Cyber attacks against Google (GOOG) have recently been in the news. Yahoo (YHOO) and other companies have been attacked, as well. Microsoft (MSFT), in turn, has gone to court to attack a network of malicious botnets.
With all this activity in the cyber security arena, it is worth investigating which companies are at the forefront of the battle against hackers. With a wave of concern over hacking attempts, there should be some good investment candidates in the network security sector.
When I talk about security I'm talking about intrusion detection and protection. An intrusion-prevention system (IPS) is an inline security device that performs deep-packet inspection to identify and block malicious traffic. IPSs are considered an improvement over intrusion-detection systems (IDS), which are passive devices that simply identify an attack but take no action to block it. IPSs are designed to respond in real time to attacks by dropping data packets deemed malicious.
There several ways that intrusion detection and prevention is accomplished:
- Host Intrusion Detection and Prevention: Businesses add these systems to individual critical hosts or devices residing on the network. This type of IDPS monitors both inbound and outbound packets — but only through the device with which it is associated.
- Signature-Based Intrusion and Prevention: This type of IDPS is useful for detecting viruses and other types of malware. The product compares all of the packets that flow through it with a database of known threats. Like anti-malware offerings, a signature-based IDPS is only as good as the information it uses, meaning that technology is vulnerable to "zero day" security events. On the other hand, a signature-based IDPS is a very reliable way of defending a network against known threats, which constitute the majority of network perils.
- Anomaly-Based Intrusion and Prevention: One could describe this kind of IDPS as being naturally suspicious. That's because an anomaly-based IDPS is always looking for something out of the ordinary. The system continuously scrutinizes network traffic and compares it against an established baseline. Any detected deviations from "normal" performance in terms of bandwidth use, ports accessed or devices connected will cause the IDPS to issue an alert and take proactive steps to ensure the network's health. This type of firewall can be particularly effective in helping business cope with DDoS (distributed denial of service) attacks, when large numbers of computers are recruited to join together and bring down a Web site.
State of the industry --
There were a good number of pure play companies in the cyber security space in years past. Over time, however, many of the companies were acquired or combined with each other. Today, we see that Cisco (CSCO) has absorbed Entercept, Wheel Group and Air Force. IBM (IBM) has acquired Internet Security Systems, also known as ISS. Enterasys now owns Network Security Wizards. Symantec (SYMC) acquired Axent, provider of the Net Prowler product. Juniper (JNPR), Tivoli and Computer Associates have all bought various IDPS companies. The upshot of all this acquisition activity is that IDPS has become just a small part of some very large companies.
So who's left? In the table below, I present five companies that are still independent, publicly traded and reasonably pure plays in the IDPS sector.
|SonicWALL||Check Point Software Technologies||Fortinet||Sourcefire||Radware|
|PEG Ratio (5 yr expected):||1.49||1.34||3.06||2.27||0.81|
|Enterprise Value/EBITDA (ttm)3:||13.317||12.681||27.714||55.626||-275.185|
|Profit Margin (ttm):||6.56%||38.67%||23.87%||8.58%||-5.45%|
|Operating Margin (ttm):||8.26%||45.88%||10.05%||8.01%||-6.52%|
|Revenue Per Share (ttm):||3.72||4.415||9.574||3.91||5.768|
|Qtrly Revenue Growth (yoy):||-0.20%||25.10%||19.70%||37.20%||29.10%|
|Diluted EPS (ttm):||0.24||1.69||0.78||0.32||-0.31|
|Qtrly Earnings Growth (yoy):||43.60%||26.70%||453.20%||193.90%||N/A|
|Total Cash (mrq):||200.15M||884.00M||260.31M||53.07M||59.09M|
|Total Cash Per Share (mrq):||3.69||4.228||3.897||1.968||3.129|
|Cash Flow Statement|
|Operating Cash Flow (ttm):||35.85M||548.69M||62.32M||20.16M||N/A|
|Levered Free Cash Flow (ttm):||10.82M||430.93M||26.37M||-21.91M||N/A|
The data above is from Yahoo! Finance as of Friday, March 5. It shows that all but one of these companies is profitable and none of them are particularly cheap.
Here is a quick look at each company.
SonicWall (SNWL) focuses almost exclusively on network secruity. Products include hardware/software firewall appliances with deep packet and statefull packet inspection. They provide SSL VPN (virtual private network) products, anti-spam email filtering solutions and backup and recovery products. The company recently announced good earnings and, as the chart shows, the stock took off. Management also offered forward revenue guidance that exceeded analyst expectations.
Check Point Software Technologies (CHKP) is the grandaddy of these companies. Check Point was one of the first companies to introduce the kind of advanced firewall features that I just described above. Given the company's longevity and first-mover advantage it is easy to see why Check Point has the largest market cap of this group of stocks.
Check Point probably has the most extensive and wide-ranging security-related product suite: security gateways (encompassing firewalls, IPS, etc.), security management, encryption solutions for PCs and digital media and complete turnkey systems integrated into hardware appliances. In addition, the company provides consulting and services.
Fortinet (FTNT) offers many of the same network security products discussed above under the umbrella of Unified Threat Managment (UTM). It's offerings include both wired and wireless solutions, robust management and analysis, etc. The company differentiates itself in a couple of areas by offering database security and compliance solutions and patch management and auditing. Fortinet went public in November of 2009 and, like many IPOs, its stock price has fallen back after an initial enthusiastic run-up.
Sourcefire (FIRE) is best known as the creator of SNORT, one the first and most widely used open source network intrusion prevention and detection systems.
Not only is Sourcefire a leader in IDPS systems but they also offer a popular anti-malware product. The company focuses on a number of verticals including healthcare, financial services, government, power and energy, retail and higher education. Given that government regulation is an important aspect in some of these verticals, Sourcefire has opted to create a number of compliance oriented features that are targeted specifically at various objectives of the regulatory regimes. These include detection and inventory of assets on the network, configuration and change management detection and reporting, various kinds of network usage policy enforcement, etc.
Radware (RDWR) is the only stock on our list that isn't currently profitable. With a forward PE of 22 and a PEG of 0.81, apparently there is an expectation that it will be profitable soon. Lack of profitability hasn't seemed to be a drag on its stock price. Just look at it's chart which has been trending steeply upward. The stock has provided a 50% return since November 2009.
Radware is the most diversified of the companies listed in this post. Though they have strong offerings in network security including firewalls, IDPS, PCI Compliance, real-time fraud detection, VPNs and VOIP security they are best known for application acceleration, management and monitoring and network optimization. The company is equally at home in enterprise datacenters and at telecom carriers or Internet service providers.
The companies profiled above are all in a hot industry sector. All have little to no debt. None of these companies would ever be mistaken for value stocks based on the metrics listed in the table above. All should benefit from the gradual increase in tech spending that seems to be occurring. But will they benefit sufficiently to justify their current valuations?
Check Point is probably the safest investment among this group though its size may make it harder to register outsize returns. Radware is less of a network security pureplay but that may actually be a plus. At the beginning of this post I described how many of the biggest tech companies, Cisco, IBM, Symantec, etc., had acquired network security companies. These large companies will offer stiff competition to the companies discussed in this post.
I can't tell you which of these companies will out-perform, but this post should be a good jumping off point for anyone wishing to investigate the sector further.
Disclosure: No positions in any stocks mentioned in this post