Skip to main content

Fighting cyber attacks and hackers a growth industry? -- 5 pureplay companies you can follow

Cyber attacks against Google have recently been in the news.Yahoo and other companies have been attacked, as well.  Microsoft, in turn, has gone to court to attack a network of malicious botnets. With all this activity in the cyber security arena, it is worth investigating which companies are at the forefront of the battle against hackers. With a wave of concern over hacking attempts, there should be some good investment candidates in the network security sector.

Background --

When I talk about security I'm talking about intrusion detection and protection. An intrusion-prevention system (IPS) is an inline security device that performs deep-packet inspection to identify and block malicious traffic. IPSs are considered an improvement over intrusion-detection systems (IDS), which are passive devices that simply identify an attack but take no action to block it. IPSs are designed to respond in real time to attacks by dropping data packets deemed malicious.

There several ways that intrusion detection and prevention is accomplished:
  • Host Intrusion Detection and Prevention: Businesses add these systems to individual critical hosts or devices residing on the network. This type of IDPS monitors both inbound and outbound packets — but only through the device with which it is associated.
  • Signature-Based Intrusion and Prevention: This type of IDPS is useful for detecting viruses and other types of malware. The product compares all of the packets that flow through it with a database of known threats. Like anti-malware offerings, a signature-based IDPS is only as good as the information it uses, meaning that technology is vulnerable to "zero day" security events. On the other hand, a signature-based IDPS is a very reliable way of defending a network against known threats, which constitute the majority of network perils.
  • Anomaly-Based Intrusion and Prevention: One could describe this kind of IDPS as being naturally suspicious. That's because an anomaly-based IDPS is always looking for something out of the ordinary. The system continuously scrutinizes network traffic and compares it against an established baseline. Any detected deviations from "normal" performance in terms of bandwidth use, ports accessed or devices connected will cause the IDPS to issue an alert and take proactive steps to ensure the network's health. This type of firewall can be particularly effective in helping business cope with DDoS (distributed denial of service) attacks, when large numbers of computers are recruited to join together and bring down a Web site.
State of the industry --

There were a good number of pure play companies in the cyber security space in years past. Over time, however, many of the companies were acquired or combined with each other. Today, we see that Cisco has absorbed Entercept, Wheel Group and Air Force. IBM has acquired Internet Security Systems, also known as ISS. Enterasys now owns Network Security Wizards. Symantec acquired Axent, provider of the Net Prowler product. Juniper, Tivoli and Computer Associates have all bought various IDPS companies. The upshot of all this acquisition activity is that IDPS has become just a small part of some very large companies.

So who's left? In the table below, I present five companies that are still independent, publicly traded and reasonably pure plays in the IDPS sector.

SonicWALL Check Point Software Technologies Fortinet Sourcefire Radware

Valuation Measures

Market Cap 483.24M 7.06B 1.14B 724.23M 341.93M
Trailing P/E 37.59 20.03 21.83 84.7 N/A
Forward P/E 18.18 13.66 46.08 38.36 22.64
PEG Ratio (5 yr expected): 1.49 1.34 3.06 2.27 0.81
Price/Sales (ttm): 2.37 7.59 4.47 6.93 3.15
Price/Book (mrq): 1.58 3.03 7.91 5.58 2.28
Enterprise Value/EBITDA (ttm)3: 13.317 12.681 27.714 55.626 -275.185

Profit Margin (ttm): 6.56% 38.67% 23.87% 8.58% -5.45%
Operating Margin (ttm): 8.26% 45.88% 10.05% 8.01% -6.52%
Income Statement

Revenue Per Share (ttm): 3.72 4.415 9.574 3.91 5.768
Qtrly Revenue Growth (yoy): -0.20% 25.10% 19.70% 37.20% 29.10%
Diluted EPS (ttm): 0.24 1.69 0.78 0.32 -0.31
Qtrly Earnings Growth (yoy): 43.60% 26.70% 453.20% 193.90% N/A
Balance Sheet

Total Cash (mrq): 200.15M 884.00M 260.31M 53.07M 59.09M
Total Cash Per Share (mrq): 3.69 4.228 3.897 1.968 3.129
Cash Flow Statement

Operating Cash Flow (ttm): 35.85M 548.69M 62.32M 20.16M N/A
Levered Free Cash Flow (ttm): 10.82M 430.93M 26.37M -21.91M N/A

The data above is from Yahoo! Finance as of Friday, March 5. It shows that all but one of these companies is profitable and none of them are particularly cheap.

Here is a quick look at each company.

SonicWall (SNWL) focuses almost exclusively on network secruity. Products include hardware/software firewall appliances with deep packet and statefull packet inspection. They provide SSL VPN (virtual private network) products, anti-spam email filtering solutions and backup and recovery products. The company recently announced good earnings and, as the chart shows, the stock took off. Management also offered forward revenue guidance that exceeded analyst expectations.

