Hiding In Plain Sight
What? It is my opinion that cyber security and biotech will be the most noteworthy growth sectors of the 21st century. That said, I want to share my analysis of three prime cyber security stocks: Palo Alto Networks (PANW), CyberArk Software (CYBR), and FireEye (FEYE). For reference, some other noteworthy cyber security firms include Fortinet (FTNT), Check Point Software (CHKP), Rapid7 (RPD), and Cisco Systems (CSCO). However, unlike the aforementioned trio, these companies face unfavorable headwinds (listed below).
- Fortinet: A notable B2B preventative enterprise firm, Fortinet offers companies meaningful hardware and software solutions for corporate IT infrastructures. Since its November 2009 IPO, Fortinet stock has appreciated by 438.37% and currently trades at a P/E of 651.43 (the S&P 500 trades at a P/E of 16-18). In other words this stock is overvalued, as it trades at a 36.2x multiple to the S&P 500. This does not mean, however, that Fortinet will fail to see its share price continue to rise; I simply believe its current price point is unjustifiable.
- Check Point Software: Unlike most cyber security firms, Check Point provides full scale prevention and threat detection solutions. As a B2B vendor, Check Point secures enterprise networks and mobile devices. Unlike Fortinet, Check Point trades at a fair valuation; with a P/E of 22.62, it's an attractively priced investment. However, having operated since June 1996, it is my opinion that Check Point has already peaked. That's not to say the firm has no growth potential; in fact, Check Point is arguably the only attractive player in an otherwise overvalued sector. Nevertheless, I believe FireEye is a better long-term growth investment.
- Rapid7: Having issued its IPO in July 2015, Rapid7 is the "new kid on the block." Unlike Fortinet and Check Point Software, Rapid7 focuses on threat detection and network improvements via data analytics. Rapid7's services help Fortune 500 companies decipher, contextualize, and remove malware. The only reason Rapid7 isn't a top three pick is because of its recent IPO. The transition from "private" to "public" introduces new operational challenges and constraints. While I firmly believe in Rapid7's ability to scale, it nonetheless remains a risky investment.
- Cisco Systems: While Cisco is far from a cyber security firm, its portfolio includes a few notable acquisitions that have added tremendous value to Cisco's popular hardware and software offerings. These previously private companies include Sourcefire (acquired in July 2013 for $2.7 billion), ThreatGrid (acquired in June 2014), and OpenDNS (acquired in June 2015 for $635 million). Although cyber security solutions continue to grow at a respectable rate for Cisco, the tech behemoth remains a networking and switching company. It is for this reason alone that Cisco does not compete with Palo Alto Networks, CyberArk Software, and FireEye.
Why? Since 2013, a myriad of calculated large-scale cyber attacks have crippled massive corporations and compromised America's national security. Moreover, cyber warfare has drained billions from private companies and the Federal government. From secret agencies, to private enterprises, no organization is safe. For reference, please review the following crises.
- Target (December 2013): The victim of a costly network breach, Target (TGT) was attacked by foreign hackers. Consequently, 70 million personal phone numbers and email addresses, in addition to 40 million credit card codes, were stolen. Due to public safety concerns, the popular retailer saw its profits drop by 46%. Only recently did Target settle with its victims and pay $10 million in restitution.
- JPMorgan Chase (July 2014): After its networks were breached by a highly sophisticated cyber attack, JPMorgan (JPM) realized that large amounts of data had been stolen. Approximately 83 million household and businesses were jeopardized. While the attackers successfully stole checking and savings numbers, personal information, like Social Security numbers, was protected.
- Home Depot (September 2014): Much like Target, the Home Depot (HD) experienced a cyber attack focused on stealing payment information. Nearly 56 million identities were compromised by custom-built software. As a result, Home Depot spent $62 million fixing its damaged network.
- Sony Pictures (November 2014): In the most high profile attack to date, Sony Pictures (SNE) was allegedly held hostage by North Korean hackers. After learning about Sony's highly-anticipated release, The Interview, North Korea led an attack against seven corporate data centers. Sensitive info, including contracts, salaries, budgets, Social Security numbers, and confidential emails, was stolen and publicly released. Sony subsequently spent millions repairing its brand and public image.
