This Friday November 1st, we will be pitching a cyber security stock known as CHKP. In the article below you can read about CHKP and other competitors. It is a fascinating growth industry and should be a great addition to our portfolio.
BARRONS ARTICLE: July 20th, 2013
Technology spending is booming in one area—protecting against hacking. Three stocks that could climb nicely.
Terrorism is no longer the biggest security threat facing our nation. Intelligence officials now put a more nebulous threat at the top of the list: Cyberattacks waged by anonymous hackers around the world with various motives, sometimes backed by nation-states.
Hackers are pilfering $250 billion a year in intellectual property—weapon designs and source code, sure, but also consumer lists, takeover proposals, and cosmetics formulas—in what top U.S. cyberfighter and director of the National Security Agency Gen. Keith Alexander describes as “the greatest wealth transfer” in history. Our critical infrastructure—including gas pipelines and power grids—faces daily attack. Last year, U.S. banks were hit by a so-called distributed denial-of-service attacks that sent enormous amounts of traffic from infected computers to bank servers, denying Internet access to bank sites.
Dave Klug for Barron’s
The stakes are high; cybersecurity has taken center stage in diplomatic talks, especially with China, which security experts say is behind some of the cyberespionage attacks—allegations the Chinese deny. High stakes translate into big money for the technology firms, consultants, and defense contractors working against cyberattacks. Corporations are expected to spend $67 billion in total information security this year, according to technology research firm Gartner. While that is a fraction of the $3.7 trillion expected to be spent on global information-technology spending, Gartner expects security spending to rise 39%, to $93 billion, in 2017. A similar trend is playing out in the government. While defense budgets are being cut, cybersecurity-related spending is expected to increase: BB&T Bank expects the government to spend $16 billion in 2015, up from $10 billion in 2011.
Spending is bound to increase as more data—accessed through more devices with more applications—set the stage for more attacks. A division within Homeland Security, the United States Computer Emergency Readiness Team, reported a 68% increase in cyberincidents at federal agencies, critical infrastructure, and government partners. In 2012, attacks on companies rose 42% from the prior year, according to Internet security firm Symantec. It’s not just the biggest companies in key industries that are at risk—31% of attacks hit firms with fewer than 250 employees.
The nature of attacks varies; some are choreographed and aimed at an entire industry, while others involve lone hackers exploiting vulnerabilities to infect networks with viruses. Advanced, persistent threats are one of the most insidious and sophisticated types of attacks, targeting high-value data like intellectual property that can sometimes go undetected for months, or years, on a network. The cost of cyberattacks go well beyond remediation. The loss of trade secrets or weapons designs—not to mention credibility—can damage profits.
With insurers and regulators calling for more protection and requirements for the disclosure of breaches increasing, cybersecurity is moving out of the realm of the IT department. In fact, Gartner estimates that 80% of the world’s 2,000 largest companies will report security preparation and risks to their boards next year. “There is a major evolution, with companies moving beyond a baseline of complying with regulation to those looking at cybersecurity as a competitive advantage,” says David Burg, head of PwC’s cybersecurity practice.
There are three broad realms of cybersecurity technology—protection, detection, and response.
Protection is the most familiar, with firewalls and antivirus software that has been updated for new threats and mobile devices. Detection often involves the analysis of voluminous data to find suspicious patterns or behavior. Once a threat is found, cyberexperts talk about “sandboxing” or “sinkholing,” and many of the responses involve quarantining the malicious software and analyzing it. On the government front, there are also offensive technologies—not surprisingly, often classified.
With no silver bullet, most companies cobble together an array of technologies to deal with an evolving threat, creating room for multiple types of players and plenty of opportunity. “I can’t point to anything with a better secular backdrop than security right now, given the rate of technological change and the impact of mobile and applications on security,” says Rob Owens, head of Pacific Crest Securities’ security and software-infrastructure practice.
There is no clear winner. “It’s like a kids’ soccer game, with everyone swarming the ball and knowing it matters, but I’m not sure anyone is really pulling all the pieces together,” says Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute.
Tech start-ups that attracted $1 billion in venture capital last year are in the mix, as are small pure-play technology firms and slower-growing veteran Internet security firms likeCheck Point Software Technologies (ticker: CHKP). Consultants like PwC or Booz Allen Hamilton (BAH) and defense contractors are also in the game, often helping the government and companies assess risks, picking the appropriate technologies and integrating it. Defense firms are natural contenders, with many spending a decade working on cybersecurity alongside intelligence agencies.
None
Raytheon (RTN), for example, is focusing on building its cybersecurity business, making a dozen acquisitions in the past five years—the most it has made in any one category. But while cybersecurity is one of the company’s faster-growing businesses, Raytheon—like many of its peers—doesn’t break out revenue, and these businesses are still too small to move the needle much.
