Target, Neiman Marcus, Home Depot, Michael’s, Kmart, Dairy Queen, JPMorgan Chase. Seemingly every week another major company becomes a victim of some sort of security breach aimed at stealing critical, sensitive customer information, such as Social Security and credit card numbers, intellectual property or details about new products, formulas and services that could provide an advantage to competitors. One industry vendor estimates that 97 percent of all organizations, from business to government, have been breached.
The increased frequency and sophistication of security breaches have persuaded a growing number of companies to shell out larger sums to protect their networks, business and trade secrets; they realize that their old antivirus software and firewalls can no longer protect them. This, in turn, has created a huge industry among companies that offer products and services that help prevent breaches and secure and repair computer networks. The total market for cybersecurity products and services grew from $53 billion in 2011 to $58 billion in 2013, according to a report from the Center for Strategic and International Studies (CSIS), a Washington-based bipartisan nonprofit organization, citing data from technology research specialist International Data Corp. Business demand rose by 14.7 percent during the same period, while consumer demand increased by 10.7 percent, the report adds. Technology research expert Gartner estimates that worldwide spending on information security will hit $71.1 billion in 2014, up 7.9 percent from 2013, and climb to $76.9 billion next year.
The rapid industry growth has caught the attention of some investors, who have been wildly bidding up the stocks of companies peddling increasingly sophisticated cybersecurity solutions. Recently, several sell-side analysts have either started covering the group of stocks or upgraded their ratings on them.
“Cyberbreaches are only going to accelerate and their magnitude increase,” says Brent Thill, who follows the industry for UBS. “Boards of directors are freaked out.” At the 2014 Delivering Alpha Conference, Lee Ainslie III, co-founder of Dallas-based hedge fund firm Maverick Capital, singled out the cybersecurity industry as one of two attractive investment plays (along with mergers and acquisitions in general). “Every corporation and small business must spend more money to defend themselves,” Ainslie told the audience.
Yet while the Maverick chief was talking up the industry and many sell-side analysts were raising their price targets on several cybersecurity stocks, in the second quarter Ainslie’s firm and the few other hedge fund managers with investments in the industry were unloading some of their shares. Analysts say hedge funds and other professional investors are underrepresented in the group. Those with investments typically have just one or two positions in the sector.
In any case, others are jumping in. Wall Street’s sell side has gravitated to a half dozen or so relatively newer names, which are mostly pure plays — security is virtually all they do. Here is a rundown of the most popular cybersecurity stocks followed by analysts.
Check PointSoftware Technologies
When Check Point Software Technologies burst onto the scene in 1993, its blockbuster FireWall-1 product and its stateful inspection technology — which monitors all of a network’s connections and blocks nonlegitimate connections from occurring — were considered revolutionary. The technology is still widely used today.
Founded by chairman and CEO Gil Shwed, current vice chairman Marius Nacht and Shlomo Kramer, who left in 2002 and went on to create Imperva, Check Point has expanded over the years to offer a wide range of information technology security products and services.
In 2009 it introduced the Software Blade architecture, which observers called a breakthrough next-generation product that prevents threats to networks. It allows customers to tailor their security needs without adding more expensive hardware, especially when new threats emerge. Today, Check Point boasts that it is the only company that can provide “total security for networks, data and endpoints, unified under a single management framework.”
Even so, after 21 years and with a $14 billion market capitalization, the Tel Aviv–based company is not as nimble and fast-growing as some of its smaller, newer competitors. Revenue came in last year at $1.4 billion, up 3.9 percent from the previous year and just 11.9 percent from 2011. However, unlike many of its competitors, Check Point is solidly profitable, earning $653 million in 2013, up 5 percent from 2012 and 20 percent from 2011.
Check Point is “one of the most profitable companies in the world,” proclaims Paul Wick, who manages the Seligman Tech Spectrum Fund, a long-short technology strategy he has run since 2001. Wick also heads the Columbia Seligman Communications and Information Fund, a $3.7 billion mutual fund.
Wick points to Check Point’s operating margins, which are in the upper–50 percent range, and strong balance sheet. “They are a cash machine,” he adds. “They are frugal and have taken advantage of the local universities [to hire talent]. It is not a fast grower anymore, but it has innovated nicely.”
Check Point’s shares do not experience the same roller-coaster-like volatility as many of its smaller competitors because the company rarely disappoints investors. In October, Check Point’s stock jumped more than 5 percent in one day after the company reported revenue and earnings that beat expectations. In fact, after Check Point beat third-quarter forecasts, several firms, including New York–based Needham & Co., raised their price targets and upgraded their ratings. Credit Suisse now forecasts a 7.7 percent year-over-year increase in revenue, slightly ahead of the consensus forecast.
