Skip to main content

Fighting cyber attacks and hackers a growth industry? -- 5 pureplay companies you can follow

Cyber attacks against Google have recently been in the news.Yahoo and other companies have been attacked, as well.  Microsoft, in turn, has gone to court to attack a network of malicious botnets. With all this activity in the cyber security arena, it is worth investigating which companies are at the forefront of the battle against hackers. With a wave of concern over hacking attempts, there should be some good investment candidates in the network security sector.

Background --

When I talk about security I'm talking about intrusion detection and protection. An intrusion-prevention system (IPS) is an inline security device that performs deep-packet inspection to identify and block malicious traffic. IPSs are considered an improvement over intrusion-detection systems (IDS), which are passive devices that simply identify an attack but take no action to block it. IPSs are designed to respond in real time to attacks by dropping data packets deemed malicious.

There several ways that intrusion detection and prevention is accomplished:
  • Host Intrusion Detection and Prevention: Businesses add these systems to individual critical hosts or devices residing on the network. This type of IDPS monitors both inbound and outbound packets — but only through the device with which it is associated.
  • Signature-Based Intrusion and Prevention: This type of IDPS is useful for detecting viruses and other types of malware. The product compares all of the packets that flow through it with a database of known threats. Like anti-malware offerings, a signature-based IDPS is only as good as the information it uses, meaning that technology is vulnerable to "zero day" security events. On the other hand, a signature-based IDPS is a very reliable way of defending a network against known threats, which constitute the majority of network perils.
  • Anomaly-Based Intrusion and Prevention: One could describe this kind of IDPS as being naturally suspicious. That's because an anomaly-based IDPS is always looking for something out of the ordinary. The system continuously scrutinizes network traffic and compares it against an established baseline. Any detected deviations from "normal" performance in terms of bandwidth use, ports accessed or devices connected will cause the IDPS to issue an alert and take proactive steps to ensure the network's health. This type of firewall can be particularly effective in helping business cope with DDoS (distributed denial of service) attacks, when large numbers of computers are recruited to join together and bring down a Web site.
State of the industry --

There were a good number of pure play companies in the cyber security space in years past. Over time, however, many of the companies were acquired or combined with each other. Today, we see that Cisco has absorbed Entercept, Wheel Group and Air Force. IBM has acquired Internet Security Systems, also known as ISS. Enterasys now owns Network Security Wizards. Symantec acquired Axent, provider of the Net Prowler product. Juniper, Tivoli and Computer Associates have all bought various IDPS companies. The upshot of all this acquisition activity is that IDPS has become just a small part of some very large companies.

So who's left? In the table below, I present five companies that are still independent, publicly traded and reasonably pure plays in the IDPS sector.

SonicWALL Check Point Software Technologies Fortinet Sourcefire Radware

Valuation Measures

Market Cap 483.24M 7.06B 1.14B 724.23M 341.93M
Trailing P/E 37.59 20.03 21.83 84.7 N/A
Forward P/E 18.18 13.66 46.08 38.36 22.64
PEG Ratio (5 yr expected): 1.49 1.34 3.06 2.27 0.81
Price/Sales (ttm): 2.37 7.59 4.47 6.93 3.15
Price/Book (mrq): 1.58 3.03 7.91 5.58 2.28
Enterprise Value/EBITDA (ttm)3: 13.317 12.681 27.714 55.626 -275.185

Profit Margin (ttm): 6.56% 38.67% 23.87% 8.58% -5.45%
Operating Margin (ttm): 8.26% 45.88% 10.05% 8.01% -6.52%
Income Statement

Revenue Per Share (ttm): 3.72 4.415 9.574 3.91 5.768
Qtrly Revenue Growth (yoy): -0.20% 25.10% 19.70% 37.20% 29.10%
Diluted EPS (ttm): 0.24 1.69 0.78 0.32 -0.31
Qtrly Earnings Growth (yoy): 43.60% 26.70% 453.20% 193.90% N/A
Balance Sheet

Total Cash (mrq): 200.15M 884.00M 260.31M 53.07M 59.09M
Total Cash Per Share (mrq): 3.69 4.228 3.897 1.968 3.129
Cash Flow Statement

Operating Cash Flow (ttm): 35.85M 548.69M 62.32M 20.16M N/A
Levered Free Cash Flow (ttm): 10.82M 430.93M 26.37M -21.91M N/A

The data above is from Yahoo! Finance as of Friday, March 5. It shows that all but one of these companies is profitable and none of them are particularly cheap.

Here is a quick look at each company.

SonicWall (SNWL) focuses almost exclusively on network secruity. Products include hardware/software firewall appliances with deep packet and statefull packet inspection. They provide SSL VPN (virtual private network) products, anti-spam email filtering solutions and backup and recovery products. The company recently announced good earnings and, as the chart shows, the stock took off. Management also offered forward revenue guidance that exceeded analyst expectations.

Check Point Software Technologies (CHKP) is the grandaddy of these companies. Check Point was one of the first companies to introduce the kind of advanced firewall features that I just described above. Given the company's longevity and first-mover advantage it is easy to see why Check Point has the largest market cap of this group of stocks.

