3/26/2013 5:45 PM ET|
6 ways to invest in cybersecurity
The stakes are high, and the effort to fend off hacker threats is still ramping up. These stocks stand to benefit.
Beyoncé's bank account info lands online, along with Michelle Obama's. Intruders break into the computers of the Federal Reserve.
Consumer websites of giants such as JPMorgan Chase (JPM) are shut down. Twitter gets hacked, exposing account passwords of a quarter-million people. Spies roam freely in New York Times (NYT) computers, presumably looking for story sources.
The list of shocking computer-security breaches goes on and on, and the stakes are high. So far, no one has shut down a power grid or messed with a nuclear reactor -- that we know of -- but given the prowess of global hackers, these are risks.
So it's no wonder FBI Director Robert Mueller cites cybersecurity as a top reason he loses sleep, "right up there" with terrorism. Or that former Defense Secretary Leon Panetta regularly cited cyberattacks as one of the biggest national security risks.
Given how scary all of this is, there have to be some great investing angles, right? There are, and here are my "Security Six," in two groups -- one is for the growth crowd, and the other pair -- are slowpoke old-timers in the sector that may bounce back as they roll out new products and revamp their businesses: The sizzling-growth plays are Sourcefire (FIRE), Palo Alto Networks (PANW), Fortinet (FTNT) and Imperva (IMPV). These intrusion fighters have the impressive 25% to 70% annual sales growth and rich valuations reminiscent of the tech boom.
The slowpoke old-timers with potential are Check Point Software Technologies (CHKP), which needs to keep rolling out new products to boost sales growth, margins and its stock, and Symantec (SYMC), which is going through a reorganization that may drive the stock higher.
Hold the emails -- I'm ruling out Intel (INTC), Cisco Systems (CSCO) and Juniper Networks (JNPR), all big players in this space, for good reason. Their exposure is so small, relative to what else they do, that they aren't clean plays. Plus, Juniper has been having problems producing successful offerings.
Before we dig into my Security Six, let's deal with the elephant in the room: If our tech geniuses are smart enough to bring us Google (GOOG) and the iPhone from Apple (AAPL), why the heck can't they keep the bad guys off our computers? That is worth understanding if you're investing in the sector. The answers suggest this business most likely will stay strong for years.
First, the cynical response is that if the security companies solved all the problems, they'd put themselves out of business. But that's too cute. Instead, chalk up the persistent security problems to these three trends, which aren't going away:
1. More open networks. As companies have gotten more Internet-savvy over the past 10 years, their computer networks have become more open. They link their networks to the computers of business partners. They store data in "the cloud," or server farms, often run by third parties. Mobile devices have morphed into minicomputers, so more employees are using their personal phones and tablets for work.
All that is good for business, but it gives the bad guys many more points of entry. When employees use smartphones for work, for example, sometimes the only thing protecting a corporate network is the easily cracked, four-digit phone password, points out Kip Meintzer, in charge of investor relations at Check Point.
Plus, we all love apps, and so they have taken off. But thisat just offers the bad guys more ways in. "Every time a new device or application is introduced to this extended network, it creates new opportunities for attackers," says Martin Roesch, the founder and interim CEO of Sourcefire.
2. Higher stakes. In the old days, "script kiddies" took down prominent websites for the bragging rights. But as sensitive business and government secrets moved online, along with access to cash in accounts, more thieves, mobsters and international spies are pouring big money into hiring the best talent to hack computers.
"The attackers are getting much more capable and skilled," Symantec CEO Stephen Bennett says. As more money funds the bad guys, "you literally have people that are custom-making these viruses specifically for one purpose within one company," says Meintzer says.
3. Rigged game. I have no doubt that the bad guys buy all the best computer defenses to study them -- to learn how to defeat them. But network cops get no advance look at the thieves' tool chests. So it's like a poker game, where only one side can see the other's cards. It's pretty easy to guess who has an edge in that game. "Attackers often know more about a target's network and its defenses than the company does," Roesch says.
All that seems to assure ongoing security attacks -- and therefore a steady flow of money into network security for years to come.
Cybersecurity is that rare area immune to government budget pressures, even to sequestration, says Aaron Schwartz, a computer security sector analyst with Jefferies Equity Research.
Now here's a closer look at my Security Six.