Check Point Software Technologies (CHKP) is the grandaddy of these companies. Check Point was one of the first companies to introduce the kind of advanced firewall features that I just described above. Given the company's longevity and first-mover advantage it is easy to see why Check Point has the largest market cap of this group of stocks.

Check Point probably has the most extensive and wide-ranging security-related product suite: security gateways (encompassing firewalls, IPS, etc.), security management, encryption solutions for PCs and digital media and complete turnkey systems integrated into hardware appliances. In addition, the company provides consulting and services.

Fortinet (FTNT) offers many of the same network security products discussed above under the umbrella of Unified Threat Managment (UTM). It's offerings include both wired and wireless solutions, robust management and analysis, etc. The company differentiates itself in a couple of areas by offering database security and compliance solutions and patch management and auditing. Fortinet went public in November of 2009 and, like many IPOs, its stock price has fallen back after an initial enthusiastic run-up.

Sourcefire (FIRE) is best known as the creator of SNORT, one the first and most widely used open source network intrusion prevention and detection systems.

Not only is Sourcefire a leader in IDPS systems but they also offer a popular anti-malware product. The company focuses on a number of verticals including healthcare, financial services, government, power and energy, retail and higher education. Given that government regulation is an important aspect in some of these verticals, Sourcefire has opted to create a number of compliance oriented features that are targeted specifically at various objectives of the regulatory regimes. These include detection and inventory of assets on the network, configuration and change management detection and reporting, various kinds of network usage policy enforcement, etc.

Radware (RDWR) is the only stock on our list that isn't currently profitable. With a forward PE of 22 and a PEG of 0.81, apparently there is an expectation that it will be profitable soon. Lack of profitability hasn't seemed to be a drag on its stock price. Just look at it's chart which has been trending steeply upward. The stock has provided a 50% return since November 2009.

Radware is the most diversified of the companies listed in this post. Though they have strong offerings in network security including firewalls, IDPS, PCI Compliance, real-time fraud detection, VPNs and VOIP security they are best known for application acceleration, management and monitoring and network optimization. The company is equally at home in enterprise datacenters and at telecom carriers or Internet service providers.

Conclusion --

The companies profiled above are all in a hot industry sector. All have little to no debt. None of these companies would ever be mistaken for value stocks based on the metrics listed in the table above. All should benefit from the gradual increase in tech spending that seems to be occurring. But will they benefit sufficiently to justify their current valuations?

Check Point is probably the safest investment among this group though its size may make it harder to register outsize returns. Radware is less of a network security pureplay but that may actually be a plus. At the beginning of this post I described how many of the biggest tech companies, Cisco, IBM, Symantec, etc., had acquired network security companies. These large companies will offer stiff competition to the companies discussed in this post.

I can't tell you which of these companies will out-perform but this post should be a good jumping off point for anyone wishing to investigate the sector further.

Disclosure: no positions in any stocks mentioned in this post


Popular posts from this blog

Brazil - in a bubble or on a roll?

A couple of years ago, no one recognized the real estate bubble even though it was under everyone's nose. Now, analysts and bloggers are seeing bubbles everywhere they look. One of them, they say is in Brazil whose Bovespa stock market index has doubled in the last 12 months. Does the bubble accusation hold water? I don't think so and here are 7 reasons why Brazil is by no means a bubble economy: Exports have held up over the past year thanks to demand from China for Brazil's soya exports and iron ore. This was helped by the the Brazilian government's drive to improve trade links with Asia and Africa. Export diversification, spurred by a more active trade policy and increased focus on "south-south" trade under current president Lula, helped mitigate the decline in demand from OECD (Organization for Economic Co-operation and Development) countries A "sensible" economic framework has been in place since the 1990's. This has included inflation

Trade Radar gets another update

Some of our data sources changed again and it impacted our ability to load fundamental/financial data. In response, we are rolling out a new version of the software: 7.1.24 The data sourcing issues are fixed and some dead links in the Chart menu were removed. So whether you are a registered user or someone engaged in the free trial, head over to our update page and download the latest version. The update page is here: Contact us if you have questions or identify any new issues.

Thursday Bounce: Trend Busters, Swing Signals and Trend Leaders for July 9, 2009

This is a quick post to announce that we have published Thursday's Trend Leaders, Swing Signals and Trend Busters at Alert HQ . All are based on daily data. Today we have the following: 72 Swing Signals -- A couple of days ago we had 35 signals, today we have twice as many. Happily, we now have 65 BUY signals, a mere 4 SELL Signals plus 3 Strong BUYs. Whoo-hoo! 56 Trend Leaders , all in strong up-trends according to Aroon, MACD and DMI. There are 18 new stocks that made today's list and 60 that fell off Tuesday's list. 48 Trend Busters of which 5 are BUY signals and 43 are SELL signals The view from Alert HQ -- Talk about mixed signals. If you look at our Swing Signals list you would think the market was in the middle of a big bounce. BUY signals are swamping the SELL signals and we even have a few Strong BUYs. Yes, there's a good sprinkling of tech stocks and tech ETFs but the distribution is pretty broad-based with a good number of different sectors represented, eve