However, Check Point still has a lot of room to win over potential customers. Andrew Nowinski, a senior research analyst at Minneapolis-based Piper Jaffray Cos., does not officially follow the company but says that according to his regular sales channel survey, Check Point was the most frequent loser among vendors displaced in favor of Palo Alto Networks. Even Credit Suisse — a big fan of the company and its stock — concedes that although resellers and distributors of Check Point products generally like the company’s Threat Emulation Blade to protect against advanced persistent threats, they rate FireEye and Palo Alto’s products more positively. (APTs occur when hackers gain access to a network and are able to stay for long periods of time without being detected.)
Meanwhile, like most cybersecurity stocks, Check Point does not have a big hedge fund following. In the second quarter Dallas-based Carlson Capital — one of just a few hedge fund firms of note with any position in the stock — unloaded its entire stake of more than 612,000 shares.
However, Chicago-based Citadel and New York’s Valinor Management each boosted their positions by more than 150,000 shares. As a result, Check Point was Valinor’s tenth-largest position as of the end of the second quarter.
FireEye
On the surface, there are reasons for investors to be excited about FireEye, a Milpitas, California–based company that specializes in a new generation of software and services to detect, stop and investigate computer and network hack attacks using what the company calls cloud-based intelligence and virtual machine technology.
On January 2, FireEye announced it had spent $1 billion to acquire Mandiant, a company known for sending in emergency response teams to service corporate computers that had suffered significant hacks to their systems from state-sponsored intruders like China. Wall Street was already excited about FireEye’s threat prevention platform, which essentially tries to trick a hacker into thinking he is penetrating a real vulnerable environment. Once the hacker does bad things to the network, the FireEye platform captures and contains it.
In other words, the company’s virtual machine technology creates a cloned version of a PC to examine what really happens when a person opens any files, links or e-mails. This fools the hacker and his malicious files into starting their activities, which FireEye’s technology detects and blocks. The company then shares this information with its customers in real-time. FireEye says its technology is able to block “a very well-funded or nation-state backed hacker — what we call an advanced persistent threat.”
“FireEye is the gold standard” for this product, asserts Piper Jaffray’s Andrew Nowinski. “With the combination of Mandiant, FireEye delivers the most comprehensive platform for detecting, blocking and remediating threats across the network and endpoints,” adds a recent Morgan Stanley report.
The company’s shares, which traded at about $40 when the year began, surged nearly 40 percent in the days following its announcement that it had acquired privately held Mandiant. Two months later they passed $95. Giddy investors noted that FireEye’s revenue virtually doubled last year without Mandiant and has swelled nearly fivefold over the past two years.
However, the company has an earnings problem — as in, it has never made money since its public debut in September 2013 and has lost money going back to at least 2009 — and some Wall Streeters are worried that it is burning through cash. The person charged with stanching the bleeding and making money from FireEye’s rapid revenue growth is David DeWalt, who has served as CEO since November 2012 after being brought in as chairman that May. He replaced Ashar Aziz, who founded FireEye in 2004 and served as chief technology officer from November 2012 to April 2014. Today, Aziz is vice chairman of the board and chief strategy officer.
DeWalt is no stranger to the cybersecurity business. He was president, CEO and director of McAfee from April 2007 until February 2011, when that company was acquired by Intel Corp. He stayed on for six months after the merger.
FireEye reported total billings of $165 million for the third quarter of 2014, up 133 percent year-over-year and 6 percent ahead of consensus forecasts, according to Morgan Stanley. Revenue rose 168 percent, to $114.2 million. However, the company reported a GAAP net loss of $120 million, compared with a loss of $51 million in the comparable 2013 quarter. The stock dropped 15 percent on the news and closed at about $32 in early November.
DeWalt pointed out in the earnings call that FireEye had introduced Adaptive Defense, which the company describes as “a new approach to security that combines FireEye technology, security services and intelligence to provide comprehensive cybersecurity to businesses” and also quickly fixes the companies that do get breached. FireEye-as-a-Service is offered as part of Adaptive Defense to allow customers ranging from small companies to large enterprises to deploy FireEye technologies and services via a subscription.
Despite the eye-popping growth numbers, total revenue and product revenue came in below expectations, Morgan Stanley notes.
Even so, several analysts have their highest ratings on the stock, including Nowinski, who says channel checks have shown that FireEye and Palo Alto Networks have consistently outperformed the rest of the industry’s vendors over the past eight quarters.