Check Point probably has the most extensive and wide-ranging security-related product suite: security gateways (encompassing firewalls, IPS, etc.), security management, encryption solutions for PCs and digital media and complete turnkey systems integrated into hardware appliances. In addition, the company provides consulting and services.

Fortinet (FTNT) offers many of the same network security products discussed above under the umbrella of Unified Threat Managment (UTM). It's offerings include both wired and wireless solutions, robust management and analysis, etc. The company differentiates itself in a couple of areas by offering database security and compliance solutions and patch management and auditing. Fortinet went public in November of 2009 and, like many IPOs, its stock price has fallen back after an initial enthusiastic run-up.

Sourcefire (FIRE) is best known as the creator of SNORT, one the first and most widely used open source network intrusion prevention and detection systems.

Not only is Sourcefire a leader in IDPS systems but they also offer a popular anti-malware product. The company focuses on a number of verticals including healthcare, financial services, government, power and energy, retail and higher education. Given that government regulation is an important aspect in some of these verticals, Sourcefire has opted to create a number of compliance oriented features that are targeted specifically at various objectives of the regulatory regimes. These include detection and inventory of assets on the network, configuration and change management detection and reporting, various kinds of network usage policy enforcement, etc.

Radware (RDWR) is the only stock on our list that isn't currently profitable. With a forward PE of 22 and a PEG of 0.81, apparently there is an expectation that it will be profitable soon. Lack of profitability hasn't seemed to be a drag on its stock price. Just look at it's chart which has been trending steeply upward. The stock has provided a 50% return since November 2009.

Radware is the most diversified of the companies listed in this post. Though they have strong offerings in network security including firewalls, IDPS, PCI Compliance, real-time fraud detection, VPNs and VOIP security they are best known for application acceleration, management and monitoring and network optimization. The company is equally at home in enterprise datacenters and at telecom carriers or Internet service providers.

Conclusion --

The companies profiled above are all in a hot industry sector. All have little to no debt. None of these companies would ever be mistaken for value stocks based on the metrics listed in the table above. All should benefit from the gradual increase in tech spending that seems to be occurring. But will they benefit sufficiently to justify their current valuations?

Check Point is probably the safest investment among this group though its size may make it harder to register outsize returns. Radware is less of a network security pureplay but that may actually be a plus. At the beginning of this post I described how many of the biggest tech companies, Cisco, IBM, Symantec, etc., had acquired network security companies. These large companies will offer stiff competition to the companies discussed in this post.

I can't tell you which of these companies will out-perform but this post should be a good jumping off point for anyone wishing to investigate the sector further.

Disclosure: no positions in any stocks mentioned in this post


Popular posts from this blog

Brazil - in a bubble or on a roll?

A couple of years ago, no one recognized the real estate bubble even though it was under everyone's nose. Now, analysts and bloggers are seeing bubbles everywhere they look. One of them, they say is in Brazil whose Bovespa stock market index has doubled in the last 12 months. Does the bubble accusation hold water? I don't think so and here are 7 reasons why Brazil is by no means a bubble economy: Exports have held up over the past year thanks to demand from China for Brazil's soya exports and iron ore. This was helped by the the Brazilian government's drive to improve trade links with Asia and Africa. Export diversification, spurred by a more active trade policy and increased focus on "south-south" trade under current president Lula, helped mitigate the decline in demand from OECD (Organization for Economic Co-operation and Development) countries A "sensible" economic framework has been in place since the 1990's. This has included inflation

Unlock Stock Market Profits - Key #1

This is the first in an ongoing series of articles where I discuss what I feel are keys to successful investing. It is based on a post that provides a summary of the ten keys that individual investors should use to identify profitable stock trades. ( Click here to read the original post ) There are two basic steps to investing. First, you need to find stocks that seem to have some potential. Then you have to determine whether these stocks are actually good investments. There are many stocks that at first glance look interesting, but further research reveals that there are too many negatives to warrant taking a position. This first post in the series starts at the beginning: getting good investment ideas. Key #1: If something special is happening to a stock, it will be reflected in some kind of unusual activity in the markets. As individual investors, we will never be the first to know; however, unusual activity can be an early sign that allows us to follow the Wall Street professional

Unlock Stock Market Profits - Key #4

This is the fourth article in a series of posts describing 10 tools to help you identify and evaluate good investing ideas. It is based on a post that provides a summary of the ten keys that individual investors should use to identify profitable stock trades. ( Click here to read the original post ) With this fourth post, we will continue another step along the path of finding stocks that seem to have some potential. The first post in the series discussed how to use unusual activity to identify investing ideas. The second post described how to use stock screeners. The third post described how to use lists of new highs and new lows. This post will focus on identifying social or business trends in order to find investing ideas. Information on new trends might turn up anywhere. In conversation with friends or business associates, in newspapers or magazines, on TV or though your work. The key is to be aware of trends and how they start, stop or change. We'll start by describing what