Palo Alto Networks
As a recent initial public offering, Palo Alto Networks is one of the hot new kids on the block in firewalls -- or perimeter defenses. It sells devices with software that lets companies watch and control who and what gets on their networks -- without bogging down the system.
Palo Alto's appliances see through evasive tactics and encryption to catch viruses, spyware and malware. Its specialty is examining apps -- a sweet spot in security.
"With the huge growth in apps, there's a greater security risk coming in through the app layer," Schwartz says.
Fourth-quarter sales grew an astonishing 70% as the company took business from such competitors as Check Point. It added more than 1,000 new customers, taking the customer count above 11,000. All that makes Palo Alto a potentially great investment, but there are risks.
At $55 a share, this stock trades at 11.8 times sales, compared with five times sales at Google. A rich valuation doesn't mean the stock can't go higher, given the sizzling growth. But it's one reason Schwartz has a neutral rating on the stock. BMO Capital Markets software analyst Karl Keirstead has a neutral rating, too, citing valuation, intense competition in the firewall business and a patent-infringement lawsuit filed by Juniper. The trial is scheduled for February 2014.
Sourcefire offers an intrusion detection and prevention system called Agile Security. It protects company networks from inside -- as opposed to at the perimeter. Think of it as a kind of second line of defense.
The company also has been expanding into firewalls and advanced anti-malware weapons. "It's very early for both of those areas, but Sourcefire is turning into a multiproduct company," Schwartz says. Growth here is hot. Sales advanced 35% last year, and the company recently guided for 25% percent sales growth this year.
That's one reason the valuation here is fairly rich, too. But there's another. "Because Sourcefire is growing so fast and intrusion prevention is sexy, Sourcefire is considered a likely acquisition target for a big firewall vendor that needs to kick-start growth," Keirstead says.
The company also has the biggest exposure to the federal government, which is a plus. "This demonstrates how good their technology is," says Dennis Wassung, a portfolio manager at Cabot Money Management, which owns the stock. "It's been big opportunity for them." Sales to the federal government grew 41% in the fourth quarter.
Expect more solid growth, because government network security spending is probably immune to budget pressures, says Schwartz, at Jefferies.
"We believe in the long run, we're going to continue to do well with the Feds," Sourcefire Chief Operating Officer Thomas McDonough said in the most recent conference call. Despite the valuation, Stifel Nicolaus analyst Todd Weller has a "buy" rating on the stock and a $64 price target. "We find it hard to be negative here, given recent growth trends," he says.
This company offers what's known as unified threat management. That means protection at the edge of a network through a firewall, inside through intrusion detection and protection, and by way of an arsenal of weapons that fight against spam, viruses and malware.
"They try to bundle as many apps on a single piece of hardware as possible," Schwartz says. Its main product line, called FortiGate, includes customized chips that help prevent the security tasks from bogging down networks. Fortinet typically serves midsize companies, but it's trying to sell to bigger businesses. It's also rolling out new products.
Business is robust. Fortinet posted 25% sales growth in the fourth quarter, and the company upped 2013 guidance to 18% sales growth, one reason William Blair analyst Jonathan Ho has an "outperform" rating on the stock. Weller, at Stifel, has a "buy" rating and a $28 price target on Fortinet stock, which recently sold for about $23.
A 2011 IPO, Imperva offers security that protects apps, documents and other content stored in data centers. Sales grew 36% in the fourth quarter, and the company guided for 26% to 30% sales growth in 2013.
Customers look at Imperva products as complementing their overall security defenses, says Wassung of Cabot Money Management, which owns the stock. "So Imperva is not necessarily competing with the traditional security companies."
The stock has had a strong run since November, rising to about $37.70 from around $28, and, with a price-to-sales ratio of around 9, it looks fairly rich. One risk is that in a serious market pullback, Imperva might get hit harder, Wassung says. Analysts have a consensus $40 price target on the stock, according to Thomson One Analytics.
Check Point Software Technologies
Founded in 1993, Check Point has been losing share to relative upstarts such as Palo Alto Networks. Check Point also has been offering less-expensive variations on firewall protection to which its own customers are trading down. All that has been weighing on margins and sales, which grew at a modest 3.3% in the fourth quarter.
But don't count Check Point out just yet, says Schwartz, who has a "buy" rating on the stock. Check Point is rolling out new products -- such as anti-bot weapons; "threat emulation" products, which look closely at the effect of incoming software before letting it through; and protection for individual computer devices such as smartphones and iPads.
"We continue to believe that competitive concerns are overblown," says Weller at Stifel Nicolaus, who has a buy rating and a $55 price target on the stock, which recently sold for about $47.
Next, Check Point has a boatload of cash, or $1.5 billion, and it's looking to do acquisitions to boost growth. Here's another plus that's a bit technical, but important. Accounting rules have artificially hit results by forcing the company to defer a portion of sales revenue on new software offerings. But that negative effect will continue to recede as more of those new products turn 1 year old -- which means some of that deferred revenue starts hitting the books.
You may know Symantec, founded in 1982, because of its popular Norton line of PC security software. Symantec also offers IT security for companies. But it doesn't offer network security, one reason Symantec has foundered for much of the past seven years, its stock stuck in the $15 to $20 range for most of that time.
The stock finally broke out of that range and took off to hit $25 in January, after CEO Bennett announced a three-part overhaul of the company. He wants to, 1) boost margins by cutting costs, 2) boost sales growth to 5% and 3) return more cash to shareholders through buybacks and a dividend.
"A lot of the pieces are in place, but the work has to be done, and that is central to the thesis now," says Schwartz at Jefferies, who has a "buy" rating on the stock.
"Basically, as I sat on the board, I realized that this was a company that had great assets but no strategy," says Bennett, who hopes to change that.
Bennett brings some good experience to the table; he worked at General Electric (GE) for 23 years and was CEO at Intuit (INTU) for seven years. Bennett's basic strategy is to overcome Symantec's failure to integrate products acquired over the years in acquisitions. To do so, he wants to bundle them into "suites" of products, to boost sales.
Signs that Bennett is having success could boost the stock an additional $5 to $30, says Barclays analyst Raimo Lenschow, who has an "overweight" rating on the stock.
No guarantees, but then again, it's a risk to take anything for granted in the wily world of hackers and computer security.
At the time of publication, Michael Brush did not own or control shares of any company mentioned in this column. Brush is the editor of Brush Up on Stocks, an investment newsletter.
Michael Brush is the editor of Brush Up on Stocks, an investment newsletter. Click here to find Brush's most recent articles and blog posts.
Michael Brush is the editor of Brush Up on Stocks, an investment newsletter. Click here to find Brush's most recent articles and blog posts.
VIDEO ON MSN MONEY
I too use Eset Smart Security. I've been playing with computers since my Radio Shack Model 64, then next a monster size IBM AT with a 30 MB Hard drive, and every computer after that has been bigger and better and cheaper than the one before. I'm on, maybe, my 20th computer.
Anyway, over the years, I used Symantec for quite awhile until it really jammed up a computer and after, too long, trying to fix it, I discovered in Symantec's stupid Knowledge Base that you shouldn't load Symantec on a partitioned drive. Since Symantec doesn't seem to protect the mildly stupid, I moved on to various freebies and learned you get what you pay for. So at some point I tried McAfee and as my un-punctuating friend BBQ GRITS says "you perverts don't watch porn" I got a virus chasing jokes probably into porn sites.
So basically now, I've tried a lot of Anti-virus, anti scumware and been with Eset now for several years. Communicating with friends, relatives, clients and several hundred old Nam veterans like myself, I've been sent virus, and wandered into porn but Eset has been as good as any Trojan and I'm sticking with it. The good kind of Trojan that is!
Symantec at one point before my Symantec disaster, was on to a neat thing where I could see who was attacking or pinging me. A lot came from countries in Europe, break away Russian countries that we never gave a thought too.
What would be neat is if the anti-virus could send a worse attack back and blow up the bad guys computer, you know, like in the movies. .
Oops, I got playing with the comment people.
You have a good thought, but, I'm liking Cisco and Intel, because while I wait I get a half decent dividend. Symantec and Palo Alto pay no dividend so I'll pass.
And if your read my other comment, Symantec hurt me, so I'm not going to go back in the yard with the dog that bit me. It's like in the food store. I'll often buy the Shoprite Brand and test it, if I like well the heck with the Premium stuff. Birdseye stopped making frozen stringbeans with almonds, so I'm not buying Birdseye. Turkey Hill repackaged their Phila Vanila and renamed it and now it's some expensive Premium Brand that Shoprite doesn't want to put on sale, so back to Breyers. And Hillshire Farms stopped making the best Bratwurst I've had in the USA so there's no sense buying Hillshire Farms, cept maybe for the Beef Sausage on the grill. All these companies that double cross me must now face my one man boycott and continued bad mouthing and that includes Symantec.