The few hedge fund firms that are invested in FireEye have very small positions that are inconsequential to their portfolios. They include New York–based Tiger Global Management and London-based GLG Partners.
Fortinet
Fortinet founder Ken Xie always considered himself an entrepreneur.
Xie, who earned bachelor’s and master’s degrees from China’s prestigious Tsinghua University, where both of his parents were professors, built a radio when he was seven and founded his first company at age 29, in 1993. The company, Stanford Information Systems, developed and sold firewalls; Xie launched it with classmates at Stanford University, where he was a Ph.D. candidate.
The company never enjoyed much success, and Xie never did finish his doctorate. But the experience taught him important lessons about technology, marketing and selling that helped him when he co-founded his second company, NetScreen Technologies, in 1997. NetScreen, which sold security software as well as hardware with an operating system, was acquired by Juniper Networks in 2004. But Xie had long since left, following a dispute with Sequoia Capital, an investor in the company, over Sequoia’s choice of CEO. He quit in 1999 and in 2000 launched Sunnyvale, California–based Fortinet, a maker of network security appliances.
One of the company’s products, FortiGate, provides a wide array of functions, including a firewall, a virtual private network, antivirus software, intrusion prevention, web filtering, antispam functions and WAN (wide area network) acceleration, which is a technology designed to speed up certain applications over the Internet. Its FortiManager “enables administrators and businesses to manage the configuration and security functions of FortiGate products,” according to a company spokeswoman. Its FortiAnalyzer products collect, analyze and track content and data generated by Fortinet’s products.
In 2013 the company earned $44 million on $615 million in revenue. Although revenue jumped 15 percent from the previous year, earnings fell 33 percent, mostly because of a surge in research and development costs and selling, general and administrative costs. In October 2014, Fortinet reported that third-quarter revenue had surged nearly 25 percent, to $193.3 million. On the other hand, GAAP net income was $4.1 million, down from the $11 million the company reported for the same quarter in 2013. Even so, Xie, who serves as Fortinet’s chairman and chief executive officer, was upbeat.
He may have reason to be: The stock closed north of $27 in early November and is up more than 60 percent from its December 2013 low of $16.76. Investors apparently got spooked by the abrupt resignation that month of Ahmed Rubaie, the company’s chief operating officer and chief financial officer, who had taken the job less than eight months earlier. The announcement caused the stock to drop 13 percent over a two-day period.
At the time, Wall Street analysts reaffirmed their support for the stock, and they are still sweet on it. Today, UBS calls the company “a high quality, reasonably priced asset.” UBS expects Fortinet’s price-earnings multiple to rise more in line with its peers, in part because the bank believes the company’s growth will pick up again.
Meanwhile, Fortinet was one of just three cybersecurity stocks to which Piper Jaffray assigned its highest rating when it began covering the industry in August. “We believe billings growth could continue to accelerate on the heels of increasing growth of large enterprise deals,” Piper Jaffray said in its report. “Fortinet is one of the few vendors with an end-to-end solution capable of defending against [advanced persistent threats].” Today, Piper Jaffray has an outperform rating on Fortinet’s stock and UBS has a buy rating.
The stock still has not caught on with the hedge fund crowd, however. In fact, in the second quarter several hedge funds liquidated their stakes in Fortinet, including two New York–based firms, Ricky Sandler’s Eminence Capital and John Lykouretzos’ Hoplite Capital Management.
Imperva
When security software maker Imperva named Anthony Bettencourt as president and CEO in August, the move didn’t just mark a typical technology company transition from the founder — in this case, from co-founder and CEO Shlomo Kramer. It also signaled to the investment and cybersecurity communities that the Redwood Shores, California–based company might be for sale.
After all, Bettencourt’s résumé stands out for the two other companies he sold while at their helms. San Francisco software company Coverity was acquired by Mountain View, California–based Synopsys in March 2014, and Sunnyvale, California’s Verity was bought by Cambridge, England–based Autonomy Corp., an enterprise software company, in 2005.
“As the company works through its recent execution issues, we see Mr. Bettencourt’s hiring as an incrementally positive development,” Deutsche Bank told clients at the time of the announcement.
The bank no doubt was partly alluding to the fact that in early April Imperva preannounced first-quarter results that were much worse than its previous guidance, causing the stock to plummet about 44 percent in one day.
Kramer, who had also co-founded Check Point Software Technologies, mostly blamed extended sales cycles for larger deals — meaning that it took longer to close deals than had been anticipated — that “led to delays in receiving anticipated orders from customers, particularly in the U.S., which resulted in lower than expected revenue for products.”