For now, investors are better off looking at the handful of cybersecurity firms or smaller defense contractors with enough cybersecurity sales to warrant reporting it.
ISRAEL’S CHECK POINT SOFTWARE Technologies is an Internet security pioneer that made its name in the 1990s with firewalls, and evolved alongside the Internet while maintaining strong operating margins—56% last year.
Over the past few years, Check Point has been transitioning to a subscription-based software “blade” strategy, essentially allowing companies to build additional levels of protection for themselves onto Check Point’s hardware. That way, they can alter their defenses as needs change without adding too much complexity or cost.
Check Point’s transition to the blade approach coincided with a contraction in technology budgets. As customers went for cheaper options, Check Point’s average selling price fell, denting expected 2013 revenue growth to less than 4%. But the average selling price appears to be bottoming, and after five straight quarters of missing analysts’ expectations, the company’s second-quarter results beat estimates. Results indicated more pricing stability and customers buying more of Check Point’s higher-end products, says Jefferies analyst Aaron Schwartz. For fiscal 2014, Check Point’s earnings are expected to grow 5%, to $691 million, or $3.70 a share, with revenue expected to grow 6%, to $1.47 billion.
That bodes well for revenue growth to re-accelerate to mid- to high-single digits, which could encourage investors to pay more than its current 15 times forward earnings. That, and the possibility the company taps its $18 a share in cash to increase buybacks in the next year, could move the stock into the high $60s, up about 20%.
FORTINET (FTNT) belongs to a group of younger and smaller pure-play firms that have seen valuations boosted in part by takeover optimism. Fortinet’s stock trades at 34 times 2014 earnings—less jarring than industry darling Palo Alto Networks (PANW), which trades at 123 times its fiscal 2014 earnings (ending next July)—but not exactly cheap.
The stock is more attractive now; the departure of well-regarded Chief Financial Officer Ken Goldman last fall and then two disappointing quarterly earnings results pushed the stock lower. Now, though, the company’s revenue growth is poised to recover, as its all-in-one solution resonates with companies looking to do more with less.
The earnings misses came amid slower spending from service providers like telecoms, which make up about 25% of sales, but other firms’ reports of a similar slowdown eased concerns that the troubles were Fortinet’s own. Ahmed Rubiae, the company’s new CFO, reset earnings expectations and could also use his operational experience to focus more on profitability over time. For 2014 analysts, on average, expect earnings to grow 28%, to $95 million, or 60 cents a share, with revenue expected to rise 15%, to $687 million.
Some of Fortinet’s peers try to be the best at particular areas of cybersecurity—like focusing on database and business applications. Fortinet’s forte is providing a broad range of threat-prevention technologies—like tools to kill viruses—in one platform that often acts as a first line of defense, for example, for bank branches. “It provides a very efficient solution, offering more bang for your buck,” says Aram Green, co-manager of the ClearBridge MidCap Growth fund. With Fortinet’s revenue growth recovering and free cash flow on track to grow more than 25%, Pacific Crest’s Owens expects the stock to hit $25 in the next yea
AMONG DEFENSE FIRMS, SAIC Corp. (SAI) is one of the better investment opportunities. Its stock has lagged other defense firms, and there are potential catalysts on the horizon. SAIC generated 9% of its sales, or $1 billion, from cybersecurity last year, and it is an increasing area of focus—especially as the company spins off its slower-growing IT-services business from its faster-growing operations, including cybersecurity and electronic health records.
SAIC is not a weapons manufacturer, but many of its IT solutions and services are for government agencies, and budget cutbacks have been painful and could keep sales under pressure. Analysts, on average, expect earnings to grow 2% in fiscal 2014, which ends in January 2015, to $414 million, or $1.24 a share, with revenue contracting 2%, to $10.1 billion.
Barron’s wrote bullishly about SAIC earlier this year (“SAIC Shares Could Rise 35%,” March 25 ), arguing that its planned spinoff would unlock value. The transaction was expected in August, but it still awaits final board approval and certain regulatory approvals and is now expected later this year. But the argument still holds. With its enterprise value at 6.6 times earnings before interest, taxes, depreciation, and amortization, the stock is cheaper than the defense-industry average and isn’t getting credit for the company’s faster-growing businesses.
Following the spinoff, the companies could boost sales by pursuing opportunities that were previously off-limits due to conflicts of interest. But even without such a boost, Jason Lazarus, a manager at the Intrepid Capital Fund, says the stock could see a 20% rise by delivering on its forecasts and implementing the $350 million cost cuts it outlined this spring, which should boost margins. In the interim, the stock is cheap enough to offer a bit of cushion.