Unless you have been living in a cave these past couple of years you will doubtless be aware that the subject of cyber security has become a hot topic both domestically and internationally. The recent attack by North Korea on Sony was just the latest and most headline-grabbing example.
The Sony attack was exacerbated by the fact that this may be the first time that a national government has singled out and attacked an individual corporation. This raises the bar in terms of what we could be facing down the road. Prior to the Sony incursion, both Target and Home Depot were hacked causing considerable damage to the reputation of both corporations and it's hard to imagine more will not follow. However, as far as we know, a foreign government did not orchestrate those attacks.
Doubtless there have been numerous country-to-country attacks, some of them widely reported. U.S. officials have pointed to China in particular, claiming it mounted repeated attacks against U.S. facilities. But the United States has been active as well. It was widely reported that the U.S. managed to attack and damage Iran's nuclear facilities by placing viruses in their centrifuge servers, causing the entire facility to grind to a halt.
Last week President Obama and British Prime Minister David Cameron agreed to a series of cyber war games to test our readiness to repel enhanced attacks from other countries. The Joint Chiefs of Staff has identified cyber security as one of America's major vulnerabilities as a nation and I'm sure that Canadian officials are deeply concerned as well.
In the light of all this, there's no doubt that in corporate boardrooms worldwide and throughout defense sectors around the globe experts are doing complete reviews of the vulnerabilities and capabilities against this very real threat. You can easily imagine that the phones are ringing off the hook at the consulting firms and software companies that provide security services to both corporations and governments. For this reason we decided this month to look at the ways you can play what is likely to be a multi-year rush to secure our computer and Internet systems worldwide.
Back in the early years of the Internet, companies like McAfee (since acquired by Intel) would sell inexpensive software to protect our laptops and home computers. Windows computers were considered the most vulnerable and Macintosh users seldom bothered with security software at all. As Wi-Fi use proliferated, identity theft and password hacking to get financial information seemed to be everywhere. As a result, a number of companies have produced enterprise-level security systems that have come to be relied upon by corporations and governments everywhere.
Recently, the ever-vigilant ETF community launched a product to give investors exposure to this area. It's called the PureFunds ISE Cyber Security ETF and the symbol is, appropriately enough, HACK. This fund is run by a small provider called PureFunds (pureetfs.com/index.html). The company only has two funds, the second one being an ETF that invests in junior silver miners.
HACK has only been trading for a couple of months so there is no real track record to work with and of course the market has been extremely volatile so it's difficult to assess how this fund will do. However, it is up roughly 6% since it was launched. It is helpful, though, to run through their top 10 holdings as of the middle of January. Most of the names are the ones you should research to increase exposure to this important sector. I intend to look at two of them but investors can simply buy the ETF or cherry pick one or two of the issues on their list and add them to your portfolio.Palo Alto Networks
First, I want to look at Palo Alto Networks Inc. (NYSE: PANW), which is trading near its all-time high of $129.42 (figures in U.S. dollars). This is a very stable stock and the chart looks beautiful. Nearly every analyst that covers it has a buy rating on the stock.
Palo Alto provides sophisticated firewall systems through their security platform and they are the fastest-growing cyber security company that I'm aware of. They have over 21,000 customers in 120 countries around the world and 75 of the Fortune top 100 companies use Palo Alto as their cyber security provider.
Revenue is growing quickly. For example, for the first quarter of fiscal 2015 (to Oct. 31), the company grew revenue by 50% to a record $192.3 million and they should be able to continue that high growth rate for some time to come. In fact, the company has projected second-quarter 2015 revenue will come in between $200 million and $204 million, which would be a year-over-year growth rate of 42%-45%.
However, and here is where I want to inject a note of caution, Palo Alto is not profitable. It reported a first-quarter loss of $30.1 million ($0.38 a share, fully diluted, based on GAAP standards). That was worse than the previous year's loss of $7.9 million ($0.11 per share). The company says it is profitable on a non-GAAP basis, which defines non-GAAP net income as net income (loss) plus share-based compensation expense and related payroll taxes, acquisition related costs, amortization expense of acquired intangible assets, litigation related charges including legal settlements, and non-cash interest expense related to the company's convertible senior notes.
"Palo Alto Networks believes that excluding these items from non-GAAP net income and non-GAAP diluted net income per share provides management and investors with greater visibility into the underlying performance of the company's core business operating results, meaning its operating performance excluding these items and, from time to time, other discrete charges that are infrequent in nature, over multiple periods," a note to the financial statements said.
On a non-GAAP basis, Palo Alto management projects a profit of between $0.16 and $0.17 a share in the current quarter.
The company has over 1,900 employees around the world and they have added over 1,000 customers every quarter for the last 12 consecutive quarters. The company has also been making acquisitions, recently acquiring Cyvera, a privately held cyber security company located in Israel.
I believe this should be a core holding for any forward-looking portfolio, however the stock is not cheap. According to Capital IQ, the forward p/e ratio for fiscal 2016 is a bloated 85.62. Cautious investors may want to watch for a price pullback although based on recent performance and the growing demand for these services, that seems unlikely.
Action now: Buy with a target of $150. The shares closed Friday at $126.81.FireEye Inc.
The second company I want to draw your attention to is FireEye Inc. (NDQ: FEYE) which is far more volatile than Palo Alto. It went public last year and since then the stock has been pummeled and is currently trading 66% below its high of $97.35.
So why look at it? It's been trading sideways for some time and continues to have issues with lawsuits brought by disgruntled investors who watched their market position get destroyed. But I have a feeling that once things settle down the stock could easily double based on the company's strong revenue growth. But be warned, this is not a stock for the faint of heart.
FireEye provides real-time threat assessment for its customers based on a virtual machine platform that they invented. The system is well-regarded and from their website we are told that they protect five out of the six major telecom companies, five of the top ten financial institutions, seven of the top energy companies, seven of the top ten high-tech companies, and five of the top ten aerospace defense contractors. It was FireEye that Sony called to help them figure out who it was that attacked them and how they could shore up their defenses.
If you go to the FireEye website at fireeye.com/ you will see an alarming cyber threat map that as I write this column is reporting over 24,000 attacks on this day alone.
Financially, the company is growing quickly on the top line but still losing money. Third-quarter revenue (to Sept. 30) came in at $114.2 million, up 168% year-over-year. However, the GAAP net loss was $120 million ($0.83 per share) while the non-GAAP loss was $73.9 million ($0.51 per share).
For the fourth quarter of 2014 (results to be released next month) the company projected billings in the range of $195 million to $210 million with losses of between $0.46 and $0.50 a share.
Cautious investors may want to wait and see the fourth-quarter results before establishing a position. More aggressive investors may want to take a small stake now and add more later, depending on how the quarterly report goes.
Action now: Buy with a target of $40. The shares closed Friday at $34.93.
Interestingly, one of the things that Sony did while they were going through the attack was to shut down all their iPhones and reactivate some old BlackBerries that they found in the basement. So an outside beneficiary of all the cyber security concerns, ironically, might be BlackBerry, which has been trying to remake itself into a security software provider. Their handhelds still provide the best email security in the market.
Disclosure: The author is long FEYE.