Kevin Mandia: Discovering SolarWinds Hack ‘Validates Our Intelligence and Expertise’

‘This breach got everybody to recognize there‘s a way to compromise some of the most secure organizations on the planet in a surreptitious way, and that alarmed people,’ says FireEye CEO Kevin Mandia.


The fact that FireEye was the first to realize it’d been attacked in the massive, months-long SolarWinds campaign validates the company’s intelligence and expertise, CEO Kevin Mandia said.

Mandia said blowing the whistle on the SolarWinds hackers has had a positive impact across the portfolio of the Milpitas, Calif.-based platform security vendor since both FireEye’s products and professional services capabilities benefit from the company’s intelligence and expertise. FireEye disclosed Dec. 8 that it had been hacked, and alerted SolarWinds that it was the source of compromise.

“This breach got everybody to recognize there’s a way to compromise some of the most secure organizations on the planet in a surreptitious way, and that alarmed people,” Mandia told investors during an earnings call Tuesday. “And with that alarm comes an awareness and a desire for it to not happen again.”

Sponsored post

[Related: Chinese Hackers Exploit SolarWinds To Steal Federal Payroll Info: Report]

The SolarWinds attack has prompted pretty much every large enterprise to examine the effectiveness of their security programs as well as the likelihood they’d be able to detect such an intrusion, Mandia said. This effort often starts with security validation, he said, since that gives organizations the unvarnished truth of how they’d fare in a simulated attack.

There’s no question pretty much every organization is also going to look at risks and potential points of compromise in their supply chain, Mandia said. And for software companies, Mandia expects a much closer examination of how they develop code specifically around where their engineers are based, how engineers check their code in, and how that code is audited to make sure there’s nothing suspicious.

From a policy standpoint, Mandia said lawmakers need to put a doctrine in place that defines what the United States stands for from a cybersecurity standpoint and what behaviors America expects to see in cyberspace. Once the doctrine has been implemented, Mandia said officials need to define where the red line is and ensure there are consequences for those who violate the rules.

“One of the biggest things that any administration would face is you have to impose risks and repercussions to the folks that attack American companies,” Mandia said.

FireEye’s sales for the quarter ended Dec. 31 jumped to $247.5 million, up 5.3 percent from $235.1 million the year prior. The results crushed Seeking Alpha’s estimate of $240.1 million.

The company’s net loss improved to $39.7 million, or $0.17 per diluted share, 19.4 percent better than a net loss of $49.2 million, or $0.23 per diluted share, last year. On a non-GAAP basis, the company recorded net income of $28.3 million, or $0.12 per diluted share, up 90 percent from net income of $14.9 million, or $0.07 per diluted share, the year before. That beat Seeking Alpha’s non-GAAP earnings projection of $0.10 per share.

FireEye’s stock dropped $0.71 (3.27 percent) to $20.99 per share in after-hours trading. Earnings were announced after the market closed Tuesday.

Product and related subscription and support revenue in the quarter tumbled to $104.6 million, down 8.3 percent from $114.1 million the year prior. In contrast, platform, cloud subscription and managed services revenue jumped to $85.1 million, up 20 percent from $71 million a year earlier. And professional services revenue climbed to $57.8 million, up 15.4 percent from $50.1 million last year.

For the coming quarter, FireEye expects to record non-GAAP net income of $0.05 to $0.07 per diluted share on sales of between $235 million and $238 million. That’s compared to analyst expectations for net income of $0.07 per share on revenue of $233.7 million, according to Seeking Alpha.