SM: Let’s talk about the specifics of FireEye. What is the marketplace like?
AA: When I started FireEye I was looking for the boundary of change. I was really looking for a big problem, and getting infected by malware via the Internet is a global problem. I read a lot of literature about how malware could evolve and make traditional defenses obsolete. The blueprint for the bad guys was out there on the web. There was no blueprint for the defenders. Let’s assume the bad guys have a reason to have the malware. In 2004 it was the Internet of random scaling worms; blaster and others infected millions of systems. As nasty as those were, the reality is they were toys written by children. If you look at the concept of infection and implantation of software without the owner’s permission or awareness it could create complete chaos. Malware did not have a business purpose at that time. Its purpose was to make the kids who were writing it happy.
However, their tools were very powerful tools for thieves. If I am a thief I have two motives: first, I want to make money and second, I don’t want to get caught. The thief is working through malicious software so evasion must be a very important part of software evolution. The challenge I had was that these issues were building in 2004 but they were not there yet. I had to start building with the belief that these types of systems would get there. Our business was a pre-emptive strike. It was important for both cyber crime and cyber warfare, which is something I think we will see in the future. Both elements are still on the drawing boards.
Cyber crime and the ability to make money comes about with payloads. The old malware was just like a missile, but there was no payload attached. Now malware comes with payloads which can download key loggers, steal your credit cards, steal your company’s intellectual property, or steal your data. It becomes something you can monetize. Today there are billions moving around in the underground economy, which is very scary. That means cyber criminals have a large cash cow and thus have great incentive to avoid getting caught. Accordingly, they are doing everything possible to ensure anti-virus does not catch them, to avoid being blocked by firewalls, and to avoid intrusion protection systems.
Today’s cyber criminals can completely bypass all of those systems. They were easy systems to bypass in the first place. The motivation was not there to do it before. Evasion is the key thing that creates problems. Evasive malware gets inside corporations, inside systems, and it is everywhere.
That was the genesis of FireEye. The technology to solve this problem did not exist. The blueprint to answer this challenge needed to be created from scratch, which is what I spent the first six months of my time in my living room doing. It was a tough problem because when malware comes across the wire, if you go away from signature-`based solutions, which is pattern matching, you don’t know what you are looking for. It is going in 100+ gigabit traffic flows, you don’t know what you are looking for, you have to find it every time, and you cannot have false alerts. That is a very tough problem.