Much like they defended the nation against online attacks, leaders of Richardson cloud provider FireHost are now protecting corporate interests against cybercrime.
Founder Chris Drake, a former third-generation paratrooper with the 82nd Airborne Division, built some of the first secure websites for the U.S. Army.
A retired Army colonel, FireHost chief security officer Jeff Schilling oversaw cybersecurity operations and response for more than 1 million computer systems supporting the Army.
And FireHost lead threat intelligence officer Chase Cunningham worked as a chief cryptologist for the National Security Agency to thwart cyberthreats.
While Web hosting providers such as Amazon and IBM dominate the industry, FireHost sees itself foremost as a security company. It’s that focus, executives say, that distinguishes the 5-year-old company from competitors.
“We’re a security company, and the feature [customers] buy is protecting their assets,” Drake said.
For FireHost, the recent rash of high-profile cyberattacks underscores the growing need for its secure cloud services as more companies confront increasing challenges to protect sensitive information.
And it’s no longer just data at stake. It’s also a company’s brand and reputation, said Jim Hilbert, FireHost’s senior vice president of global sales.
Recent breaches have exposed security vulnerabilities in companies such as Target, Michaels and Community Health Systems. Just this week, Bloomberg News reported that Russian hackers attacked JPMorgan Chase and at least four other banks, resulting in a loss of customer data.
Security discussions are no longer confined to IT departments but are moving to boardrooms, FireHost executives say.
And that leaves a big opening for a company like FireHost.
Security at the core
Technology research firm Gartner recently recognized FireHost in a report evaluating cloud hosting companies. Unlike many service providers that add security on top of cloud services, FireHost has put security at the core of its platform, Gartner said.
“For a relatively young company in a field of well-established competitors, FireHost has been able to expand its footprint quickly due to rapid growth,” Gartner analysts said in a July report.
FireHost has doubled its revenue annually for the last three years, CEO Jim Lewandowski said during a recent interview at the company’s Richardson headquarters.
Lewandowski, a cloud and security executive with leadership roles at Rackspace and McAfee, joined the company in March. He succeeded Drake, who wanted to resume his focus on innovation and technology.
Earlier this year, FireHost raised $25 million in new funding, bringing total outside investment to $59 million since 2011. The capital has come almost exclusively from Little Rock, Ark.-based Stephens Group, a family investment office whose history includes managing Wal-Mart’s public offering in 1970.
The company is using the money to expand its sales and marketing team, continue research and development and hire more security and technology experts. FireHost expects to hire about 120 workers in the next nine months to add to its 190-employee workforce.
To bolster its leadership ranks as it grows, several senior-level managers joined the company in recent months, including Schilling and Hilbert.
FireHost is focused on industries that deal with sensitive data and privacy compliance regulations, such as health care and retail. But executives see broader demand as companies look to the cloud for their IT needs. Their biggest concern is security, according to a survey by 451 Research.
FireHost’s customers range from big brands Kimberly-Clark and PetSmart to smaller software companies such as Plano-based Alkami Technology Inc.
Alkami, which provides digital banking services for financial institutions, became a FireHost customer two years ago. Because the company deals with sensitive financial and consumer data, Alkami founder Stephen Bohanon said it was imperative to find a cloud provider with security expertise. Alkami must ensure data is protected because of compliance regulations its clients must meet.
“The latest threats change constantly,” Bohanon said. “Are we going to be focused on cyberattacks or focused on software? It lowers our risks because we have a team of people who all day long think about security.”
Another customer is Kevin Mitnick, a security expert who knows more about computer vulnerabilities than most. Mitnick was a hacker in the 1980s and 1990s who breached computer systems of several high-profile companies before the FBI caught him in 1995. He served five years in federal prison.
Now Mitnick is an information security consultant. He’s paid by companies to hack into their systems to uncover weaknesses.
A few years ago, hackers were constantly breaching Mitnick’s site because of his Web hosting platform’s lax security. In 2009, FireHost offered to host his website for free after those attacks made the news.
Mitnick still uses FireHost. Except for a few distributed denial-of-service attacks, which flood a site with so much Web traffic that it crashes, Mitnick said, his website has not been seriously compromised.
“I think they do a superior job,” he said. “My site has never been hacked. And I’m a huge target of hackers.”
FireHost boasts it has thwarted 1 billion attacks against its customers. Last year alone, the company said it prevented 100 million hack attempts.
Record ‘speaks for itself’
“We have been attacked billions of times, and we have data to support that, and we have a track record where an incident of any size happens less than one in a billion,” Drake said. “It’s a hell of a track record, and it speaks for itself, and customers rely on that.”
Six months before computer bug Heartbleed was discovered in April, FireHost became aware of the threat and began protecting customers against it, Drake said. The breach exposed millions of credit card numbers and other sensitive information to potential theft by hackers.
FireHost’s security and threat intelligence team spends most its time protecting against potential threats, Schilling said.
“You reduce the risk to the negligible level,” Schilling said. He works closely with chief information security officer Kurt Hagerman, who oversees compliance and risk.
The security team monitors money-seeking cybercriminals out of Russia and Eastern Europe as well as emerging threats from other parts of the world.
For instance, Cunningham, the former NSA cryptologist, discovers potential threats by gathering intelligence. He talks to sources who are well-connected in the Internet’s underground world. He reads chats and forums and mines for threat indicators in the “dark side” of the Internet.
FireHost uses that information to “predictively intercept threats,” Cunningham said. “I literally do things almost exactly like I did when I worked for different intelligence agencies, and now I do it in the corporate setting.”