What’s Wrong with FireEye? Here’s a Hint: It’s Not China

Summary Bullets:
• FireEye’s CEO is disingenuous in trying to blame reduced cyberattacks by China for its Q3 earnings miss.

• The reality is FireEye is suffering from increased competition, poor public perception and inability to execute.

Threat detection vendor FireEye caused quite a stir in the security and investment communities last week following its third-quarter earnings announcement. Despite record revenue topping $165 million, FireEye missed both revenue and earnings estimates, posting a net loss of $123 million. That in itself isn’t remarkable; companies disappoint Wall Street every day. What caused heads to turn was the intimation by FireEye CEO Dave DeWalt that it fell short because of reduced cyberespionage activity originating from China, what he called “a reduction in the threat landscape,” which in turn reduced business opportunities for FireEye.
This logic is patently absurd, and was quickly and rightly called out by FireEye’s competitors. Not only has there been no reported reduction in nation-state cyberespionage, but it’s also extremely difficult to discern which actors are behind any given attack. Correlating one particular entity’s inaction with his company’s financial misfortune is at best implausible and at worst disingenuous to FireEye’s investors.

DeWalt was surely trying to give his company some cover behind the gentlemen’s agreement between President Barack Obama and Chinese President Xi Jinping to not engage in state-sponsored cyberespionage against each nation’s private companies, but the agreement was reached in late September, just days before the end of the quarter.

FireEye’s earnings woes aren’t actually caused by China, but by three totally separate problems: increased competition, poor public perception and an inability to execute.

First, the threat detection and mitigation market has become hugely competitive. Today nearly two dozen vendors now offer products for detecting and/or dealing with anomalies or intrusions on the endpoint, network, or both. Industry heavyweights like Cisco, IBM, Intel Security and Trend Micro have made major investments in threat detection and mitigation. When FireEye launched its initial foray into threat detection some eight years ago, viable competitors could be counted on one hand with a few fingers to spare. More choice means more competition, and while that’s been a great thing for enterprises as it’s spurred considerable innovation, FireEye has struggled to maintain its lead.

Second, FireEye has suffered from a series of “bad optics” moments, most notably earlier this year when it fared poorly on the NSS Labs’ widely read bench test of breach detection systems and blamed NSS for poor testing methodology. While it responded more amicably to a zero-day in its product discovered by researcher Kristian Erik Hermansen in September, the series of stumbles has left a mark.

Third, FireEye has simply struggled to execute. Investment analysts have noted that rivals Check Point, Cisco, Fortinet and Palo Alto Networks aren’t experiencing headwinds. There have been whispers that an arrogant corporate culture, particularly in its sales organization, have been partly to blame for scuttled sales opportunities. FireEye also swapped CFOs not long ago. Some suggest the company hasn’t refocused after Cisco allegedly extended a $9 billion buyout offer that FireEye’s board rejected. That’s enough bumps in the road to knock any company off track.

To be clear, FireEye isn’t on its deathbed. It still ranks among the leading threat detection and mitigation vendors, and missing a $167 million revenue estimate by less than $2 million is a problem many CEOs would love to have. Still, the episode is a troubling sign. Customers would be right to wonder if DeWalt and his leadership see the way forward, or are scrambling for the exits.

About Eric Parizo
Senior Analyst, Enterprise Security, with Current Analysis.

What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: