Image: Computer hacker © Gunay Mutlu, Getty Images

Beyoncé's bank account info lands online, along with Michelle Obama's. Intruders break into the computers of the Federal Reserve.

Consumer websites of giants such as JPMorgan Chase (JPM) are shut down. Twitter gets hacked, exposing account passwords of a quarter-million people. Spies roam freely in New York Times (NYT) computers, presumably looking for story sources.

The list of shocking computer-security breaches goes on and on, and the stakes are high. So far, no one has shut down a power grid or messed with a nuclear reactor -- that we know of -- but given the prowess of global hackers, these are risks.

So it's no wonder FBI Director Robert Mueller cites cybersecurity as a top reason he loses sleep, "right up there" with terrorism. Or that former Defense Secretary Leon Panetta regularly cited cyberattacks as one of the biggest national security risks.

 Given how scary all of this is, there have to be some great investing angles, right? There are, and here are my "Security Six," in two groups -- one is for the growth crowd, and the other pair -- are slowpoke old-timers in the sector that may bounce back as they roll out new products and revamp their businesses: The sizzling-growth plays are Sourcefire (FIRE), Palo Alto Networks (PANW), Fortinet (FTNT) and Imperva (IMPV). These intrusion fighters have the impressive 25% to 70% annual sales growth and rich valuations reminiscent of the tech boom.

The slowpoke old-timers with potential are Check Point Software Technologies (CHKP), which needs to keep rolling out new products to boost sales growth, margins and its stock, and Symantec (SYMC), which is going through a reorganization that may drive the stock higher.

Hold the emails -- I'm ruling out Intel (INTC), Cisco Systems (CSCO) and Juniper Networks (JNPR), all big players in this space, for good reason. Their exposure is so small, relative to what else they do, that they aren't clean plays. Plus, Juniper has been having problems producing successful offerings.

Michael Brush

Michael Brush

Before we dig into my Security Six, let's deal with the elephant in the room: If our tech geniuses are smart enough to bring us Google (GOOG) and the iPhone from Apple (AAPL), why the heck can't they keep the bad guys off our computers? That is worth understanding if you're investing in the sector. The answers suggest this business most likely will stay strong for years.

First, the cynical response is that if the security companies solved all the problems, they'd put themselves out of business. But that's too cute. Instead, chalk up the persistent security problems to these three trends, which aren't going away:

1. More open networks. As companies have gotten more Internet-savvy over the past 10 years, their computer networks have become more open. They link their networks to the computers of business partners. They store data in "the cloud," or server farms, often run by third parties. Mobile devices have morphed into minicomputers, so more employees are using their personal phones and tablets for work.

All that is good for business, but it gives the bad guys many more points of entry. When employees use smartphones for work, for example, sometimes the only thing protecting a corporate network is the easily cracked, four-digit phone password, points out Kip Meintzer, in charge of investor relations at Check Point.

Plus, we all love apps, and so they have taken off. But thisat just offers the bad guys more ways in. "Every time a new device or application is introduced to this extended network, it creates new opportunities for attackers," says Martin Roesch, the founder and interim CEO of Sourcefire.

2. Higher stakes. In the old days, "script kiddies" took down prominent websites for the bragging rights. But as sensitive business and government secrets moved online, along with access to cash in accounts, more thieves, mobsters and international spies are pouring big money into hiring the best talent to hack computers.

"The attackers are getting much more capable and skilled," Symantec CEO Stephen Bennett says. As more money funds the bad guys, "you literally have people that are custom-making these viruses specifically for one purpose within one company," says Meintzer says.

3. Rigged game. I have no doubt that the bad guys buy all the best computer defenses to study them -- to learn how to defeat them. But network cops get no advance look at the thieves' tool chests. So it's like a poker game, where only one side can see the other's cards. It's pretty easy to guess who has an edge in that game. "Attackers often know more about a target's network and its defenses than the company does," Roesch says.

All that seems to assure ongoing security attacks -- and therefore a steady flow of money into network security for years to come.

Cybersecurity is that rare area immune to government budget pressures, even to sequestration, says Aaron Schwartz, a computer security sector analyst with Jefferies Equity Research.

Now here's a closer look at my Security Six.

Palo Alto Networks

As a recent initial public offering, Palo Alto Networks is one of the hot new kids on the block in firewalls -- or perimeter defenses. It sells devices with software that lets companies watch and control who and what gets on their networks -- without bogging down the system.

Palo Alto's appliances see through evasive tactics and encryption to catch viruses, spyware and malware. Its specialty is examining apps -- a sweet spot in security.

"With the huge growth in apps, there's a greater security risk coming in through the app layer," Schwartz says.

Fourth-quarter sales grew an astonishing 70% as the company took business from such competitors as Check Point. It added more than 1,000 new customers, taking the customer count above 11,000. All that makes Palo Alto a potentially great investment, but there are risks.

At $55 a share, this stock trades at 11.8 times sales, compared with five times sales at Google. A rich valuation doesn't mean the stock can't go higher, given the sizzling growth. But it's one reason Schwartz has a neutral rating on the stock. BMO Capital Markets software analyst Karl Keirstead has a neutral rating, too, citing valuation, intense competition in the firewall business and a patent-infringement lawsuit filed by Juniper. The trial is scheduled for February 2014.


Sourcefire offers an intrusion detection and prevention system called Agile Security. It protects company networks from inside -- as opposed to at the perimeter. Think of it as a kind of second line of defense.

The company also has been expanding into firewalls and advanced anti-malware weapons. "It's very early for both of those areas, but Sourcefire is turning into a multiproduct company," Schwartz says. Growth here is hot. Sales advanced 35% last year, and the company recently guided for 25% percent sales growth this year.

That's one reason the valuation here is fairly rich, too. But there's another. "Because Sourcefire is growing so fast and intrusion prevention is sexy, Sourcefire is considered a likely acquisition target for a big firewall vendor that needs to kick-start growth," Keirstead says.

The company also has the biggest exposure to the federal government, which is a plus. "This demonstrates how good their technology is," says Dennis Wassung, a portfolio manager at Cabot Money Management, which owns the stock. "It's been big opportunity for them." Sales to the federal government grew 41% in the fourth quarter.

Expect more solid growth, because government network security spending is probably immune to budget pressures, says Schwartz, at Jefferies.

"We believe in the long run, we're going to continue to do well with the Feds," Sourcefire Chief Operating Officer Thomas McDonough said in the most recent conference call. Despite the valuation, Stifel Nicolaus analyst Todd Weller has a "buy" rating on the stock and a $64 price target. "We find it hard to be negative here, given recent growth trends," he says.


This company offers what's known as unified threat management. That means protection at the edge of a network through a firewall, inside through intrusion detection and protection, and by way of an arsenal of weapons that fight against spam, viruses and malware.

"They try to bundle as many apps on a single piece of hardware as possible," Schwartz says. Its main product line, called FortiGate, includes customized chips that help prevent the security tasks from bogging down networks. Fortinet typically serves midsize companies, but it's trying to sell to bigger businesses. It's also rolling out new products.

Business is robust. Fortinet posted 25% sales growth in the fourth quarter, and the company upped 2013 guidance to 18% sales growth, one reason William Blair analyst Jonathan Ho has an "outperform" rating on the stock. Weller, at Stifel, has a "buy" rating and a $28 price target on Fortinet stock, which recently sold for about $23.


A 2011 IPO, Imperva offers security that protects apps, documents and other content stored in data centers. Sales grew 36% in the fourth quarter, and the company guided for 26% to 30% sales growth in 2013.

Customers look at Imperva products as complementing their overall security defenses, says Wassung of Cabot Money Management, which owns the stock. "So Imperva is not necessarily competing with the traditional security companies."

The stock has had a strong run since November, rising to about $37.70 from around $28, and, with a price-to-sales ratio of around 9, it looks fairly rich. One risk is that in a serious market pullback, Imperva might get hit harder, Wassung says. Analysts have a consensus $40 price target on the stock, according to Thomson One Analytics.

Check Point Software Technologies

Founded in 1993, Check Point has been losing share to relative upstarts such as Palo Alto Networks. Check Point also has been offering less-expensive variations on firewall protection to which its own customers are trading down. All that has been weighing on margins and sales, which grew at a modest 3.3% in the fourth quarter.

But don't count Check Point out just yet, says Schwartz, who has a "buy" rating on the stock. Check Point is rolling out new products -- such as anti-bot weapons; "threat emulation" products, which look closely at the effect of incoming software before letting it through; and protection for individual computer devices such as smartphones and iPads.

"We continue to believe that competitive concerns are overblown," says Weller at Stifel Nicolaus, who has a buy rating and a $55 price target on the stock, which recently sold for about $47.

Next, Check Point has a boatload of cash, or $1.5 billion, and it's looking to do acquisitions to boost growth. Here's another plus that's a bit technical, but important. Accounting rules have artificially hit results by forcing the company to defer a portion of sales revenue on new software offerings. But that negative effect will continue to recede as more of those new products turn 1 year old -- which means some of that deferred revenue starts hitting the books.


You may know Symantec, founded in 1982, because of its popular Norton line of PC security software. Symantec also offers IT security for companies. But it doesn't offer network security, one reason Symantec has foundered for much of the past seven years, its stock stuck in the $15 to $20 range for most of that time.

The stock finally broke out of that range and took off to hit $25 in January, after CEO Bennett announced a three-part overhaul of the company. He wants to, 1) boost margins by cutting costs, 2) boost sales growth to 5% and 3) return more cash to shareholders through buybacks and a dividend.

"A lot of the pieces are in place, but the work has to be done, and that is central to the thesis now," says Schwartz at Jefferies, who has a "buy" rating on the stock.

"Basically, as I sat on the board, I realized that this was a company that had great assets but no strategy," says Bennett, who hopes to change that.

Bennett brings some good experience to the table; he worked at General Electric (GE) for 23 years and was CEO at Intuit (INTU) for seven years. Bennett's basic strategy is to overcome Symantec's failure to integrate products acquired over the years in acquisitions. To do so, he wants to bundle them into "suites" of products, to boost sales.

Signs that Bennett is having success could boost the stock an additional $5 to $30, says Barclays analyst Raimo Lenschow, who has an "overweight" rating on the stock.

Click here to become a fan of MSN Money on Facebook

No guarantees, but then again, it's a risk to take anything for granted in the wily world of hackers and computer security.

At the time of publication, Michael Brush did not own or control shares of any company mentioned in this column. Brush is the editor of Brush Up on Stocks, an investment newsletter.

Michael Brush is the editor of Brush Up on Stocks, an investment newsletter. Click here to find Brush's most recent articles and blog posts.