Why can't the companies end malicious hacking? Far from "they're just trying to keep in business", there's a more fundamental problem. Dealing with security vulnerabilities isn't the same as fixing bugs, or offering up a feature people would want. One's having to fight a human intellect, which could be as smart, or smarter then one's self...
The problem is simple, hackers can learn too, and they can become better at finding ways to exploit and break software. One isn't dealing with a fixed quantity, like a bug in software, where if one just cleans up the code, all will work fine. People don't follow scripts (if they're not script kiddies), and they're not a constant. As they become increasingly better at something; if one's at odds with, and trying to defeat the efforts of another person, they're then having to deal with a moving goal post. Programming a machine, or cleaning up one's code would be easier then trying to defeat another thinking human being, who is capable of learning and transcending their own abilities of the past (aka constantly getting better), who can also adapt and change when the need is perceived, who is determined to break one's code and defeat all attempts to deter them. The machine is a constant, once programmed, there you have it, unless/until that code is patched/updated. A living human mind is not as such. Not if one doesn't have learning machines, or self adaptive technology, which of course we don't... One's having to fight another person, who is not necessarily any less smart, or adept, then one's self...
But as these things can go, and knowing that "perfect security" is not necessarily possible (short of unplugging the computer, and having no network access at all), a lot of it can come down to risk analysis. If a thief is trying to break into a house, and the guy down the street has no locks on his door, and one installs locks on their door; the thief would arguably be deterred from trying to break into one's own house, if they could just walk into the neighbors house with much less effort and get what they want. Unless of course, there's something in one's own house, that is far more valuable to them, to be worth that extra effort. Honey pots and the like could also help, for directing their attention, if they don't know it's a honey pot. But in either case, one is battling another human intellect, so pretty much a lot does come down to risk analysis, and trying to make it not worth their effort, relative to what they could find, so the motivation wouldn't be there. If someone pesters someone else, and in so doing ends up wasting their time as they find nothing of value, it gets the hacker off their back.... If they can be directed to a honey pot, it would allow them to be tracked, and information to be gathered on the attack, so one could learn from it, and devise a means to help improve one's own security, in the future... While also giving them a bunch of useless data/honey, which would serve more the purpose of disinformation, rather then being something legit...
1. Why is the "hacker" wearing a ski-mask and leather gloves? Is he worried about leaving finger print's on the laptop he has on a desk in his apartment? Which he has happend to live in for a few months, playing bill's to the landlord, and signed some paper-work.
2. Why is he looking so intensly at his Backdrop? (or is that his screen-saver?) Should'nt he be hacking something?
3. What kind of lights does he have in his house, Spotlights? I personnally would invest in a light that lit up the room. It'd be nice to see where I'm going when I go to get a Mt. Dew.
I think this is best business that secure you, your business and in security mode you get better return than other businesses.
Training, Penetration Testing and bug bounty third party programs are wonderful if we proceed them as professional market elements.
The companies cannot end hacking, it is a circle. If all the hackers stop messing around then the companies that produce antivirus and programs such as the listed above would go to bankrupt. Someone is interested in keeping hackers busy and alive.
still waiting on the zombie apokolypse
Your always under powered ! Is it any wonder that big problems like hackers can exist!!!!!!!!
Why can't finger print or the eye technology be implanted to fend off these problems,
this technology has been around been around for some time and seems to be a tough thing
for hackers to penetrate a system if it's implemented correctly!
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.
[BRIEFING.COM] The stock market began the last week of July on a quiet note with the S&P 500 ending less than a point above its flat line. Like the benchmark index, the Dow Jones Industrial Average (+0.1%) also posted a slim gain, while the Russell 2000 (-0.5%) and Nasdaq Composite (-0.1%) lagged throughout the session.
The major averages were awakened from their weekend slumber with an opening retreat that pressured the S&P 500 below its 20-day moving average (1975). Even though ... More
More Market News
|There’s a problem getting this information right now. Please try again later.|
MUST-SEE ON MSN
- Video: Easy DIY smoked meats at home
A charcuterie master shares his process for cold-smoking meat at home.
- Jetpacks about to go mainstream
- Weird things covered by home insurance
- Bing: 70 percent of adults report 'digital eye strain'