Skip to main content

Fighting cyber attacks and hackers a growth industry? -- 5 pureplay companies you can follow

Cyber attacks against Google have recently been in the news.Yahoo and other companies have been attacked, as well.  Microsoft, in turn, has gone to court to attack a network of malicious botnets. With all this activity in the cyber security arena, it is worth investigating which companies are at the forefront of the battle against hackers. With a wave of concern over hacking attempts, there should be some good investment candidates in the network security sector.

Background --

When I talk about security I'm talking about intrusion detection and protection. An intrusion-prevention system (IPS) is an inline security device that performs deep-packet inspection to identify and block malicious traffic. IPSs are considered an improvement over intrusion-detection systems (IDS), which are passive devices that simply identify an attack but take no action to block it. IPSs are designed to respond in real time to attacks by dropping data packets deemed malicious.

There several ways that intrusion detection and prevention is accomplished:
  • Host Intrusion Detection and Prevention: Businesses add these systems to individual critical hosts or devices residing on the network. This type of IDPS monitors both inbound and outbound packets — but only through the device with which it is associated.
  • Signature-Based Intrusion and Prevention: This type of IDPS is useful for detecting viruses and other types of malware. The product compares all of the packets that flow through it with a database of known threats. Like anti-malware offerings, a signature-based IDPS is only as good as the information it uses, meaning that technology is vulnerable to "zero day" security events. On the other hand, a signature-based IDPS is a very reliable way of defending a network against known threats, which constitute the majority of network perils.
  • Anomaly-Based Intrusion and Prevention: One could describe this kind of IDPS as being naturally suspicious. That's because an anomaly-based IDPS is always looking for something out of the ordinary. The system continuously scrutinizes network traffic and compares it against an established baseline. Any detected deviations from "normal" performance in terms of bandwidth use, ports accessed or devices connected will cause the IDPS to issue an alert and take proactive steps to ensure the network's health. This type of firewall can be particularly effective in helping business cope with DDoS (distributed denial of service) attacks, when large numbers of computers are recruited to join together and bring down a Web site.
State of the industry --

There were a good number of pure play companies in the cyber security space in years past. Over time, however, many of the companies were acquired or combined with each other. Today, we see that Cisco has absorbed Entercept, Wheel Group and Air Force. IBM has acquired Internet Security Systems, also known as ISS. Enterasys now owns Network Security Wizards. Symantec acquired Axent, provider of the Net Prowler product. Juniper, Tivoli and Computer Associates have all bought various IDPS companies. The upshot of all this acquisition activity is that IDPS has become just a small part of some very large companies.

So who's left? In the table below, I present five companies that are still independent, publicly traded and reasonably pure plays in the IDPS sector.

SonicWALL Check Point Software Technologies Fortinet Sourcefire Radware

Valuation Measures

Market Cap 483.24M 7.06B 1.14B 724.23M 341.93M
Trailing P/E 37.59 20.03 21.83 84.7 N/A
Forward P/E 18.18 13.66 46.08 38.36 22.64
PEG Ratio (5 yr expected): 1.49 1.34 3.06 2.27 0.81
Price/Sales (ttm): 2.37 7.59 4.47 6.93 3.15
Price/Book (mrq): 1.58 3.03 7.91 5.58 2.28
Enterprise Value/EBITDA (ttm)3: 13.317 12.681 27.714 55.626 -275.185

Profit Margin (ttm): 6.56% 38.67% 23.87% 8.58% -5.45%
Operating Margin (ttm): 8.26% 45.88% 10.05% 8.01% -6.52%
Income Statement

Revenue Per Share (ttm): 3.72 4.415 9.574 3.91 5.768
Qtrly Revenue Growth (yoy): -0.20% 25.10% 19.70% 37.20% 29.10%
Diluted EPS (ttm): 0.24 1.69 0.78 0.32 -0.31
Qtrly Earnings Growth (yoy): 43.60% 26.70% 453.20% 193.90% N/A
Balance Sheet

Total Cash (mrq): 200.15M 884.00M 260.31M 53.07M 59.09M
Total Cash Per Share (mrq): 3.69 4.228 3.897 1.968 3.129
Cash Flow Statement

Operating Cash Flow (ttm): 35.85M 548.69M 62.32M 20.16M N/A
Levered Free Cash Flow (ttm): 10.82M 430.93M 26.37M -21.91M N/A

The data above is from Yahoo! Finance as of Friday, March 5. It shows that all but one of these companies is profitable and none of them are particularly cheap.

Here is a quick look at each company.

SonicWall (SNWL) focuses almost exclusively on network secruity. Products include hardware/software firewall appliances with deep packet and statefull packet inspection. They provide SSL VPN (virtual private network) products, anti-spam email filtering solutions and backup and recovery products. The company recently announced good earnings and, as the chart shows, the stock took off. Management also offered forward revenue guidance that exceeded analyst expectations.

Check Point Software Technologies (CHKP) is the grandaddy of these companies. Check Point was one of the first companies to introduce the kind of advanced firewall features that I just described above. Given the company's longevity and first-mover advantage it is easy to see why Check Point has the largest market cap of this group of stocks.