However, Bettencourt’s hiring was part of a larger shake-up at the company established in 2002 by Israeli-born Kramer, who took it public in 2011 and continues to serve as chairman and chief strategy officer. Bettencourt’s hiring came on the heels of the departure in March of Imperva’s head of sales.
Then in October, Bettencourt announced several critical personnel moves. He named Michael Mooney to the new role of chief revenue officer, overseeing Imperva’s worldwide sales, maintenance and renewal teams. Kim DeCarlis was made chief marketing officer, while Mark Kraynak, formerly senior vice president of worldwide marketing, moved into the newly created position of chief product officer.
Imperva says it fills the gaps in endpoint and network security by protecting applications and data in physical and virtual data centers and the cloud. SecureSphere, the company’s integrated security platform, is designed to neutralize cyberattacks, theft and fraud from inside and outside the organization. In early 2014, Imperva acquired Incapsula and Skyfence. Incapsula is a cloud-based application delivery service; Skyfence is designed to enable cloud-based applications such as Salesforce.com, NetSuite, Office 365 and Google Apps to operate safely.
The company’s revenue rose about 33 percent, to nearly $138 million, in 2013 and climbed nearly 75 percent in two years. However, Imperva is losing money, to the tune of $25 million in 2013, up from a loss of some $7 million the previous year and a $10 million loss in 2011.
When Piper Jaffray initiated coverage of five cybersecurity stocks in August, it included Imperva but assigned it only a neutral rating. At the time, the investment bank noted that although Imperva is considered the market leader in web security, it has limited exposure to other key markets, which Piper Jaffray said will “limit new customer growth.” It also pointed out that Imperva’s new-customer growth of 32 percent over the past three years greatly lags that of companies with broader portfolios of products, such as Palo Alto Networks, which has enjoyed 69 percent growth, and FireEye, with 107 percent growth.
On October 30, however, Imperva reported a loss that was much smaller than analysts had expected, raising hopes that the company is turning the corner under Bettencourt. Investors bid up the shares by nearly 26 percent that day alone.
“The company is well positioned to benefit from demand driven by the increase in size and frequency of cyberattacks due to our best-in-class data center security solutions,” said Bettencourt in making the announcement.
Or, at the very least, Imperva is more attractive to potential buyers. Whether it will be attractive to hedge funds is another question. Imperva has virtually no hedge funds among its top 25 investors. And the stock is a very small part of the portfolios of the hedge fund firms with positions in the shares.
Palo Alto Networks
Palo Alto Networks founder Nir Zuk got his first computer as a gift from his parents when he was a teen growing up in Israel, and he taught himself to program. Shortly afterward, he wrote some of the first computer viruses.
But after that early brush with hacking, Zuk went legit. He was recruited by an elite unit during his mandatory stint in the Israeli military, which was looking for a computer whiz. Afterward, Zuk joined then–cybersecurity pioneer Check Point Software Technologies, where he spent five years and developed a product called Floodgate that complemented a company’s firewall. The job was so demanding that it prevented him from earning a college degree.
It didn’t matter. After spending five years at Check Point, Zuk, frustrated that his entrepreneurial instincts were being quashed, took a leave to launch his own company, OneSecure, a business focused on developing an innovative intrusion detection and prevention system. OneSecure was acquired in 2002 by NetScreen Technologies, which was in turn scooped up by Juniper Networks.
Once again feeling stymied by bureaucracy, Zuk left in 2005 to launch Palo Alto Networks. His goal at the time was to redefine the firewall market, introducing a next-generation firewall that emphasized protections based on users, applications and content in a world where users want to be able to use their apps wherever they go, at any time, with any device.
Today, Palo Alto focuses on securing applications and preventing known and unknown cyberthreats from infiltrating a customer’s critical assets. The company’s enterprise security platform includes the Next Generation Firewall, the Palo Alto Networks Threat Intelligence Cloud — which maximizes the sharing of threat intelligence — and Advanced Endpoint Protection for devices such as cell phones, tablets and cash registers. The company also sells Panorama, which manages a distributed network of firewalls from a centralized location.
Santa Clara, California–based Palo Alto — which has more than 1,700 employees throughout the world — has become one of the fastest-growing cybersecurity concerns, posting nearly $600 million in revenue in the fiscal year ended July 31, 2014. That’s 51 percent more than in the previous year and more than double the $255 million the company generated in the 2012 fiscal year.
Not surprisingly, the stock has been a Wall Street sensation ever since it went public in July 2012. The shares traded at about $107 in early November, up more than 150 percent from their initial public offering price of $42.
