direct reports today cannot pull a fast one on him as at one time or another he held their jobs.
“It was a good experience,” he recalls, laughing. Indeed, Ashar has directly led all the major departmental functions since founding FireEye to tackle malware, what he calls the “defining problem of the 21st century.” That is no laughing matter.
Malware (malicious software or code) is the platform for the three main aspects of what he calls “offence” in cyber-security – cyber-crime, cyber-espionage and cyber-warfare.
Milpitas, California-based FireEye specializes in combating these threats designed to disrupt computer operations, gather sensitive information, or gain unauthorised access to computer systems.
“Our lives and infrastructure are so dependant on computers, and computers can be subverted, which poses a great risk to society,” he says.
The anticipation that this will get worse is what motivated him to launch FireEye to counter the “greatest risk we face in the digital age. And I do not believe this is an understatement,” he says firmly.
At the forefront of helping FireEye deal with the formidable enemies it faces in cyberspace is its patent-pending Virtual Execution (VX) engine which allows dynamic, real-time analysis for advanced malware; and ‘detonates’ suspicious files, web objects, video and email attachments.
In his LinkedIn profile, Ashar describes himself at the original inventor of the core set of technologies behind FireEye's ground-breaking Malware Protection Systems. This work has led to the filing of over 18 patents on various aspects of FireEye's technologies.
Ashar himself has received over 26 patents in the areas of networking, cryptography, network security and data center virtualization for work done prior to FireEye.
It is an impressive CV – made more impressive by the fact that he has successfully made the transition from hard-core geek to the leader of a security company that has raised US$50 million from various venture capitalists, has over 500 customers around the world, and counts the US-based Federal Bureau of Investigation (yes, that FBI) as a customer, helping the agency in its fight against cyber-crime.
He has deployed FireEye systems in over 60 US federal customers and agencies, including the US Department of Defense and the intelligence community. Amongst other notable accomplishments in recent months, FireEye has worked with the FBI “to help bring down botnets,” groups of computers controlled by cyber-crooks, such as Rustock.
He points out that governments are a big target of cyber-criminals and even nation states [Note: I did not bring up the fact that the US itself seems to be a major offender here]. His R&D is done in the United States and this is simply because the US government is a big customer and does not want a security solution it is deploying to be developed overseas, he says.
But would this same argument not apply to other governments that are using his software?
Apparently not, as Ashar, not immodestly, claims “we have the best product in the world. There is not an equivalent set around.”
And, because they are a private company, not beholden to any government in the world, not even the US. The fact that they have a large number of government clients around the world is proof of this, he claims.
Independent verification of his claim about having the best product set in the world is in the works. But in the meantime, FireEye has been crushing the competition in bake-offs.
“We have won 99% of these,” he claims. And even better, he claims to have won every bake-off conducted by the 15% of Fortune 500 companies that have tested his product in their networks against a competing product, which is what bake-off means.
“This is when a company will put our solution and those of a competitor in their network and evaluate which is the better one in a live setting and use that.”
Funds raised are below average
Surprisingly, when asked if he faces pressure from his VCs (venture capitalists) after having raised US$50 million, Ashar points out the amount he has raised is actually below the average for a network security company.
He goes on to reel off some examples. “Net3, a firewall company, raised US$120 million; IronPort which raised US$94 million was acquired by Cisco for US$830 million in 2007. Ours is a modest amount by that,” he says.
“I feel very proud to get to cashflow and profitable state while taking less than any comparable network security company in recent history.”
FireEye has stayed in positive cashflow territory throughout 2011. Ashar says that it grew 300% last year and because of this excitement and the “fun things” that are happening around the company, “People want to come and work with us.”
For a company based in Silicon Valley, this can be a winning differentiator.
“We always want the best and the best are always in short supply and have options. This [network security] is a quality game and we work hard at recruiting. We hope the fact that those who are with us are doing something very exciting will have a profound impact on the market, will persuade more top talent to join us,” he says.
The biggest reward of those on FireEye’s team is going to be that they were part of a big success story.
Meanwhile Ashar has also acted to strengthen his board with two additions in June. David DeWalt, former president and chief executive officer of McAfee, and Sequoia Capital partner and former Google senior vice president of engineering, Bill Coughran, have joined the security company.
In comments to the media after joining the board DeWalt had this to say: “I have been watching FireEye for a while and they are the clear leader in addressing this next generation of cyber-threats. The technology and talent at FireEye as well as the massive security problem they solve is what drew me here.”
“I look forward to helping further accelerate their already explosive growth and redefine the model of IT security,” said DeWalt, who has been appointed to serve on the US National Security Technology Advisory Council.
Indeed with the offensive operators, (as Ashar calls the bad guys) in cyber-security investing a lot of money into creating better products, the job of catching and foiling them is a moving target. “We have to continue to innovate to track the trajectory of this threat because as long as there are spies and thieves, malware will evolve.”
His biggest challenge is in ensuring that rapid growth does not lead to slower and bureaucratic decision-making, the bane of all software companies.
“As we move from being small to midsize to a large company, we must remain nimble and be quick in executing,” he says of FireEye, which currently has over 300 staff.
Is a listing on the horizon, or acquisitions? He claims FireEye is one of the fastest growing enterprise product companies in the world today, declining to disclose revenue figures, and does not think mergers and acquisitions are the best way to maximize shareholder value.
“I am having a lot of fun growing the company with our focus on growing market share. We have a long way to go to be global and hit our target of 5,000 customers,” he says.
Even his target of 5,000 customers is a moving one. When they started Ashar was eyeing 50 customers. “When we hit 50, I started looking at 500 and today, it is 5,000. I think when we hit 5,000, I will want to hit 50,000 customers,” he says laughing.