Sector Spotlight—Into the Breach
Hackers in their latest high-profile cyber-security attack have sharply raised the stakes, this time stealing money—not just data—directly from banks.
During the past two years, more than 100 financial institutions in 30 countries have been hit, with up to $1 billion stolen, according to security research firm Kasperky Lab. The worldwide cyber criminal ring, said to come from Russia, Ukraine and China, could still be in operation.
In this massive breach, the hackers have been able to infiltrate internal computer networks via a series of targeted attacks involving malware-laced emails sent to (and opened by) specific employees within the various financial institutions.
Called “spear phishing,” this technique automatically installs malware on the network after an employee opens the seemingly innocuous email containing the malicious files. Once successfully inside, the attackers are able to remotely manage a bank network, changing account balances and even seizing control of ATMs to make them spit out cash at preset times and locations. It’s like the Ocean’s Eleven movie turned into a cyber attack caper.
The constant news flow of security breaches across large banks, retailers and health insurers shows that even the most high-profile computer networks are not immune to sophisticated attacks.
Enterprise and government security budgets worldwide remain woefully low, especially in light of the increasingly complex attack vectors that are being deployed by cyber criminals. The hackers are getting more and more crafty, forcing organizations to significantly ramp up their security spending.
The latest financial results out of FireEye (FEYE) indicate the company, an expert in dealing with targeted attacks, remains one of the biggest beneficiaries of the cyber-security megatrend. Revenue in the fourth quarter rose 25% sequentially, to $143 million, coming in above the consensus estimate of $141.4 million. Product revenue surged 40% sequentially to $67.9 million.
The company in Q4 added a record number of new accounts, bringing its total customer base to 3,130, up 54% from the year-ago level.
With FireEye now selling more security services via subscriptions, investors are placing greater emphasis on the company’s billings metric (since revenue is recognized over the term length of the subscription instead of all up front). In Q4, billings advanced 29% sequentially, to $212.6 million, beating the high end of the guidance range of $195 million to $210 million.
A good indication that FireEye is securing major enterprise wins: 43 non-services transactions worth more than $1 million were closed in Q4 (up from 23 in the previous quarter), a figure that is equal to the number of these large deals closed in 2012 and 2013 combined. FireEye in the latest quarter added 78 new Global 2000 accounts; 25% of all Global 2000 companies now use FireEye products/services, up from less than 15% at the end of 2013.
FireEye is getting better revenue visibility these days thanks to the increased contribution from subscription-based deals. For 2015, subscription and support revenue is expected to account for 45% to 50% of total revenue (compared to 42% last year), while product revenue is expected to contribute 35% to 40% of revenue (compared to 42%). Professional services revenue should come in at 10% to 15% of total revenue, vs. 17% last year.
The 2015 revenue guidance range of $605 million to $625 million indicates growth of 44% at the midpoint, while billings guidance of $800 million to $820 million represents midpoint growth of 37%.
There are a few positives that could make these early guidance numbers for the year look conservative. First off, the company now has more than 1,100 channel partners (a gain of 75% from the end of 2013) helping to drive new business. Second, the recent addition of an endpoint security offering opens up a whole new addressable market; FireEye in Q4 added 140 new endpoint customers.
Increased demand for mobile threat protection in 2015 should also expand the customer reach for FireEye’s portfolio of solutions. Finally, with FireEye management on the Q4 conference call saying more transactions are getting closed without the need for proof-of-value trials, overall deal closure times should begin to shorten.
With the spotlight now shining brightly on cybersecurity, it should come as no surprise that numerous large investors (from big mutual funds to tech-focused hedge funds) in the latest quarter stepped up their buying of security stocks, sending many names to new all-time highs and expensive valuations.
During the past three months alone, it has gotten a lot more difficult to find security stocks with attractive risk/reward profiles. Since the middle of November, the average forward price-to-sales multiple for a group of 15 security-related stocks that I track has risen 14%.
In this type of environment, I do not recommend chasing high-valuation security names because of the increased risks that come along with the high expectations. For example, Palo Alto Networks (PANW), one of the go-to names in network security, now trades at nearly 13 times forward revenue. While the company for fiscal 2015 (July) is expected to deliver top-line growth of more than 41%, Palo Alto shares, which recently hit a new all-time high at $135.97, could be subject to sharp downdrafts on any hint of a slowdown.
A somewhat less-risky strategy being deployed by certain savvy investors these days involves accumulating shares of security companies that stumbled last year and are still getting back on track. For example, Imperva (IMPV), a provider of data center security solutions, is still recovering from a disappointing first half of 2014 (caused by a combination of poor sales execution and intensified competition from IBM), but beginning to show signs of improved business momentum.
In Q4, Imperva’s revenue rose 20%, to $51.4 million, coming in above the consensus estimate of $50 million and the high end of the guidance range. The company continues to add customers at a rapid clip, in the latest quarter bringing on a record 245 new accounts, up from 237 in the year-ago period, and a big jump from 183 adds in Q3.
Deals worth more than $100,000 in Q4 reached a record 143, vs. 136 in Q4 2013 and 106 in the prior quarter. On the Q4 earnings call, Imperva CEO Anthony Bettencourt made a point of saying that IBM is now “acting wounded in the marketplace,” giving the company renewed opportunities to take business from the legacy vendor.
Imperva’s 2015 revenue guidance of $195 million to $200 million, representing growth of 19% to 22%, looks beatable. The simple fact that Imperva is guiding to 2015 midpoint revenue growth of 20.5%, only slightly above the 2014 growth rate of 19%, indicates a clearly conservative outlook, leaving room for upside surprises.
If Imperva can deliver revenue growth of 19% in an extremely tough year like the last one, the company is capable of big improvements in 2015. Just the installed base alone of 3,700 customers represents plenty of potential because less than a third of Imperva accounts have bought more than one of its products.
Recently trading at $43.17, Imperva shares are nearly 36% below their 52-week high of $67.12. The stock’s forward price-to-sales ratio of 5.5 is 30% below the average for the group of 15 security names. Imperva stock would be more attractive on a dip back into the upper $30s, so it’s one to keep an eye on for now.
FireEye is a ‘Hold’ in the Next Wave Portfolio.