Palo Alto Networks “invented a better mousetrap,” writes Dennis Puri, who co-founded Hunt Lane Capital, a New York hedge fund firm, in October 2013, in a recent letter to clients. Puri said Palo Alto, a core position for his firm’s main fund since inception, was Hunt Lane’s biggest winner in the first three quarters of this year and now accounts for its largest position — 9.5 percent of its portfolio.
In August 2011, one year before it went public, Palo Alto brought in Mark McLaughlin as president and CEO; he added the chairman’s job the following year. McLaughlin was previously president and CEO of Verisign, best known for maintaining Internet domain names, working there for 12 years. These days Palo Alto is one of the most favored cybersecurity stocks among Wall Street’s sell side. In August, Piper Jaffray initiated coverage of the company with an overweight rating and a $100 price target. In recent months several other Wall Street firms have raised their price targets on the stock, including Credit Suisse; Stifel, Nicolaus & Co.; and UBS. Hedge funds, however, have not jumped on the ride just yet. In fact, in the second quarter Lee Ainslie’s Maverick Capital cut more than half its stake in the company and Brookside Capital, which is part of Bain Capital, liquidated its position.
Symantec Corp.
Wall Street analysts and investors were highly skeptical when Symantec Corp. acquired storage-management-software giant Veritas Software Corp. in 2005 for $13.5 billion, figuring that the merged company — which currently has a market cap of $17.4 billion — would have trouble creating even greater value as one entity.
So when Symantec, maker of the ubiquitous Norton AntiVirus software and NetBackup appliance, announced on October 9 that it plans to separate its security and information management businesses, Wall Street and Silicon Valley observers uttered a collective cry of “It’s about time.” Veritas specialized in storage and Symantec in security, and analysts say that over the years the two companies mostly continued to operate separately.
“We long believed that Symantec could not continue to simply maintain the status quo in regards to the company’s strategy and operational structure,” Credit Suisse tells clients in a recent report, reminding them that since 2010 it has been calling for a breakup of the company.
“Ten years later, it appears that these concerns were largely founded, with the two companies continuing to operate largely independently and, perhaps more importantly, both suffering from weak market perception and a lack of investment,” Stifel Nicolaus explains in a recent report.
Stifel adds that both the storage and security businesses have experienced slow growth, raising concerns about their ability to thrive as separate companies. The firm says Symantec’s problems far exceed the lack of synergies between its two primary businesses: security and storage. “We see a security business that is increasingly viewed as a functional laggard by customers and partners,” Stifel notes. “Symantec has seen moderate improvement in its security practice.”
The decision to break up the company came shortly after Michael Brown was named Symantec’s chief executive in late September after serving as interim president and CEO since March. In a press release announcing the spin-off, he stressed that security and information management require distinct strategies, focused investments and market innovation.
“Separating Symantec into two, independent publicly traded companies will provide each business the flexibility and focus to drive growth and enhance shareholder value,” asserted Brown, who previously served as chairman and chief executive officer of Quantum Corp. and had sat on Symantec’s board following its merger with Veritas. One month after the spin-off announcement, the company revealed plans to lay off 2,000 employees.
Symantec is one of the oldest companies in the cybersecurity industry. Founded in 1982, Mountain View, California–based Symantec contends in official announcements that the market share of its security business, which generated $4.2 billion in revenue in fiscal 2014, is twice that of its nearest competitor in a market it says is forecast to top $38 billion in 2018. “The company’s security business sees more, analyzes more, and knows more about security threats than any other company in the world,” Symantec asserts.
In laying out the strategy for the security business when announcing the planned split, the company highlighted future opportunities in a variety of markets, including the upcoming delivery of what it calls a unified security platform that “integrates threat information from its Symantec products” and its Norton antivirus products.
The company also sees a big opportunity in managed security services, noting that the industry in general is expected to grow annually by 30 percent through 2018, to $10 billion. It also recently announced plans to streamline nine core offerings into one “flagship subscription service,” Norton Security.
Symantec, however, will need to win back investors — at least, the hedge funds that supported it earlier this year. In the second quarter several well-known hedge funds dumped their entire stakes.
Jeffrey Ubben’s San Francisco–based activist firm ValueAct Capital Partners sold all of its shares after taking a small position in the first quarter. In addition, Carlson Capital and Westport, Connecticut–based Bridgewater Associates unloaded their entire stakes, and Greenwich, Connecticut–based Tudor Investment Corp. and New York’s Moore Capital Management sold all of their call option positions in the stock.
