Baird parses Biden cybersecurity order for impacted stocks

• Yesterday in Notable Calls, Wedbush weighed in on likely positive impacts for cloud software stocks from President Biden's executive order on cybersecurity.
• Now Baird has taken a shot at unpacking implications for software names.
• It's "imprudent to chase names near-term solely with the expectation that they will see a material improvement in business conditions resulting from recent attacks," analyst Jonathan Ruykhaver writes, but that doesn't mean that some technologies aren't more in focus than others in light of recent events.
• As other analysts have noted, the Colonial Pipeline ransomware incident is just one of several in recent months, Baird says, pointing to SUNBURST and the Microsoft Exchange Server attack as examples.
• Digging into what it sees as the key parts of the executive order, Baird focuses primarily on software-as-a-service solutions, given some emphasis in the order around cloud and Zero Trust, and general calls for modernization.
• The order's quite clear about the government taking concrete steps toward Zero Trust adoption, Baird says, and it sees Zero Trust architectures offering superior efficacy vs. legacy castle-and-moat approaches. It points to leaders in this space as CrowdStrike (NASDAQ:CRWD), Zscaler (NASDAQ:ZS) and Okta (NASDAQ:OKTA). (Cloudflare (NYSE:NET) is relevant here as well, if less so in the federal vertical.)
• The EO also is explicit about implementing multi-factor authentication at government agencies, and Baird agrees that's "crucial" to an effective Zero Trust strategy. Most notable here is Okta, though also deserving callouts are Ping Identity Holding (NYSE:PING) and CyberArk (NASDAQ:CYBR).
• And turning to Security Information and Event Management, Baird notes that no explicit mention of SIEM was made, but the order did expand on the need for service providers to effectively collect/report data tied to event prevention, detection and response - and SIEM seems the most likely way to go about that.
• And names most relevant to SIEM in Baird's list are Splunk (NASDAQ:SPLK) and Rapid7 (NASDAQ:RPD), though other companies like FireEye (NASDAQ:FEYE) also have SIEM offerings.
• And all in all, Baird notes detection/mitigation tech is likely to get increased focus in the wake of the executive order. Specific technologies and key players there include PAM and CyberArk; data security and Varonis (NASDAQ:VRNS); and EDR and CrowdStrike.