W Power 2024

The all seeing eye: Protecting networks from hackers

A father-son duo came from out of nowhere with a more clever idea to protect networks from hackers—and now have a $1.75 billion startup with $160 million in the bank

Published: May 5, 2015 06:51:03 AM IST
Updated: Apr 29, 2015 07:12:34 PM IST
The all seeing eye: Protecting networks from hackers
Image: Timothy Archibald for Forbes
First-name basis: In the office, Orion Hindawi, CTO, and his father, David, CEO, call each other by their first names

When Steven Sinofsky first saw Tanium software in action, he—along with the rest of a conference room full of Andreessen Horowitz partners— thought it was a trick. “It was too fast,” says Sinofsky, who used to run Microsoft’s Windows division. “To a person, we just assumed it was a mock-up. We asked how long it would take to build for real.”

And that’s when Tanium’s father-and-son co-founders, who had been toiling in obscurity across the San Francisco Bay in Emeryville, California, delivered the reveal: Their software, as deceptively simple as a Google search box and nearly as fast, was already live and able to instantly assess and display the security status of every single internet-connected device, thousands of them, that a California hospital system had in operation.

“I’d never seen anything like it,” Sinofsky says nearly a year later. “It was a wild, surreal experience. We all knew this space—or so we thought—super-, super-well.” Today Sinofsky is on Tanium’s board, but back then he, along with former enterprise software veterans Marc Andreessen and Ben Horowitz, had just one question: “How the f--- did you do that?”

Orion Hindawi, a 35-year-old whiz born and raised in Berkeley, California, and his father, David, a 70-year-old immigrant from Iraq by way of Israel, have been answering questions like that since 1997. Their first startup, a device-management service called BigFix, was sold to IBM for $400 million in 2010. Their new venture, Tanium, offers a powerful and completely novel way to scan and control the security of thousands of devices at once and is in use by the likes of Visa, Amazon, Best Buy, the US Department of Defense and Nasdaq. Desktops, laptops, servers, cash registers and even heart-rate monitors—each one a potential entry point for hackers—can be made accessible to network administrators in seconds through Tanium. “Most of our customers had no idea how many computers they had before we got there,” Orion says. “If they can’t answer that basic question, how are they supposed to answer what’s running or where their users are or where their data is?”

The Hindawis know they’re on to something big. Health insurer Anthem, Home Depot, JPMorgan and Sony Pictures have all been hit hard by data breaches since spring 2014. The CEO of one of the largest banks in the country told Orion in March that there are only three things that he fears could destroy his bank overnight: “Meteors, nuclear weapons and cybersecurity.”

While Tanium can’t do much about the first two threats, it’s working hard to address the third. “I want to make sure we’re accelerating, because we’re outrunning a really scary bear,” says Orion.

Tanium’s service creates for every customer an IT central nervous system that can quickly scan and report back on suspicious behaviour or programs. While competitors such as Symantec and Intel’s McAfee division offer similar services, they require large server deployments to reach out one by one to every computer, the equivalent of building a massive call centre to collect data from hundreds of thousands of individual people. Tanium employs a new kind of peer-to-peer system, one that bears a passing resemblance to file-sharing networks such as Napster and BitTorrent. With Tanium, each computer on a network talks to the computer next to it, relaying information along a chain before sending it back to a single server in a fraction of the time the old brute-force method takes. Generating similar reports with pre-Tanium software could take hours or days, at which point the information might be useless.

In his demonstrations Orion takes special pleasure in querying the same healthcare network he showed Andreessen to identify four computers running the file-hosting program Dropbox, which he says is a major no-no when dealing with health records. Through Tanium, a system administrator can terminate such programs with a few keystrokes.

Tanium was one of the first calls Brad Maiorino made when he joined Target as its first chief information security officer following a 2013 data breach that compromised up to 40 million credit and debit card accounts. “One of the key areas we focussed on was enhancing our ability to detect and quickly respond to security incidents,” Maiorino says. “This requires real-time insight into every end point across the enterprise.”

The company declines to disclose annual revenue but says bookings,  or revenue to be recognised over multiple contract years, have grown from $2 million in 2012 to $24 million in 2013 to $74 million last year and a projected $200 million-plus this year. Its clients now include half of the 100 largest US companies by revenue, with five of the top 10 banks and four of the top 10 retailers. Profitable and growing without help, the Hindawis were initially uninterested in taking outside capital—until connections that Andreessen Horowitz provided for free netted Tanium $10 million in bookings in only three months. So the Hindawis went exclusively with Andreessen, accepting $90 million last August at a valuation of $900 million and another $52 million in March at a $1.75 billion valuation. The combined $142 million is the largest bet Andreessen has made on a single company. David and Orion still own more than 60 percent of the firm and have yet to touch any of the capital they’ve raised.