- Anthem (February 2015): Cited by Anthem's (ANTM) CEO as a "very sophisticated external cyber attack," 80 million insured individuals experienced the theft of personal information from Anthem's database. These data included names, Social Security numbers, birthdays, addresses, emails, phone numbers, employment statuses, and income information.
- IRS (May 2015): Not until May 26th did the Internal Revenue Service announced it had experienced a sizable data breach. Initially trying to downplay the event, IRS officials first claimed only 100,000 individuals had been affected; however, in an August revision, the IRS admitted that approximately 335,000 accounts had been hacked. Criminals targeted sensitive information, like tax returns, and stole more than $50 million.
So What? Given that cyber attacks have become far too common, the private sector has once again formed lucrative enterprise solutions in the form of front and back-end services. Anti-virus, anti-malware, threat prevention, and data analytics software have become standard corporate solutions for proactive CEOs. As such, cyber security firms continue to innovate for greater market share. As I mentioned at the onset, I believe the most promising of these companies are Palo Alto Networks, CyberArk Software, and FireEye.
Palo Alto Networks: With a $190 price target and estimated 30% five-year growth projection, Palo Alto Networks is a safe long-term investment. While the stock currently trades at $185, Palo Alto Networks' 73% profit margin, 55% Y/Y revenue growth, and 4.42% short interest represent positive market sentiment. Moreover, Wall Street analysts are bullish about Palo Alto Networks' future because of its consistent earnings beats and flawless execution.
1-Year Return: 90.29%
Palo Alto Networks provides enterprises with preventative front-end software and hardware. Focused on foiling cyber attacks at the point of attack, Palo Alto Networks offers state-of-the-art firewalls that do not compromise performance. Its network gear also monitors digital traffic for anomalies, allowing users to deploy necessary applications in response to unique threats.
CyberArk Software: With an $80 price target and estimated 25.6% five-year growth trajectory, CyberArk currently offers investors 61.75% potential upside. The stock presently trades at $49.50, and has recently hit resistance around $50. If the stock trades up in the coming days, and holds above $50, market momentum could push CyberArk into the $60s (near-term). Out of all cyber security darlings, CyberArk may be Wall Street's favorite.
1-Year Return: 65.25%
CyberArk offers multi-layer threat protection technology. Its IT security solutions platform identifies hackers and malware that would otherwise evade traditional cyber security defenses. Specifically, CyberArk protects critical assets known as privileged accounts; these include servers, applications, and databases. If a threat penetrates a privileged account, CyberArk can effectively terminate said threat and restore functionality.
FireEye: With a $60 price target and estimated 37.5% five-year growth trajectory, FireEye currently offers investors 62.2% potential upside. The stock presently trades at $37 and is not for the faint of heart. Since reaching a post IPO high of $97.35, FireEye has fallen 163% to date. While it is less attractive than its aforementioned peers, FireEye is indeed a technically sound company. And while its short-term volatility may induce headaches for emotional traders, FireEye is nonetheless a great long-term play.
1-Year Return: 13.22%
FireEye provides network security solutions for Advanced Persistent Threats (APTs). Traditional cyber security tools, like anti-virus/malware software, intrusion prevention systems, and firewalls, have proven ineffective in preventing sophisticated APTs because they only focus on documented threats. FireEye's software actively monitors inbound traffic and searches for erratic behavior, which it then identifies as a potential attack. After being alerted, companies can address the likely threat at hand in a precise manner.
While nothing is guaranteed, the hottest tech sector is, and will remain, cyber security. It's not a question of whether a corporation or government agency will be hacked, but instead a question of when. Ongoing cyber security attacks, especially from China and Russia, will force every valuable entity to adopt cyber security solutions. Eventually, threat defense software and hardware will accompany all B2B networking gear sales; it's time to get ahead of the trend.