A lot of BlackBerry (BB) bulls have been passing around the narrative that BlackBerry bought the Swiss army knife of cybersecurity by purchasing Cylance. This acquisition was made to accelerate the launch of BlackBerry’s IoT platform. Are they right? I know you're curious to know what BlackBerry actually bought and what it's capable of. Let's break it down.
What is Cylance?
Cylance is an endpoint security solution. What is an endpoint? A laptop, phone, workstation, server, and any internet-enabled device that interacts with end-users. Think office laptop, your smartphone, your child's iPad.
Before, companies used signatures to detect cyber threats. What you do is compare your file signature with the malware signature in your antivirus, and if there's a match, beep...beep, you get an alert that there's a virus on your device. Cylance totally improves on that. Using artificial intelligence, Cylance is able to detect, prevent, and alert you of an imminent cyber-attack or data breach before it occurs.
As a customer, that's a huge leap from traditional AVs (antiviruses) that are so weak that they are often locked down by violent malware before a cyber attack occurs. Remember that time your AV wouldn't start? Yes, it was under a cyber attack. That's why most AVs don't work anymore. They're too slow and can't withstand zero-day or nation-state attacks.
BlackBerry bought a solution that protects enterprises and small businesses with multiple endpoints from the most sophisticated attack vectors. If you read any of the product data sheets, you'll walk away with the knowledge that Cylance can protect against any cyber threat no matter how advanced in form. That's true on the surface level.
However, the internet stack has several layers and dimensions. These layers and dimensions can be attacked in multiple sophisticated ways. What are the true layers Cylance can defend?
What can Cylance do?
Cylance works from the network to the application layer. Think of Cylance like a next-generation antivirus. It can protect all endpoints a traditional AV will guard, including files, browsers, login attacks, web attacks and emails. Or, if you've ever used Norton by Symantec (SYMC), remember Symantec? Yes, BlackBerry bought a Symantec. The only difference is that Cylance is more of a role player.
For example, Cylance can't protect your database. If you're a database administrator, then you'll be thinking Imperva (IMPV). Cylance can't protect your entire network. That's the job of next-generation firewalls from vendors like Palo Alto (PANW) and Fortinet (FTNT). Cylance isn't a privilege escalation solution that protects against spear phishing attacks targeted at Fortune 500 execs; that's the job of CyberArk (CYBR). While it's also advertised as an APT (advanced persistent threat) solution, it's not as deep into that domain as FireEye (FEYE) or Proofpoint (PFPT).
How do we value Cylance?
A cyber security provider is first value based on the total addressable market covered by its products. At the next layer is the level of competition in its segment(s). Next, we consider its current market share and growth rate. Lastly, we consider its innovativeness, TCO (total cost of ownership) of its products and services, and its ability to use its balance sheet to achieve growth at a leaner margin compared to competitors. The cybersecurity industry is a growing field, the least that is expected of any player in this field is a double-digit growth.
Cylance plays in the endpoint/IoT/APT segments. That's three for one without considering its incidence response or consulting service.
Radicati estimates that the endpoint market ($8.6 billion in 2018) will grow to $13 billion by 2022. This will be driven by the growing BYOD trend expanding the number of devices that can potentially be attacked by cyber threats. Another favourable trend is the population bust in emerging economies and Asia. More people are plugging to the web, and most users plug straight into the hands of cyber attackers.
The APT market is smaller in size to the endpoint market. It's projected to grow to $8.6 billion in 2022, according to Radicati. It currently stands at $4.5 billion. An APT or advanced persistent threat is an attack vector aimed at stealing information. Think cyber espionage.
Cylance is facing competition in the endpoint segment, its biggest niche. As indicated in the Gartner quadrant above, it appears the entry barrier to block a zero-day attack is low.
Source: NSS Labs
In terms of the efficiency of its product, there isn’t much difference in effectiveness, though its TCO is higher compared to most vendors using data from NSS Labs. This makes it tough to command a premium valuation.
In terms of its market share, Cylance has more room to grow. 10% of the endpoint market is $860m. Cylance isn't close to that in ARR. There's no doubt the synergies with BlackBerry Spark solution will expand its value proposition as it leverages upon the BB brand to capture more market share.
BlackBerry has cemented its spot as a strong player in the future of cybersecurity with the acquisition of Cylance. However, while a premium valuation is typical amongst early-stage start-ups like Cylance, valuing BB as such doesn't necessarily translate into value. The cybersecurity industry is rife with IPO booms and eventual valuation busts. To compare BlackBerry to CrowdStrike (CRWD) in other to command a forward price to sales ratio of 32 is simply exorbitant. CrowdStrike will eventually settle to its intrinsic value just like FireEye and Carbon Black (CBLK).
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.