- FireEye's valuation borders on the absurd, 16x 2015 revenue and roughly equal to its TAM in 2017.
- Target having FireEye appliances yet still being hit by a serious APT is very telling. FireEye is a complementary solution.
- Lockups remove scarcity and insiders are selling.
FireEye's (NASDAQ:FEYE) rising stock price brings back vivid memories of my tenure at Goldman Sachs during the Internet bubble. A stock would be deemed "cheap", because it was trading at only 30x revenue (while its peers were trading at 40x). I thought those days were over. Yet, FEYE (a fairly recent IPO) now trades at roughly 30x 2014 revenue (at the time of publication in PTT). As a former portfolio manager, I can't justify this on any metric. In my recollection, investors have never been able to make money on established companies trading at 30+ times projected revenue.
FireEye has the leading security solution to prevent Advanced Persistent Threats ((APTs)), the latest buzzword in security circles. APTs are nothing more than sophisticated attacks that sneak into an organization, locate valuable information (e.g. credit card info) and send that info back to the perpetrator undetected. Existing security solutions like anti-virus and firewalls cannot effectively prevent APTs.
With the front page news that Target was hacked leaving tens of millions of credit cards exposed, the call for a solution was loud. FireEye quickly emerged as the best solution on the market. Unfortunately, APT prevention is only a part of a corporation's security platform. FireEye's appliance does not mean a customer can forego endpoint protection, firewall, secure web gateway, or intrusion prevention. Target (NYSE:TGT) had plenty of FireEye appliances but it did not prevent the APT as the appliances flash warnings but you need many highly trained security professionals to respond with the proper remediation. Having FireEye appliances is like having a fire alarm, it will likely warn you (including false positives) but you still need the fire fighters to put out the fire. (No pun intended). According to Gartner- "Advanced threat protection appliances are largely a complementary technology rather than a replacement of endpoint or signature based protection solutions".
The target customer for APT appliances is high end enterprise, early technology adopters and government entities who want the latest and greatest security gadgets and have dedicated budget ready to deploy. Clearly over the last two years, we have seen these buyers gobble up APT appliances aggressively in order to prevent themselves from being the next victim. As a result FireEye has seen its revenue skyrocket from $33 million in 2011 when APTs started gaining notoriety to $162 million in 2013, a CAGR of 169%.
However, as is the case with most high growth companies, the law of large numbers, customer saturation, and increased competition starts to slow growth. Most recently, FireEye's product and revenue growth decelerated to 59%/81% y/y vs. 79%/95% and 73%/108% in the June and September quarters, respectively. Of course, 70% growth is great, but putting it into context versus prior quarters of 100%+ shows a marked deceleration.
In fact, FireEye has been growing its sales force by 150% y/y to achieve much lower revenue (and decelerating) growth rates. That is not a recipe for success. Further, now that most large enterprises have deployed APT solutions to some extent, buyers are starting to show some buyer's remorse. According to Gartner FireEye purchasers, "Similar to other security products that lack clear regulatory drivers, Gartner customers claim during inquiry calls that they have difficulties proving business value to management to justify the costs of these (Fire Eye) products."
FireEye currently has the best APT appliance on the market but competition is picking up. Worse yet, that competition is coming strong from big industry stalwarts like Cisco (NASDAQ:CSCO), Check Point (NASDAQ:CHKP), Fortinet (NASDAQ:FTNT), and Palo Alto Networks (NYSE:PANW).
The Time Is Right
Timing is important when it comes to shorts. In my experience, the best time to initiate a short position is when all the shorts have given up (also known as capitulation). In this case, a recent short squeeze has run its course, precipitated by a secondary offering of 14 million shares. The secondary nearly doubles the float to 31.5 from 17.5 million post the IPO.
As it turns out, 8.4 million of those shares were sold by existing shareholders, including the founder. To make matters worse, FEYE priced the offering at $82, an 8.5% discount to its previous day's closing price (2-5% is the norm). In my opinion, management realized that an 8.5% discount still represented a great price at which to cash out.
Investors seemingly caught on to this the following day. The stock "broke" the $82 deal price, closing at $81.04. It is well-known on Wall Street that a broken deal price is generally a very bearish sign. It indicates massive selling pressure that even the underwriters (in this case Morgan Stanley, Barclays, JPMorgan and Goldman Sachs) cannot handle.
Another sign that timing is on our side is the large acquisition of Mandiant. FireEye acquired Mandiant for $1 billion, roughly 10x revenue, in a mostly stock deal ($106.5 million cash and 21.5 million shares). Mandiant was a high profile leader in the incident response space. The problem with acquiring Mandiant instead of continuing the partnership is that there are few obvious synergies. Mandiant and FireEye target different buyers, end point protection and network operations, respectively. Acquiring Mandiant instead of continuing the partnership tells me FireEye realizes that their growth is decelerating and competition is heating up and the only way to ward it off is by buying growth.
Acquiring a company so shortly after going public is very rare and should cause one to ask "if growth is so spectacular in your core business, why are you taking on additional risk and management's attention to pursue adjacent areas?" Of course, it's not overpaying when you use overvalued shares that trade at 30x revenue to buy a "less overpriced" target for 10x. Using mostly equity, CEO Dave Dewalt must realize his valuation is absurd and wants to use his inflated currency to buy the many missing pieces of security that FireEye is missing.
Don't be surprised if Dewalt does more and more acquisitions using his overinflated currency. The key question becomes "what companies are naïve enough to take an extremely overvalued currency like FEYE?"
What the Current Valuation Implies
At today's market cap of $13 billion, FEYE trades at roughly the total addressable market estimated by IDC for all security products, in 2017. According to Gartner in 2013 the total security market revenue was $13.5 billion, broken down as follows: Firewall ($7.5 billion), Intrusion Prevention ($1.2 billion), Endpoint Protection ($3.4 billion), and Secure Web Gateway ($1.4 billion). FEYE's assertion that Mandiant triples its total addressable market to $30-40 billion is laughable.
Morgan Stanley's software analyst Keith Weiss (who I think is the best software analyst on the Street) estimates a bull case of $3.2 billion revenue (up from $162 million today), operating margins of 25% (from -72% today) to arrive at a 2019 free cash flow margin of 21% and discounting it back at 12.5% discount rate arriving at the ultra-bull case scenario of $94. In other words, if FireEye executes flawlessly for the next 5 years, the stock is worth $94 today.
Disclosure: I am short FEYE. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it. I have no business relationship with any company whose stock is mentioned in this article.