3/26/2013 5:45 PM ET|
6 ways to invest in cybersecurity
The stakes are high, and the effort to fend off hacker threats is still ramping up. These stocks stand to benefit.
Beyoncé's bank account info lands online, along with Michelle Obama's. Intruders break into the computers of the Federal Reserve.
Consumer websites of giants such as JPMorgan Chase (JPM) are shut down. Twitter gets hacked, exposing account passwords of a quarter-million people. Spies roam freely in New York Times (NYT) computers, presumably looking for story sources.
The list of shocking computer-security breaches goes on and on, and the stakes are high. So far, no one has shut down a power grid or messed with a nuclear reactor -- that we know of -- but given the prowess of global hackers, these are risks.
So it's no wonder FBI Director Robert Mueller cites cybersecurity as a top reason he loses sleep, "right up there" with terrorism. Or that former Defense Secretary Leon Panetta regularly cited cyberattacks as one of the biggest national security risks.
Given how scary all of this is, there have to be some great investing angles, right? There are, and here are my "Security Six," in two groups -- one is for the growth crowd, and the other pair -- are slowpoke old-timers in the sector that may bounce back as they roll out new products and revamp their businesses: The sizzling-growth plays are Sourcefire (FIRE), Palo Alto Networks (PANW), Fortinet (FTNT) and Imperva (IMPV). These intrusion fighters have the impressive 25% to 70% annual sales growth and rich valuations reminiscent of the tech boom.
The slowpoke old-timers with potential are Check Point Software Technologies (CHKP), which needs to keep rolling out new products to boost sales growth, margins and its stock, and Symantec (SYMC), which is going through a reorganization that may drive the stock higher.
Hold the emails -- I'm ruling out Intel (INTC), Cisco Systems (CSCO) and Juniper Networks (JNPR), all big players in this space, for good reason. Their exposure is so small, relative to what else they do, that they aren't clean plays. Plus, Juniper has been having problems producing successful offerings.
Before we dig into my Security Six, let's deal with the elephant in the room: If our tech geniuses are smart enough to bring us Google (GOOG) and the iPhone from Apple (AAPL), why the heck can't they keep the bad guys off our computers? That is worth understanding if you're investing in the sector. The answers suggest this business most likely will stay strong for years.
First, the cynical response is that if the security companies solved all the problems, they'd put themselves out of business. But that's too cute. Instead, chalk up the persistent security problems to these three trends, which aren't going away:
1. More open networks. As companies have gotten more Internet-savvy over the past 10 years, their computer networks have become more open. They link their networks to the computers of business partners. They store data in "the cloud," or server farms, often run by third parties. Mobile devices have morphed into minicomputers, so more employees are using their personal phones and tablets for work.
All that is good for business, but it gives the bad guys many more points of entry. When employees use smartphones for work, for example, sometimes the only thing protecting a corporate network is the easily cracked, four-digit phone password, points out Kip Meintzer, in charge of investor relations at Check Point.
Plus, we all love apps, and so they have taken off. But thisat just offers the bad guys more ways in. "Every time a new device or application is introduced to this extended network, it creates new opportunities for attackers," says Martin Roesch, the founder and interim CEO of Sourcefire.
2. Higher stakes. In the old days, "script kiddies" took down prominent websites for the bragging rights. But as sensitive business and government secrets moved online, along with access to cash in accounts, more thieves, mobsters and international spies are pouring big money into hiring the best talent to hack computers.
"The attackers are getting much more capable and skilled," Symantec CEO Stephen Bennett says. As more money funds the bad guys, "you literally have people that are custom-making these viruses specifically for one purpose within one company," says Meintzer says.
3. Rigged game. I have no doubt that the bad guys buy all the best computer defenses to study them -- to learn how to defeat them. But network cops get no advance look at the thieves' tool chests. So it's like a poker game, where only one side can see the other's cards. It's pretty easy to guess who has an edge in that game. "Attackers often know more about a target's network and its defenses than the company does," Roesch says.
All that seems to assure ongoing security attacks -- and therefore a steady flow of money into network security for years to come.
Cybersecurity is that rare area immune to government budget pressures, even to sequestration, says Aaron Schwartz, a computer security sector analyst with Jefferies Equity Research.
Now here's a closer look at my Security Six.
Palo Alto Networks
As a recent initial public offering, Palo Alto Networks is one of the hot new kids on the block in firewalls -- or perimeter defenses. It sells devices with software that lets companies watch and control who and what gets on their networks -- without bogging down the system.
