Cybersecurity firms are in good shape as they gear up for RSA 2020
The cybersecurity industry is shaping up for what is traditionally one of its biggest events of the year: the RSA Conference, which takes place in San Francisco this coming week.
This year’s conference is overshadowed somewhat by the coronavirus outbreak in China that has caused at least one major player in the security industry, IBM Corp., to pull out of the event. In addition, the event comes just days after RSA’s parent Dell Technologies Inc. announced it’s selling the company to the California-based private equity firm Symphony Technology Group for $2.075 billion.
In his latest Breaking Analysis video, Dave Vellante, chief analyst at SiliconANGLE sister market research firm Wikibon and co-host of SiliconANGLE Media’s video studio theCUBE, said the cybersecurity sector as a whole continues to be rattled by several megatrends. They include the ever-increasing sophistication of attackers, the increased risks from the data economy, an expanding attack surface and a general lack of skills that enterprises need to properly protect themselves.
Some of these trends are in fact acting as tailwinds for the industry. For example, the escalating sophistication of attackers forces organizations and cybersecurity practitioners to respond and strengthen their defenses. The industry is also benefiting from greater awareness among company board members that they can no longer just leave security to chance. And the emergence of new cloud native technologies is giving birth to a range of new, cloud-based security and automation solutions.
But there are plenty of headwinds too. For example, cloud migration and the continued shift from North South to East West network traffic is putting pressure on traditional appliance-based perimeter security solutions, the analyst said. And there are questions on return on investment as well, with many enterprises asking why they’re not more secure if they’re spending so much money on security.
“At the end of the day companies have no choice, though,” Vellante said. “The sophistication of the attacker is very high, and so the answer to my CFO on ROI is one of fear-based justification – if you don’t do this you might lose billions in market cap.”
Spending momentum stays strong
This fear of what might happen is one of the main reasons why enterprises continue to throw millions of dollars at protecting their systems and data from cyberattackers. A look at the latest survey from Enterprise Technology Research shows that cybersecurity is one of the healthiest information technology segments around, with spending growing at around 12% per year.
Even so, cybersecurity’s overall piece of the pie remains fairly small. “Despite the top of mind narrative we always hear, the reality is other initiatives compete for budget and you just can’t keep throwing cash at the security problem,” Vellante explained. “As I’ve said before, we spend about 0.014% of our global GDP on cyber, so we are barely scratching the surface.”
Moreover, cybersecurity is an incredibly competitive market, with a whole bunch of startups and more established providers wrestling for a piece of the action. It’s worth highlighting “four-star” players in the sector, which are those with both the highest “net scores” (a measure of spending momentum) and market share (a measure of pervasiveness) in the ETR data set.
They include giants such as Microsoft Corp., Cisco Systems Inc., and smaller firms like Palo Alto Networks Inc., Splunk Inc., Proofpoint Inc., Fortinet Inc., Okta Inc., CyberArk Software Ltd. and CrowdStrike Holdings Inc. Most of those companies continue to do well, boasting strong net scores.
“Fortinet and Cisco fell off my four-star list this quarter because their net scores, while still holding reasonably well, dropped somewhat,” Vellante said. “And some other companies, like Varonis, Veracode and Carbon Black, jumped up on the net score rankings. But Cisco and Fortinet are still showing some strength in the market overall. Cisco’s security business was up 9% in the past quarter and Fortinet is breaking away from Palo Alto Networks from a valuation perspective.”
In addition, Zscaler Inc. saw its net score jump from 38% in the last quarter to 45%, helping it break into his list of four-star cybersecurity firms.
A growing market
The strong momentum being seen in the space is likely to continue, because cybersecurity remains a big priority for most organizations. Indeed, many companies in the space are likely to see their valuations grow in the near-term at least.
The following chart ranks eight of the leading publicly traded cybersecurity firms according to their market value, and the numbers raise some interesting points.
For example, there’s a proportional relationship between the growth rate and the revenue multiple, or premium being paid, for each of the companies on the list.
“Generally growth ranges between one and a half to three-times the revenue multiple being paid,” Vellante said. “CrowdStrike, for example, has a 39-times revenue multiple and is growing at 110%, so they are at the high end of that range with growth at 2.8 times their revenue multiple today.”
The other point is that cybersecurity remains a highly lucrative market, with several firms boasting valuations in the double-digit-billion-dollar range, and with many multibillion-dollar market valuations.
Not everyone fits with the trend, however. In the case of Palo Alto Networks, it has a much lower revenue multiple than other players in the market. The company’s poorer recent performance is highlighted in the next chart that compares its stock with that of Fortinet, one of the best performers in cybersecurity in recent months.
“Look how they traded in range and then you see the split when Palo Alto Networks missed its quarter last year,” Vellante said.
That drop in performance stems from a couple of things. For one, it’s currently trying to “cloud-proof” its business by transitioning to more of an annual recurring-revenue-based model. The company is also trying to reduce its reliance on older, appliance-centric firewall technology that remains a big but also underperforming part of its business. Not least, Palo Alto Networks has struggled with some recent execution issues related to sales incentives.
In contrast, Fortinet’s stock has been booming lately, thanks chiefly to its recent portfolio refresh. “Fortinet is one of those companies with a large solution set that can cover a lot of ground, and while it faces similar cloud headwinds as Palo Alto it seems to be executing better on the transition,” Vellante said.
As for RSA Security and Symphony Technology Group’s acquisition of it, the most important takeaway is that the deal underscores how Dell is choosing liquidity over its most prominent cybersecurity asset. Dell is still paying off the massive debt it accrued when it paid $67 billion to acquire EMC Corp. back in 2017.
“It says to me that [Dell’s] ability to pay down debt is much more important to their go-forward plan,” Vellante said. “Remember, for every $5 billion Dell pays down in gross debt, it drops 25 cents to earnings per share. This is important for Dell to get back to investment grade debt, which will further lower its costs.”
It’s interesting, too, that VMware Inc., which has recently acquired cybersecurity startups such as Carbon Black to build out its own cloud security business, decided to pass over RSA. That’s most likely because most of RSA’s offerings are still based on legacy technology that’s quickly losing relevance in today’s cloud-first world.
Here’s the full video analysis:
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.