Check Point probably has the most extensive and wide-ranging security-related product suite: security gateways (encompassing firewalls, IPS, etc.), security management, encryption solutions for PCs and digital media and complete turnkey systems integrated into hardware appliances. In addition, the company provides consulting and services.

Fortinet (FTNT) offers many of the same network security products discussed above under the umbrella of Unified Threat Managment (UTM). It's offerings include both wired and wireless solutions, robust management and analysis, etc. The company differentiates itself in a couple of areas by offering database security and compliance solutions and patch management and auditing. Fortinet went public in November of 2009 and, like many IPOs, its stock price has fallen back after an initial enthusiastic run-up.

Sourcefire (FIRE) is best known as the creator of SNORT, one the first and most widely used open source network intrusion prevention and detection systems.

Not only is Sourcefire a leader in IDPS systems but they also offer a popular anti-malware product. The company focuses on a number of verticals including healthcare, financial services, government, power and energy, retail and higher education. Given that government regulation is an important aspect in some of these verticals, Sourcefire has opted to create a number of compliance oriented features that are targeted specifically at various objectives of the regulatory regimes. These include detection and inventory of assets on the network, configuration and change management detection and reporting, various kinds of network usage policy enforcement, etc.

Radware (RDWR) is the only stock on our list that isn't currently profitable. With a forward PE of 22 and a PEG of 0.81, apparently there is an expectation that it will be profitable soon. Lack of profitability hasn't seemed to be a drag on its stock price. Just look at it's chart which has been trending steeply upward. The stock has provided a 50% return since November 2009.

Radware is the most diversified of the companies listed in this post. Though they have strong offerings in network security including firewalls, IDPS, PCI Compliance, real-time fraud detection, VPNs and VOIP security they are best known for application acceleration, management and monitoring and network optimization. The company is equally at home in enterprise datacenters and at telecom carriers or Internet service providers.

Conclusion --

The companies profiled above are all in a hot industry sector. All have little to no debt. None of these companies would ever be mistaken for value stocks based on the metrics listed in the table above. All should benefit from the gradual increase in tech spending that seems to be occurring. But will they benefit sufficiently to justify their current valuations?

Check Point is probably the safest investment among this group though its size may make it harder to register outsize returns. Radware is less of a network security pureplay but that may actually be a plus. At the beginning of this post I described how many of the biggest tech companies, Cisco, IBM, Symantec, etc., had acquired network security companies. These large companies will offer stiff competition to the companies discussed in this post.

I can't tell you which of these companies will out-perform but this post should be a good jumping off point for anyone wishing to investigate the sector further.

Disclosure: no positions in any stocks mentioned in this post


Popular posts from this blog

Running TradeRadar on Windows 7 and Windows 8

Development of the original TradeRadar Stock Inspector software was begun back in the days before Windows 7 and Windows 8 were available.

As these newer versions of Windows have become more popular, we have heard from some users that they are having problems installing and running TradeRadar on their newer PCs.

The good news is that TradeRadar will work just fine on Windows 7 and Windows 8. All you have to do is adjust the Windows Compatibility Settings to ensure TradeRadar runs as intended.

It is recommended that you can apply Compatibility Settings when running the initial installation; however, it is also possible to apply Compatibility Settings after the program has been installed.

Prior to installation
After downloading the install program, go to the folder where you have stored the TradeRadarStkInsp_7_Setup.exe or TradeRadarStkInsp_7_PRO_Setup.exe executable. Right-click on the executable file and select Properties. Click the Compatibility tab. Adjust the Compatibility mode to …

Alert HQ has moved!

End of an era!

This site was started way back in 2006/2007 to showcase my blog posts and the Alert HQ buy signals and sell signals. Alert HQ grew to include other kinds of stock alerts including Swing Signals, Trend Busters, Trend Leaders, Cash Flow Kings and more.

In the meantime, I built a sister site, and I started using some of the same Alert HQ content over there. As a result, I am discontinuing the Alert HQ data here at

The good news, however, is that all the Alert HQ signals and stock screens are still completely free. In addition, the pages have been enhanced so that you can hover over a stock symbol and a small chart will pop up so you can get a quick look at the stock's recent price action. If you click on a symbol it will take you to a page with plenty of financial and technical analysis information (still free!) as well as a larger chart that you can play with in terms of adding or deleting indicators, moving averages, etc.

Click …

Durable Goods report for Sept just so-so but Computer segment is on fire

The Durable Goods advanced report for September 2011 was released on Wednesday.

I like to dig into the Durable Goods report because it can be useful for seeing how tech in aggregate is performing and how the sector may perform in the future. I always focus on two particular measures: shipments and new orders. Let's see how it played out last month.

Shipments -- 

I generally give less importance to Shipments since this is a backward looking measure reflecting orders that have been confirmed, manufactured and shipped. It's similar to earnings reports -- it's good to know but the data is in the past and we're more interested in the future. The following chart shows how September shipments looked for the overall tech sector:

Results for the overall tech sector were a bit weak but take a look at the next chart which tracks the Computers and related products segment:

Results here were actually quite good and, to make things even better, the previous month was revised upward.