Image: Computer hacker © Gunay Mutlu, Getty Images

Beyoncé's bank account info lands online, along with Michelle Obama's. Intruders break into the computers of the Federal Reserve.

Consumer websites of giants such as JPMorgan Chase (JPM) are shut down. Twitter gets hacked, exposing account passwords of a quarter-million people. Spies roam freely in New York Times (NYT) computers, presumably looking for story sources.

The list of shocking computer-security breaches goes on and on, and the stakes are high. So far, no one has shut down a power grid or messed with a nuclear reactor -- that we know of -- but given the prowess of global hackers, these are risks.

So it's no wonder FBI Director Robert Mueller cites cybersecurity as a top reason he loses sleep, "right up there" with terrorism. Or that former Defense Secretary Leon Panetta regularly cited cyberattacks as one of the biggest national security risks.

 Given how scary all of this is, there have to be some great investing angles, right? There are, and here are my "Security Six," in two groups -- one is for the growth crowd, and the other pair -- are slowpoke old-timers in the sector that may bounce back as they roll out new products and revamp their businesses: The sizzling-growth plays are Sourcefire (FIRE), Palo Alto Networks (PANW), Fortinet (FTNT) and Imperva (IMPV). These intrusion fighters have the impressive 25% to 70% annual sales growth and rich valuations reminiscent of the tech boom.

The slowpoke old-timers with potential are Check Point Software Technologies (CHKP), which needs to keep rolling out new products to boost sales growth, margins and its stock, and Symantec (SYMC), which is going through a reorganization that may drive the stock higher.

Hold the emails -- I'm ruling out Intel (INTC), Cisco Systems (CSCO) and Juniper Networks (JNPR), all big players in this space, for good reason. Their exposure is so small, relative to what else they do, that they aren't clean plays. Plus, Juniper has been having problems producing successful offerings.

Michael Brush

Michael Brush

Before we dig into my Security Six, let's deal with the elephant in the room: If our tech geniuses are smart enough to bring us Google (GOOG) and the iPhone from Apple (AAPL), why the heck can't they keep the bad guys off our computers? That is worth understanding if you're investing in the sector. The answers suggest this business most likely will stay strong for years.

First, the cynical response is that if the security companies solved all the problems, they'd put themselves out of business. But that's too cute. Instead, chalk up the persistent security problems to these three trends, which aren't going away:

1. More open networks. As companies have gotten more Internet-savvy over the past 10 years, their computer networks have become more open. They link their networks to the computers of business partners. They store data in "the cloud," or server farms, often run by third parties. Mobile devices have morphed into minicomputers, so more employees are using their personal phones and tablets for work.

All that is good for business, but it gives the bad guys many more points of entry. When employees use smartphones for work, for example, sometimes the only thing protecting a corporate network is the easily cracked, four-digit phone password, points out Kip Meintzer, in charge of investor relations at Check Point.

Plus, we all love apps, and so they have taken off. But thisat just offers the bad guys more ways in. "Every time a new device or application is introduced to this extended network, it creates new opportunities for attackers," says Martin Roesch, the founder and interim CEO of Sourcefire.

2. Higher stakes. In the old days, "script kiddies" took down prominent websites for the bragging rights. But as sensitive business and government secrets moved online, along with access to cash in accounts, more thieves, mobsters and international spies are pouring big money into hiring the best talent to hack computers.

"The attackers are getting much more capable and skilled," Symantec CEO Stephen Bennett says. As more money funds the bad guys, "you literally have people that are custom-making these viruses specifically for one purpose within one company," says Meintzer says.

3. Rigged game. I have no doubt that the bad guys buy all the best computer defenses to study them -- to learn how to defeat them. But network cops get no advance look at the thieves' tool chests. So it's like a poker game, where only one side can see the other's cards. It's pretty easy to guess who has an edge in that game. "Attackers often know more about a target's network and its defenses than the company does," Roesch says.

All that seems to assure ongoing security attacks -- and therefore a steady flow of money into network security for years to come.

Cybersecurity is that rare area immune to government budget pressures, even to sequestration, says Aaron Schwartz, a computer security sector analyst with Jefferies Equity Research.

Now here's a closer look at my Security Six.

Palo Alto Networks

As a recent initial public offering, Palo Alto Networks is one of the hot new kids on the block in firewalls -- or perimeter defenses. It sells devices with software that lets companies watch and control who and what gets on their networks -- without bogging down the system.

Palo Alto's appliances see through evasive tactics and encryption to catch viruses, spyware and malware. Its specialty is examining apps -- a sweet spot in security.

"With the huge growth in apps, there's a greater security risk coming in through the app layer," Schwartz says.

Fourth-quarter sales grew an astonishing 70% as the company took business from such competitors as Check Point. It added more than 1,000 new customers, taking the customer count above 11,000. All that makes Palo Alto a potentially great investment, but there are risks.

At $55 a share, this stock trades at 11.8 times sales, compared with five times sales at Google. A rich valuation doesn't mean the stock can't go higher, given the sizzling growth. But it's one reason Schwartz has a neutral rating on the stock. BMO Capital Markets software analyst Karl Keirstead has a neutral rating, too, citing valuation, intense competition in the firewall business and a patent-infringement lawsuit filed by Juniper. The trial is scheduled for February 2014.


Sourcefire offers an intrusion detection and prevention system called Agile Security. It protects company networks from inside -- as opposed to at the perimeter. Think of it as a kind of second line of defense.

The company also has been expanding into firewalls and advanced anti-malware weapons. "It's very early for both of those areas, but Sourcefire is turning into a multiproduct company," Schwartz says. Growth here is hot. Sales advanced 35% last year, and the company recently guided for 25% percent sales growth this year.

That's one reason the valuation here is fairly rich, too. But there's another. "Because Sourcefire is growing so fast and intrusion prevention is sexy, Sourcefire is considered a likely acquisition target for a big firewall vendor that needs to kick-start growth," Keirstead says.

The company also has the biggest exposure to the federal government, which is a plus. "This demonstrates how good their technology is," says Dennis Wassung, a portfolio manager at Cabot Money Management, which owns the stock. "It's been big opportunity for them." Sales to the federal government grew 41% in the fourth quarter.

Expect more solid growth, because government network security spending is probably immune to budget pressures, says Schwartz, at Jefferies.

"We believe in the long run, we're going to continue to do well with the Feds," Sourcefire Chief Operating Officer Thomas McDonough said in the most recent conference call. Despite the valuation, Stifel Nicolaus analyst Todd Weller has a "buy" rating on the stock and a $64 price target. "We find it hard to be negative here, given recent growth trends," he says.