Palo Alto's appliances see through evasive tactics and encryption to catch viruses, spyware and malware. Its specialty is examining apps -- a sweet spot in security.
"With the huge growth in apps, there's a greater security risk coming in through the app layer," Schwartz says.
Fourth-quarter sales grew an astonishing 70% as the company took business from such competitors as Check Point. It added more than 1,000 new customers, taking the customer count above 11,000. All that makes Palo Alto a potentially great investment, but there are risks.
At $55 a share, this stock trades at 11.8 times sales, compared with five times sales at Google. A rich valuation doesn't mean the stock can't go higher, given the sizzling growth. But it's one reason Schwartz has a neutral rating on the stock. BMO Capital Markets software analyst Karl Keirstead has a neutral rating, too, citing valuation, intense competition in the firewall business and a patent-infringement lawsuit filed by Juniper. The trial is scheduled for February 2014.
Sourcefire offers an intrusion detection and prevention system called Agile Security. It protects company networks from inside -- as opposed to at the perimeter. Think of it as a kind of second line of defense.
The company also has been expanding into firewalls and advanced anti-malware weapons. "It's very early for both of those areas, but Sourcefire is turning into a multiproduct company," Schwartz says. Growth here is hot. Sales advanced 35% last year, and the company recently guided for 25% percent sales growth this year.
That's one reason the valuation here is fairly rich, too. But there's another. "Because Sourcefire is growing so fast and intrusion prevention is sexy, Sourcefire is considered a likely acquisition target for a big firewall vendor that needs to kick-start growth," Keirstead says.
The company also has the biggest exposure to the federal government, which is a plus. "This demonstrates how good their technology is," says Dennis Wassung, a portfolio manager at Cabot Money Management, which owns the stock. "It's been big opportunity for them." Sales to the federal government grew 41% in the fourth quarter.
Expect more solid growth, because government network security spending is probably immune to budget pressures, says Schwartz, at Jefferies.
"We believe in the long run, we're going to continue to do well with the Feds," Sourcefire Chief Operating Officer Thomas McDonough said in the most recent conference call. Despite the valuation, Stifel Nicolaus analyst Todd Weller has a "buy" rating on the stock and a $64 price target. "We find it hard to be negative here, given recent growth trends," he says.
VIDEO ON MSN MONEY
I too use Eset Smart Security. I've been playing with computers since my Radio Shack Model 64, then next a monster size IBM AT with a 30 MB Hard drive, and every computer after that has been bigger and better and cheaper than the one before. I'm on, maybe, my 20th computer.
Anyway, over the years, I used Symantec for quite awhile until it really jammed up a computer and after, too long, trying to fix it, I discovered in Symantec's stupid Knowledge Base that you shouldn't load Symantec on a partitioned drive. Since Symantec doesn't seem to protect the mildly stupid, I moved on to various freebies and learned you get what you pay for. So at some point I tried McAfee and as my un-punctuating friend BBQ GRITS says "you perverts don't watch porn" I got a virus chasing jokes probably into porn sites.
So basically now, I've tried a lot of Anti-virus, anti scumware and been with Eset now for several years. Communicating with friends, relatives, clients and several hundred old Nam veterans like myself, I've been sent virus, and wandered into porn but Eset has been as good as any Trojan and I'm sticking with it. The good kind of Trojan that is!
Symantec at one point before my Symantec disaster, was on to a neat thing where I could see who was attacking or pinging me. A lot came from countries in Europe, break away Russian countries that we never gave a thought too.
What would be neat is if the anti-virus could send a worse attack back and blow up the bad guys computer, you know, like in the movies. .
Oops, I got playing with the comment people.
You have a good thought, but, I'm liking Cisco and Intel, because while I wait I get a half decent dividend. Symantec and Palo Alto pay no dividend so I'll pass.
And if your read my other comment, Symantec hurt me, so I'm not going to go back in the yard with the dog that bit me. It's like in the food store. I'll often buy the Shoprite Brand and test it, if I like well the heck with the Premium stuff. Birdseye stopped making frozen stringbeans with almonds, so I'm not buying Birdseye. Turkey Hill repackaged their Phila Vanila and renamed it and now it's some expensive Premium Brand that Shoprite doesn't want to put on sale, so back to Breyers. And Hillshire Farms stopped making the best Bratwurst I've had in the USA so there's no sense buying Hillshire Farms, cept maybe for the Beef Sausage on the grill. All these companies that double cross me must now face my one man boycott and continued bad mouthing and that includes Symantec.