The Hindawis’ road to Silicon Valley elite status stretches all the way to Iraq. David Hindawi emigrated from Baghdad to Israel with his parents at the age of 6, and after college he helped plan bombing runs for the Israeli Air Force during the 1967 Six-Day War. After that he decamped to UC, Berkeley, where he earned a PhD in operations research, a data-intensive discipline for solving complex problems. In 1986 he founded a telecom company, Software Ventures, that made early modem software. In 1997 he got into the security business with a startup, BigFix, that sold patching software. There he recruited the smartest developers he could find, including his then 17-year-old son, Orion, who was already taking college courses as a high school sophomore.

By the time Orion enrolled full-time at Berkeley in 1997 he’d completed 110 of the 120 mandated credits. Naturally, he found college dull compared with the challenges of startup life. He wound up ditching class to meet with his father and BigFix’s development team—and to his mother’s chagrin he still hadn’t earned his degree, missing only a mandatory econometrics course and two physical education electives.

IBM bought BigFix in 2010, netting father and son a handsome payday. They had turned over management of the company three years earlier, exasperated by what they considered the meddling of its venture investors— and eager to start something fresh. In 2007, ten years after David recruited his son, the tables turned: It was Orion who pitched the idea for Tanium. Today David is CEO, but they’ve maintained equal ownership and get along frighteningly well, calling each other by first name to avoid irking others. David does admit that Orion, whose title is CTO, can be “an impatient and mercurial young man”. The younger Hindawi takes the appraisal in stride. “I never said I was the most patient person in the world,” he says. On weekends they take long walks to talk strategy. “Some people have baseball,” says Orion. “We have enterprise software.”

The Hindawis started Tanium with 12 engineers from BigFix and spent the first five years building and testing their product away from prying eyes. Only in 2012 did they enter a partnership with McAfee to start selling it.

Two years later the Hindawis split with McAfee, taking with them the company’s head of American sales to build their own sales force. Head count at Tanium has more than doubled every year, reaching 45 at the start of 2014, and is projected to hit 370 by December.

Many of the new people will be put to work building a broader set of services intended to extend the company’s reach. Tanium has been used mostly for “good hygiene”, says Orion, for issuing patches and keeping software up to date. Its average current contract is worth $1 million over the first three years. But Tanium needs to offer more to become a must-have weapon in companies’ cyberarsenals. “The massive threat environment facing governments and companies has reached critical level,” says Daniel Ives, a senior analyst at FBR Markets. “It’s a once-in-a-decade market opportunity.” Spending on cybersecurity is $20 billion today and growing 30 percent a year in an overall IT industry growing only 3 percent a year.

That’s where Tanium’s $160 million in parked cash comes in. The Hindawis need developers to build those new security subscription services and salespeople to sell them. One newly released tool integrates and automates threat intelligence data to help companies respond immediately to signs of breaches. IT managers can quarantine a machine, alert users, deploy a patch or delete files, thwarting hackers only minutes after a network has been compromised.

Another focus for 2015 is signing up big customers in Australia, Great Britain and Japan. Just three months of selling in Tokyo, for example, has put another $20 million worth of business in the pipeline. That early success has the Hindawis redoubling their growth efforts.

“Those companies are just as scared as companies here,” says Orion. “But they have even less access to great technology. This is as ‘greenfeld’ as it will ever get.”

Next Billion-Dollar Startups
We’ve all read countless stories about the spectacularly successful startups that have shot to valuations exceeding a billion dollars. Labeled unicorns because they were once so rare, they now number more than 80 and have familiar names like Dropbox, Uber and Pinterest. All of which inspired us, in cooperation with TrueBridge Capital Partners, to go hunting for the next wave of startups that are flying under the radar but getting ready to pop. We surveyed venture firms for their best picks, reviewed their growth in revenue and user engagement, did some reporting and analysis and produced the following list of 25 companies. Say hello to tomorrow’s unicorns.

Click here for -Top 25 fast-growing companies


(This story appears in the 15 May, 2015 issue of Forbes India. To visit our Archives, click here.)

X