The One Tech Stock to Own in 2015
The sharp increase in the number of large-scale data breaches in 2014 will result in a boost in spending on cyber-attack detection, prevention and mitigation for the year ahead.
In the first half of 2014, there were a total of 559 breaches worldwide, resulting in 375 million customer records being stolen or lost, according to SafeNet. In Q3, the number of breaches totaled 320, up almost 25% from the year-ago period. In the latest quarter, 183 million customer records were either stolen or lost, with the most number of compromised accounts evident across the financial services and retail industries.
It is becoming increasingly apparent with each major breach that enterprise budgets for IT security are way too low. Many organizations these days have such limited security functionality on their networks that they don’t even know when they’ve been breached; it often takes months and months for companies to figure out that accounts and/or records have been compromised.
For 2015, purchase orders will flow to the security vendors with the best next-generation technology for monitoring and securing data, as well as to those capable of fully cleaning up after a breach.
FireEye (FEYE), provider of a virtual machine-based platform providing real-time protection to enterprises and governments against next-generation cyber-attacks, is one standout in this sector, offering a complete portfolio of solutions, even down to the endpoint.
The company’s MVX virtual execution engine identifies and protects against known and unknown threats that competitors (using older signature-based technologies) can’t detect. Also, FireEye’s technology is better than the competition when it comes to filtering out false-positive readings, which are time consuming and costly to investigate.
Founded in 2004 by Ashar Aziz (a 12-year veteran of Sun Microsystems and now FireEye’s chief strategy officer), the company in November 2012 hired Dave DeWalt, former CEO of McAfee (now owned by Intel), as its CEO. DeWalt is well known in tech circles, as he was CEO of Documentum (bought by EMC in 2003) and then served as executive VP of EMC’s software group.
Two days into 2014, FireEye caused quite a stir in the security world (mainly because of the deal price) when it announced the $1.05-billion purchase of privately held Mandiant, a cybersecurity forensics specialist founded by Kevin Mandia, a former computer security officer at the Pentagon and special agent in the Air Force Office of Special Investigations.
Mandiant is the company organizations often turn to after a breach because it has some of the most advanced endpoint security technology, which is used to figure out what happened and the most likely culprits, along with details on stolen or compromised assets.
FireEye shares ended 2013 at $43.61. Following the Mandiant purchase, the stock surged to a new all-time high of $97.35 in March, fueled in part by positive reviews of the acquisition on Wall Street.
No surprise after the big run-up, the stock was hit particularly hard during the sharp correction in momentum stocks this past spring, falling to a low of $25.58 in the middle of May. During the market pullback in October, FireEye shares dipped to a new 52-week low of $24.81, but have since regained some footing, rebounding to recently trade at $29.45.
With the market cap at $4.43 billion, FireEye trades at 7.1 times the 2015 consensus revenue estimate of $625 million, which represents growth of 47.4%. At the Street-high top-line estimate for next year of $655.7 million, the indicated growth rate is 54.6%.
FireEye has more than 2,760 customers, including 260+ added in the latest quarter (on top of 206 adds in Q2 and 158 in Q1). The customer renewal rate is above 90%. There are about 1,000 partners signed up to sell FireEye solutions; the channel in Q3 played a big part in FireEye closing 23 deals worth $1 million+ each, up from 11 in the year-ago period and seven in Q2.
The company now has 20 different security products in its portfolio, including the recently launched Advanced Threat Intelligence subscription service, which provides analytical tools to help identify attacks and provide detailed background on tactics and motives. With an expanding portfolio, one of the company’s near-term goals is to take advantage of cross-selling opportunities into the customer base. Today, about 40% of FireEye customers take two or more of its products.
FireEye is moving to more of a subscription model. Revenue from multi-year subscriptions is recognized over time, not all at once, pulling from the top-line number each quarter. This makes billings another important metric.
In Q3, billings were a record $165 million (strong sequential growth of 45%), coming in above the high end of the guidance range of $150 million to $155 million. Deferred revenue advanced 21% sequentially to $282.9 million.
With FireEye’s advanced threat protection services (sold on a subscription basis) now at the forefront, hardware is no longer the primary source of growth for the company, according to DeWalt. Standalone product sales in Q3 represented just 42% of total revenue. Subscription and services revenue in the latest quarter of $65.8 million (58% of revenue) advanced 15.8% sequentially.
One key growth driver on the subscription side is the new FireEye-as-a-Service offering. Using patented virtual machine-based technology, FireEye-as-a-Service aims to detect and prevent intrusions against major attack vectors. The company monitors customer environments 24/7, analyzing potential cyber threats using techniques based on more than 100,000 hours per year of front-line experience, according to the company.
Each day, the FireEye MVX engine performs more than 50 billion virtual machine analyses and processes 400,000 unique malware samples. The technology is updated hourly with contextual threat intelligence from around the world. If an advanced threat is verified, the customer receives a detailed report showing the identity, motivations, tools and targets of the intruders, as well as recommended responses.
Teams of FireEye threat analysts constantly monitor customer networks and more than 3 million endpoints for indications of a breach, performing in-depth analysis on suspicious events to confirm cyberattacks within minutes instead of weeks or months.
In the current threat environment, this type of real-time coverage has become indispensable to organizations across all types of verticals. Customers increasingly don’t want to deal with breach threats themselves, so it makes sense that FireEye-as-a-Service has seen strong traction out of the gate.
For Q4, FireEye expects billings of $195 million to $210 million and revenue of $135 million to $147 million (the consensus was $144.2 million). After Q3, the company reduced its 2014 revenue guidance midpoint by $2.5 million to $424 million, but raised its billings forecast (to $573 million-$588 million from $560 million-$580 million previously), which makes sense given the larger subscription component.
FireEye is a ‘Buy’ in the Next Wave Portfolio up to $33.