Why can't the companies end malicious hacking? Far from "they're just trying to keep in business", there's a more fundamental problem. Dealing with security vulnerabilities isn't the same as fixing bugs, or offering up a feature people would want. One's having to fight a human intellect, which could be as smart, or smarter then one's self...
The problem is simple, hackers can learn too, and they can become better at finding ways to exploit and break software. One isn't dealing with a fixed quantity, like a bug in software, where if one just cleans up the code, all will work fine. People don't follow scripts (if they're not script kiddies), and they're not a constant. As they become increasingly better at something; if one's at odds with, and trying to defeat the efforts of another person, they're then having to deal with a moving goal post. Programming a machine, or cleaning up one's code would be easier then trying to defeat another thinking human being, who is capable of learning and transcending their own abilities of the past (aka constantly getting better), who can also adapt and change when the need is perceived, who is determined to break one's code and defeat all attempts to deter them. The machine is a constant, once programmed, there you have it, unless/until that code is patched/updated. A living human mind is not as such. Not if one doesn't have learning machines, or self adaptive technology, which of course we don't... One's having to fight another person, who is not necessarily any less smart, or adept, then one's self...
But as these things can go, and knowing that "perfect security" is not necessarily possible (short of unplugging the computer, and having no network access at all), a lot of it can come down to risk analysis. If a thief is trying to break into a house, and the guy down the street has no locks on his door, and one installs locks on their door; the thief would arguably be deterred from trying to break into one's own house, if they could just walk into the neighbors house with much less effort and get what they want. Unless of course, there's something in one's own house, that is far more valuable to them, to be worth that extra effort. Honey pots and the like could also help, for directing their attention, if they don't know it's a honey pot. But in either case, one is battling another human intellect, so pretty much a lot does come down to risk analysis, and trying to make it not worth their effort, relative to what they could find, so the motivation wouldn't be there. If someone pesters someone else, and in so doing ends up wasting their time as they find nothing of value, it gets the hacker off their back.... If they can be directed to a honey pot, it would allow them to be tracked, and information to be gathered on the attack, so one could learn from it, and devise a means to help improve one's own security, in the future... While also giving them a bunch of useless data/honey, which would serve more the purpose of disinformation, rather then being something legit...
1. Why is the "hacker" wearing a ski-mask and leather gloves? Is he worried about leaving finger print's on the laptop he has on a desk in his apartment? Which he has happend to live in for a few months, playing bill's to the landlord, and signed some paper-work.
2. Why is he looking so intensly at his Backdrop? (or is that his screen-saver?) Should'nt he be hacking something?
3. What kind of lights does he have in his house, Spotlights? I personnally would invest in a light that lit up the room. It'd be nice to see where I'm going when I go to get a Mt. Dew.
I think this is best business that secure you, your business and in security mode you get better return than other businesses.
Training, Penetration Testing and bug bounty third party programs are wonderful if we proceed them as professional market elements.
The companies cannot end hacking, it is a circle. If all the hackers stop messing around then the companies that produce antivirus and programs such as the listed above would go to bankrupt. Someone is interested in keeping hackers busy and alive.
still waiting on the zombie apokolypse
Your always under powered ! Is it any wonder that big problems like hackers can exist!!!!!!!!
Why can't finger print or the eye technology be implanted to fend off these problems,
this technology has been around been around for some time and seems to be a tough thing
for hackers to penetrate a system if it's implemented correctly!
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
[BRIEFING.COM] The stock market finished the Thursday session on a higher note with the S&P 500 climbing 0.5%. The benchmark index registered an early high within the first 90 minutes and inched to a new session best during the final hour of the action.
Equities rallied out of the gate with the financial sector (+1.1%) providing noteworthy support for the second day in a row. The growth-oriented sector extended its September gain to 1.9% versus a more modest uptick of 0.4% for the ... More
More Market News
|There’s a problem getting this information right now. Please try again later.|
MUST-SEE ON MSN
- Video: Easy DIY smoked meats at home
A charcuterie master shares his process for cold-smoking meat at home.
- Jetpacks about to go mainstream
- Weird things covered by home insurance
- Bing: 70 percent of adults report 'digital eye strain'