Intrusion Rally Still Has Legs

| About: Intrusion, Inc. (INTZ)


Intrusion (INTZ) is a little known security company with several interesting products.

TraceCop is a stable cash flow generating product that has a unique database which makes the product difficult to dislodge from the market.

Growth opportunities lie in its new product Savant, the sale of which goes largely through a big channel partner selling it under their own name and ramping up efforts.

Not widely known is that Savant beat a much bigger competitor to a substantial order, sign of market acceptance.

Intrusion (OTCQB:INTZ) develops, markets and supports a family of entity identification, high speed data mining, advanced persistent threat detection, regulated information compliance, data privacy protection and network intrusion prevention/detection products.

The company also offers a wide range of services, including design and configuration, project planning, training, installation and maintenance. They also sell third party product, but this isn't a strategic activity as these are standard items (PCs, servers, etc.), which they configure with their products.

Some metrics

  • $32M market cap (at $2.5 a share)
  • 12.4M of shares outstanding, of which a whopping 73% are held by insiders
  • However, fully diluted (that is, when all current options with an excise price below $1 are exercised and all preferred stock are converted), the share count will rise by 25% to nearly 15.4M (see 10K p10-11)
  • These preferred shares (there are series of these) also command a cash dividend of a total of $151K in 2013, which is not an unsubstantial sum although these payments would disappear upon conversion
  • The company was profitable in 2013, generating 623K and, perhaps more importantly, generating free cash flow of $1.3M
  • Gross margins are at a healthy 65%
  • $1.8M in debt

Market opportunity

With all the revelations about NSA spying and other high profile security breaches [at Target (NYSE:TGT), financial institutions, corporate espionage etc.] and risk such as the heartbleed (a bug in SSL, the most used encryption code on the internet), this is an interesting sector and the company is faced with important market opportunities.

Companies will have to spend more and on better tech as the costs data breaches are large and take many forms (man-hours, loss of trust, compromised systems, regulatory compliance violations, lawsuits, etc.).


Of course, these opportunities mean little if the company doesn't have the right capabilities and products to meet demand. Their main product families are:

  • TraceCop: the legacy product for identity identification with an unmatched internet usage, domain name, and traffic database going back to the 1990s. TraceCop is a solid product generating high-margins and cash flows
  • Savant: a product for data mining and advanced persistent threat detection in real-time
  • Compliance Commander: a product that monitors and filters data traffic in real-time, preventing sensitive data from leaking. Often, companies are not even aware of this happening (like in the Target case)
  • Secure Taps enabling easy, fast, and robust deployment of any of Intrusion's network security appliances.

TraceCop and Savant are the most important ones. The first is their mainstay product which has a database which nobody else has, which gives it a solid market position that is difficult to dislodge. Savant is the product on which most hope for new growth is placed.

The company has engaged a high-level sales channel partner which has embarked on some 80 trials, mostly with customers of significant size, producing reports (which generate $15K in sales) showing how their networks and systems are compromised.

These sales leads take time to materialize into sales of Savant but the company has previously expressed optimism of being able to convert 10-20% of these leads into actual sales. Their partner is putting more security specialist to work in the sales process, this is critical as it is rather specialized stuff they are dealing with.

Savant is cutting edge, it takes a different approach compared to most of the competition, in the sense that it looks inside out, rather than outside in. The latter it typical of the mainstay signature approach, which looks for threads comparing them to databases of existing threats.

Savant's approach is to assume that the system and/or network is already compromised, but this isn't a problem as long as there is no communication to the intruder's base, which is exactly what Savant is looking for.

Savant also keeps 10 years of network traffic logs, while it's typical in the industry to keep only 30 days. This enables companies using Savant to identify which host was infected first and which systems the hackers first established a beachhead on long after it happened. During the Q2 conference call (NYSE:CC) the company was optimistic that at least 8 will convert to full clients.

To see the importance of this you have to realize that it takes 243 days on average to identify a new network compromise. If you have only 30 days of network traffic logs, it's very difficult to ascertain which system was compromised first and where the threat came from.

Q2 figures

These were somewhat disappointing as sales of Savant, on which most of the growth potential is build, amounted to only $40k, compared to $620K for Q2 2013 and the company swung into a net loss, albeit moderate, of $22K (versus a profit of $205K in Q2 2013), which is roughly break-even level.

However, this seems a bit of an aberration, as orders for Q3 were already totaling $360K at the time of reporting (Aug 11). The conference call was rather interesting (no transcript, but you can listen to it here). That order came from a single client. Implementation is initially limited to one campus (for $400K a year), but this will be expanded to eight campuses (in the order of $2.5M a year, with discounts).

Perhaps most noteworthy was that in achieving this order, the company beat Mandiant, the company taken over by FireEye (NASDAQ:FEYE) for $1B in January. Whilst only one client, we think this is nevertheless a significant sign of market acceptance of Savant.

This little piece of info wasn't widely available as the sale came through the channel partner with no PR or disclosure of the competitive situation available (the product is sold under the partner's name). So while the company operated at break-even level of $1.8M in sales, Q3 looks to be a lot better. TraceCop is getting new clients in Q3, per the CC, and Q3 orders for Savant already up significantly when not even half-way through the quarter.


While Savant is cutting edge at present, there is no guarantee that this will remain the case and the company, mainly due to its size, doesn't spend a great deal on R&D.


The company has a very low break-even point of just $1.8M quarterly revenue run, but with the legacy product TraceCop's slowly gaining and expected future gains for their flagship product Savant, things look likely to increase. Beating out Mandiant is a significant sign of market acceptance.

Considering that FireEye and Cisco paid over 10x revenue for competitors Mandiant and Sourcefire, the shares are also rather cheap, on the same multiple the shares could easily double, let alone if revenue starts to grow significantly, which is what we expect. The rally seems to have started (the shares are at $2.50 at the time of writing), we think it still has legs.

Disclosure: The author is long INTZ.

The author wrote this article themselves, and it expresses their own opinions. The author is not receiving compensation for it (other than from Seeking Alpha). The author has no business relationship with any company whose stock is mentioned in this article.

Editor's Note: This article covers one or more stocks trading at less than $1 per share and/or with less than a $100 million market cap. Please be aware of the risks associated with these stocks.