FireEye: The Black Swan And The Aftermath

| About: FireEye, Inc. (FEYE)


Cyber attacks are shrinking in size.

Post breach remedies are not driving revenue for FireEye like before.

A value creating growth catalyst is increasingly hard to come by.

Click to enlarge

Cyber attacks have always existed since the invention of the internet. From the days of the Morris worm to Stuxnet, networks, and internet-enabled devices have been constantly placed under threat.

This gave birth to a cottage industry of cyber security companies. Over the years, attacks got so big that traditional security solutions became useless. AVs, IPS, IDS, firewalls were all helpless in the face of sophisticated malware and state-sponsored hack attacks.

The attacks reached an all-high starting from 2013 with the rapid attacks on US banks and retail outlets to name a few. Target (NYSE:TGT), Sony (NYSE:SNE), Home Depot (NYSE:HD), JP Morgan (NYSE:JPM) and most recently Yahoo (NASDAQ:YHOO)were all undone with hacks of varying scale and complexity.

For security vendors, the embarrassment became unbearable, prompting them to rebrand and consolidate their security offerings. AVs, IPS, and IDS gave way to NGFWs, malware sandboxes, APTs and threat intelligence clouds. A new industry was created overnight to combat advanced cyber threats.

In the case of FireEye (NASDAQ:FEYE), the company decided that combating and preventing cyber-attacks was an overkill and nearly impossible. Rather, it ingeniously devised a business model to simulate the attacks before deciding if a packet of ingress traffic stands the chance of contaminating a network. This method was highly successful at containing APT attacks given the scores of successful deals the company won.

This model would not have been birthed without the incessant large-scale cyber-attacks that happened between 2013-2015. This is not to say that large-scale data breaches did not exist in the past. We had Operation Aurora targeted at Google (NASDAQ:GOOG) (NASDAQ:GOOGL), Duqu, and Stuxnet to name a few. What never happened was the rapid succession with which they occurred. Suddenly, it was easy to conclude that a new month would give us a fresh data breach to talk about.

However, like all black swan events, all strange things become increasingly rare to come by. I am not saying data breaches would cease to happen, the question is, would they continue to happen at such a large scale and rapid rate to enable businesses like FireEye to return enough value to its shareholders. To test this hypothesis, we have to study a few changes that have occurred in the global market that are related to security.

Low hanging fruits

Attackers have picked all the low hanging fruits and there is no doubt about that. In fact, it is this scarcity of cheap hacks that led to the proliferation of large-scale cyber-attacks. As script kiddies and criminal hackers continue to jostle for cheap entry points into networks, traditional OEMs like Microsoft and Apple are making it hard to easily penetrate into endpoints. A successful hack attack will require a large security budget and take a longer time for the mission to be successful.

For example, attacks that cause denial of service and bandwidth exhaustion are now practically impossible due to the high throughput of network devices and the adoption of CDNs, which comes at a relatively cheap cost.

Increase in Security budget

After the series of attacks witnessed by a number of large US and EU corporations in the past years, large organizations, SMBs, and governments all over the world have increased their security spending. Those who are in the habit of taking security with laxity are beginning to put it at the front and center of their priorities.

In fact, security is becoming a new way of marketing technology solutions, with customers and users consistently worried about their online privacy.

Bug hunting Programs

A bug-hunting program is a security initiative set up by an organization to reward security researchers who responsibly disclose vulnerabilities found in the technology products of the affected company.

The incentive for security researchers to scan and test internet-enabled devices for vulnerabilities has helped manufacturers and OEMs alike to reduce the number of new vulnerabilities found on each device.

The initiative has also prompted a number of criminal hackers to switch sides from the dark hat side to the white hat side due to the monetary incentive.

Sophistication of security technologies

After the massive embarrassment faced by security firms, a number of firms were forced to consolidate their security offerings. New products were released with multi-functional capabilities. The NGFW had inbuilt IPS, IDS, virus scanning, signature database, malware sandbox subscription, and a threat intelligence feed. The UTM (unified threat management) was also built as a new firewall with IPS and IDS capabilities in a single appliance.

Competition & Commoditization

With more security solutions becoming more software-based, the cost of capital lowered the entry barriers for new entrants into the security market. This made it hard for best-of-breed security solution providers to command a premium.

The Cisco (NASDAQ:CSCO) effect created by networking giants like Cisco, Checkpoint (NASDAQ:CHKP), Symantec (NASDAQ:SYMC) and IBM (NYSE:IBM), who acquired some of these small players made it hard for firms like FEYE to grow at the market-projected rate. However, that is a topic for another day.

Cloud Security & SAS

The proliferation of cloud security poses a serious security challenge to physical appliance providers. FEYE still relies on hardware boxes, which are deployed on -premise. The race to own the cloud space has begun and all FireEye has to show for it is a threat intelligence cloud. Symantec, Forcepoint, and Cisco have amassed a portfolio of cloud security solutions including CASBs, SSL-decryption solutions, web gateways, CDNs and cloud-based firewalls.

While all these are happening, FEYE is still busy orchestrating its IR and malware sandboxes.

Investor takeaway

In 2006, a hedge fund called Amaranth, named after a flower that never dies had to shut down after it lost close to $7billion in a few days. FEYE IPOed in 2013 and 3 years later, its growth has withered.

Large scale attacks will no longer happen at the rate they used to. For a company like FireEye whose business model centers on post-breach remedies, investors are better off putting their money elsewhere. Any upside that occurs will only be driven by two things: cost efficiency and a few hacks every now and then. Mitigating these hacks is still subject to FEYE's ability to win RFPs.

I have tried to search for a future catalyst that exists to make FEYE a long-term value play. Sadly, I am yet to find any. If you feel a catalyst exists to pull FEYE out of troubled waters it's heading, feel free to share in the comment section below.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.

I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.