FireEye (FEYE ) stock has plummeted from a high in 2014 due to a decrease in sales for the company's various strategic security offerings. 

Image courtesy of Google finance

As a result, a new CEO has been put into place from FireEye's research division, Mandiant, whom the company recently acquired. The new CEO is expected to redirect the company into a more enterprise-friendly, bundled solution, such as the FaaS (FireEye as a Service) offering. A recent Fortune article noted the company's decreased sales resulted from the lack of large, nation state style of attacks that had been so popular in recent years. The company expects more targeted attacks (such as spear phishing) in the future, probably on higher value players within enterprise and government organizations. 

The company's recent research into Internet attacks, as described in a recent Blackhat 2014 report entitled Leviathan: Command and Control Communications on Planet Earth, led the company to believe that large scale reconnaissance and attack activities will continue for the foreseeable future. FireEye has built a portfolio of products that detect and hunt these types of large scale attacks, and then share the data with their client base through the company's own independent cloud-enabled threat detection services.

Image Courtesy of FireEye

As such, the company has 24/7 manned security operations centers (SOC) staffed around the world to service their customers in real time. All of this infrastructure, of course, has a high cost. However something has happened as recently as 2016 - hackers have reduced use of broad-scale attack vectors and appear to be looking for those higher value, smaller targets. I think this has occurred for two main reasons. 

First, as Mandiant documented with their report on APT1, a Chinese military hacking cell, broad scale government-style, also referred to as Advanced Persistent Threat (APT), hacking had been occurring since 2004. The NSA had exposed this hacking similarly in their research that led to the eventual publication of the Top 20 Critical Security Controls after years of research hacks on government, military, and corporate targets. All of this research is backward-looking and was mistakenly used by companies to build new products to detect such threats. However, nation states have already researched for common weaknesses in government and corporate systems and are now using those weaknesses to exploit systems and extract high value information. FireEye has designed a security system to protect against the past, not the future. It would be like designing a perimeter fence for an apartment complex to keep out the thieves who have taken up residence within. The hackers are already on our networks and know how to get around them. 

Secondly, companies are increasingly adopting cloud-based services. As I predicted years ago, most companies will not broadly adopt cloud without assurance of security. There are too many existing regulations and new privacy requirements being implemented into law for companies to risk putting their data on a cloud solution with no inherent security service. As a result, many cloud companies are ramping up Managed Security Services packages designed to protect their customers. Those cloud companies are selling those services to their customers as additional, or Professional services enhancement to the infrastructure service the customers are looking for. This allows Chief Information Security Officers (CISO), Chief Information Officers (CIO), and Chief Technology Officers (CTO) to work together to provide companies with effective and safe Information Technology (IT) solutions to their users and management while maintaining their compliance requirements. 

Therefore, proprietary on-premise solutions such as FireEye are not attracting the same dollars as they used to. Cloud adoption is shifting the management of risk off-premise and into the hands of large infrastructure companies. Even for companies that keep significant risk assets within their own networks, and adopt a hybrid solution using some cloud services, securing their networks with several proprietary solutions in a piecemeal format is not enticing. In fact, it can be quite expensive. 

While this may seem like a daunting change for FireEye to overcome, I think the path forward is actually pretty straightforward. Instead of selling solutions independently to their client base, they should approach existing cloud providers and sell solutions to them. As cloud adoption increases, US technology assets will be increasingly concentrated in super-sized data centers. This presents hackers an intriguing buffet menu of attack-able compute and data all in once place - a Walmart Superstore of weakly-protected, hack-able systems and databases that will be ripe for the taking. Any company that partners with these cloud solution providers to offer packaged security services which are both customizable and easily scalable stands to make a killing in profits. 

This approach solves the problem for the cloud provider and the end user. The cloud providers are currently using the same piecemeal appliance approach to secure their internal data centers, and therefore the level of security incident correlation and investigation is weaker than needed to thwart attackers. A company like FireEye, with their FaaS service, could help solve this problem relatively quickly. FireEye could charge an upfront fee as well as incremental costs for each customer added to the cloud company's Managed Security Services. The cloud company would benefit from the excellent research provided to FireEye by Mandiant and the threat collection data already built into FireEye's products. And US companies would benefit from enterprise-class security solutions as an incremental cost to the expansion of their cloud-based assets, which provides a more easily justifiable and affordable option to most company finance teams. 

What's better, FireEye gets to capitalize on their existing product mix and leverage their existing research without re-engineering their product lines. While this does not completely solve the problem of FireEye's current on-premise service portfolio, it adds a revenue stream model to capitalize on existing products and giving FireEye time to adjust their mix for on-premise, single-customer focused solutions. This is a path forward for a company which currently doesn't have one and is struggling to identify the next step. 

For security stock investors, I recommend looking for companies that help organizations solve their IT system sprawl and help centralize security operations. The next wave of successful firms will be those that develop services that help organizations simply the security management experience while centralizing threat detection and incident response capabilities, thereby reducing security costs and increasing effectiveness. FireEye could be one of those companies if they can get their strategy aligned with current IT trends and moving into a future-looking direction.