Security Software Vendors: Over-Valued, But Possibly Ripe for Acquisitions

 |  Includes: CHKP, MFE, SYMC, WBSN
by: Naveen Selvaraj

Four security software vendors reported quarterly results last week and that provided an opportunity to look at their results and gain some understanding of where this industry could be heading. We look at the four vendors results and do a basic comparison on quarterly and fiscal numbers. The four tickers which we focus on are:

  1. Symantec Corporation (Nasdaq:SYMC)
  2. McAfee Inc (NYSE:MFE)
  3. Checkpoint Software Technologies Ltd (Nasdaq:CHKP)
  4. Websense Inc (Nasdaq:WBSN)

While SYMC and MFE have a more comprehensive suite of security products, WBSN is focussed exclusively on internet-security products while Checkpoint is moving from being only internet-security focussed to a more comprehensive security products vendor. This subset therefore has an interesting mix of large-cap comprehensive solution providers and focussed players.

Quarterly Revenue Growth Trends

click to enlarge

Click to enlarge
Source: Gridstone Research

All the four vendors have witnessed a significant slowdown in revenue growth in the Dec08 and Mar09 quarters and understandably so. Growth rates in 2008 and to some part in 2009 to were boosted by acquisitions. For example:

  1. McAfee acquired Secure Computing in November 2008 (which added around ~$40M in annual revenues)
  2. Symantec acquired Altiris in April 2007 ($194M revenue contribution in Fiscal 2008 i.e April07-March08 or quarterly revenues of ~50M) and so McAfee has higher growth rates than SYMC in the last two quarters due to inorganic growth
  3. Checkpoint also acquired Nokia's (NYSE:NOK) enterprise security business in Dec08 quarter and that has helped its revenue growth in last two quarters
  4. Websense acquired Surfcontrol which could have increased its revenue by `15% (estimates based on earnings call discussions)

So even the high growth rates of 2008 can be explained by industry consolidation rather than organic growth alone.The graphic below shows the YOY growth in number of large deals or the subscriber base (WBSN). The operational data which each of these companies report might not be directly comparable but the growth rate trends show a sharp slowdown. The advantage that these companies had was that they 'acquired' growth and also had a good increase in large license/subscription deals.

YOY Growth in Large deals Or Subscriber BaseClick to enlarge
Source: Gridstone Research

The Mar09/Jun09 quarters have seen a sharp drop in such deals being signed, a reason which the SYMC management attributes to the slowdown in topline decline. Customers either reduced number of licenses or signed for shorter-term contracts.

Excerpt from SYMC Jul 30, 2009 conference call:

...However, as of some our enterprise customers focused their spending on shorter term contracts, this resulted in reduced new license revenue in the period.

Therefore, we ended our first quarter with lighter than expected revenue, but with a stronger deferred revenue balance...However, as our customers focus on purchasing fewer new licenses, this has put pressure on our ability to hold margins steady during the June quarter...

Security Software Spending Is Not Recession-Proof

Before the downturn, many analysts and industry followers (including me) expected security software vendors to hold up well because security spending was viewed as non-discretionary and critical for business. Even if many corporates are only reducing their spending by focussing on current needs and postpone purchases for long-term requirements, IT security budgets seem to be under scrutiny and are being re-visted by CIOs and CFOs.

Margins Take A Hit

With sales declining and acquisition costs further eroding margins, the security software vendors are taking a significant hit on margins. For example, SYMC took a huge ~7B goodwill impairment charge in Dec08 while WBSN has posted small profits in Mar-Jun09 after losses in 2008.

Click to enlarge
Source: Gridstone Research

However P/E Still Remains High

However, the expectations on earnings growth from this subset of companies seems high considering that operating profits/margins have declined in recent quarters.

The graphic below shows P/E (where applicable. SYMC and WBSN P/E are not calculated since they have negative EPS on a TTM basis).

Click to enlarge
Source: Gridstone Research

When we compare this with historical P/E ranges, we can see that the P/E at current prices is on the lower side. However earnings have taken a hit in the last 3-4 quarters and the question is if the P/E multiples ares till on the higher side based on long-term growth prospects(In medium term, surely they are growing to grow from the depths of 1H09). For example, MFE currently (based on Jul31,2009 close) trades at P/E of ~39.7 which seems way too high for a company whose earnings per share has increased from $0.43 in 2003 to $1.08 in 2008 (20% CAGR) and based on 1H08 results and 3Q09 guidance, the 2009 EPS could be in the $1.00-$1.1 range. Similarly, CHKP trades at 17 times earnings (based on Jul31 close) while EPS was ~$1.00 in 2003,2004 and grown to $1.5 in 2008 (9 % CAGR). If we calculate the sub-industry CAGR for 2003-08, it would be much lower considering that WBSN and SYMC have negative EPS on a TTM basis.

Click to enlarge
Source: Gridstone Research

Looking at the security software subset, it is difficult to assume that they would grow at the same pace as in the 2003-08 period. Internet or Enterprise Security is no longer the domain of specialist software/hardware companies. Companies like Cisco (NASDAQ:CSCO), Microsoft (NASDAQ:MSFT) and IBM are taking a shot at the security market after the underlying hardware/software applications market gets saturated.

Security Vendors Could Go The BI Vendors Way

Therefore the IT security vendors could go the way of the indepedent BI (Business Intelleigence) vendors. Cognos, Hyperion and Business Objects have all been gobbled up by the software giants as BI became more integrated within the applications. So as 'security' features get increasingly embedded in software or hardware devices or network deployments, the logical path for IT security vendors is to get absorbed into such large software vendors. This could probably be the only way such high valuations can be justified.

Disclosure: No Positions