Lookout's John Hering has found a back door into enterprise network security: mobile devices.
Courtesy: Lookout
By JP Mangalindan
October 10, 2013

John Hering wants to show me something. We’re standing at a busy intersection in San Francisco’s North Beach neighborhood; he pauses, takes off his black Tom Ford sunglasses, and points to the one-story-tall graffiti art on the side of a building. Next to a boy wearing a gas mask, the tag line reads: “If at first you don’t succeed — call an airstrike.” A probable criticism of America’s military, the work is one of several in the city by the enigmatic British street artist Banksy. “What really appeals to me is his willingness to leverage different mediums in incredibly creative ways to communicate a message that causes the viewer to truly think and ask questions,” Hering says later.

His admiration seems fitting, given that both men thrive off challenging the status quo: One stretches the creative boundaries of walls and bridges; the other hacks into electronics to figure out how to protect them. When Hering, 30, co-founded Lookout in 2007 with University of Southern California classmates Kevin Mahaffey and James Burgess, they bet that consumers would use their PCs less as mobile devices advanced by leaps and bounds. Fast-forward six years: Now more than 45 million smartphone users run Lookout’s free security app to retrieve lost devices and back up data. (The app also comes preloaded on many T-Mobile devices.)

This September, Lookout announced a move into the enterprise realm, offering companies a way to manage and secure employee mobile devices, whether those devices are work-sanctioned or not. Lookout for Business serves as a standalone management and security system for companies, or it can be used to supplement an existing mobile management system, blocking malicious software, spyware, and other threats. To do that, it takes advantage of the company’s Mobile Threat Network, a giant data set in the cloud that analyzes apps around the world to determine the risk and safety level of a customer’s mobile usage. It also takes an approach in which consumers can opt in and allow Lookout to collect data from their mobile devices. Such crowdsourcing is part of the reason Lookout’s detection rates rank among the highest in the industry.

An enterprise product seemed inevitable. Lookout says that over the past two years it has received thousands of requests from businesses to buy licenses in bulk, and the company says almost half of the companies on the Fortune 1,000 use Lookout in some capacity. While the system doesn’t launch until later this year, several companies — Lookout declines to name them — are already using an early version of the product. Indeed, the company expects the enterprise side to account for roughly 50% of all revenues within the next five years. (The company charges business customers a fee for each device Lookout monitors; Lookout also shares revenue from the paid premium version of its app with carriers who preload it.)

Investors are bullish on Lookout’s prospects — almost wildly so: The startup recently finished a $55 million financing round that values the company at roughly $1 billion. New backers include Qualcomm, Deutsche Telekom, Greylock Partners, and Mithril Capital, Peter Thiel’s venture firm. Previous investors Andreessen Horowitz, Khosla Ventures, Accel Partners, and Index Ventures also contributed to the new round. Hering, who is a large shareholder of Lookout (he declines to say his exact stake), today is worth tens of millions of dollars on paper.

Investors believe Hering, who is also CEO of Lookout, is worth every penny. “John has matured faster than almost any entrepreneur I know in understanding the next set of problems,” explains Vinod Khosla, Khosla Ventures’ founder.

Growing up in the small Southern California beach town of Corona del Mar, Hering was unconventional and assertive even then. When he was in the fourth grade, he started each morning by reading the New York Times business section for hints on which stocks he should invest in. He eventually poured tens of thousands of dollars into at least 10 companies, including Apple and a snowboarding startup, but lost most of it when WebMD’s stock plummeted in 2001. The same year that Hering became a kid investor, he also performed his first hack, exacting revenge on a friend who had erased his favorite game, SimCity, from a 3½-inch floppy disk. Hering returned the favor and wrote a custom app on a floppy disk. When his friend loaded the disk, the app made the computer’s system files impossible to find.

In their spare time at USC, Hering, Mahaffey, and Burgess tinkered with devices like Nokia cellphones to learn their vulnerabilities. During junior year the trio gained notoriety when they crashed the red carpet at the Academy Awards. Hering donned a backpack with a laptop computer inside that scanned celebrities’ phones for a security loophole. (As many as 100 attendees with cellphones were potentially vulnerable.) The three USC students didn’t actually hack into the phones but instead publicizedgthe glaring weakness of the systems. They founded Lookout two years later to guard against such flaws.

The antiviral software business then was plagued by no small degree of fearmongering and skullduggery, says Mahaffey, who serves as Lookout’s chief technology officer. By frequently sending alerts of viruses, Trojan horses, and other nefarious bits of code, some security providers such as Symantec successfully (for a while, at least) scared consumers into paying for premium service. “Our thesis was that if you build products that not only keep people safe but also make them feel safe, that will be a successful business,” Mahaffey says. That’s why the Lookout app runs quietly in the background, rarely disturbing the user.

The potential for mobile-security software is huge. Only 5% of today’s smartphones and tablets are protected, according to market intelligence firm IDC. With its latest round of fundraising, Lookout is forging relationships with some powerful names in communications. Qualcomm and Deutsche Telekom are pretty good friends for a company that aims to branch into mobile network security and additional B2B services to have.

Hering envisions Lookout eventually becoming the leading mobile-security provider for the post-PC era, when the company would conceivably serve hundreds of millions of business and consumer users, safeguarding smartphones, networks of Internet-connected home appliances, and everything in between. He’ll have to take on incumbents like McAfee and Symantec, both of which were slow to catch on to the consumer shift to mobile but now have mobile-security offerings of their own. But like one of his favorite graffiti artists, Hering will continue to push for more. (“He doesn’t know the definition of no,” says Mahaffey.) And if Hering doubts whether his vision is possible, it doesn’t show. This afternoon he’s far more concerned with a building lobby’s computer display, brimming with elevator statistics. “You see that?” he asks, flashing a playful grin. “It’s running off some old version of Windows. I imagine this would be so easy to hack.” Once a hacker, always a hacker.

This story is from the October 28, 2013 issue of Fortune.

Correction: An earlier version of this story incorrectly listed Comcast as a backer of Lookout. The list of backers should have included Greylock Partners instead. Fortune regrets the error.

You May Like

EDIT POST