The isolation economy growing out of the coronavirus pandemic has created substantial tailwinds for certain cybersecurity companies — but not all of them.

Notably, as of the big stock market selloff on June 11, the S&P 500 and Nasdaq are off 11% and 3%, respectively. Yet the valuations of three companies that we cited as “four-star” firms in our February cyber report are up significantly.

Specifically, Okta Inc.’s valuation is up 34% since our last look in February, CrowdStrike Holdings Inc. is up almost 50% and Zscaler Inc. has risen more than 60%. Yet several other companies that we named as four-star players have tracked the S&P or have even performed more poorly – despite still showing decent strength in spending momentum based on survey data.

In this Breaking Analysis, we’ll update you on our cyber security outlook and try to answer several questions, including:

• What has changed in the cybersecurity market since our last report?
• Has the isolation economy created a permanent shift in security spend or are these upticks anomalies?
• What can we learn from the ETR spending data and is the divergence in valuations among security leaders justified?

What has changed in cyber since the RSA Conference?

The COVID pandemic has catalyzed significant changes in the cybersecurity market and we want to understand: Are they systematic? In other words, are there fundamental changes to the existing market and its underlying principles? By many accounts, the answer appears to be yes.

Last week, we listened in on a chief information security officer roundtable call with ETR’s Erik Bradley and we heard the executives echo some themes that we’ve been reporting. Specifically, the executives elaborated on the impact that the work-from-home pivot has had on their businesses.

They cited a greater focus on so-called zero-trust networks, changes in identity and access management and the increasing attractiveness of cloud and as-a-service models. They also reiterated their belief that going forward they would reduce their reliance on traditional firewalls and appliances in the data center.

From digital complacency to digital mandate

We’ve gone from a world where digital transformation was an important strategic initiative to one where if you weren’t digital, you largely couldn’t transact business. People are beginning to question the long-term viability of their virtual private networks and even technologies such as software-defined wide-area networks are being called into question as corporate offices are empty and the internet becomes the new private network.

One thing that hasn’t changed is there are still too many tools in the security business, and that seems to be continuing as buyers need solutions to problems quickly. On balance, information technology budgets are contracting, so most companies still have to justify security spending based on risk reduction, which is of course easier to justify for securing remote workers.

In addition, the importance, and scarcity, of cybersecurity skills is exacerbated in this climate.

A look back at February spending data

The chart below shows data from the January ETR survey. It isolates on the security sector within the data set. And if you recall we keyed on two key metrics: Net Score, which is a measure of spending momentum, and Shared N, which the number of mentions for a specific company within the sector.

The left side of the chart shows cyber players sorted by Net Score and the right-hand chart sorts those companies on Shared N.

Last year we used this data to create a methodology to name several companies as “four-star” security firms based on their ranking within both of those metrics. You can see the four-star firms highlighted: Microsoft Corp., Splunk Inc., Palo Alto Networks Inc., Proofpoint Inc., Okta and CrowdStrike. We added Zscaler in our February post and then CyberArk Software Ltd. made the cut. And we gave Cisco Systems Inc. and Fortinet Inc. two stars because they were on the cusp.

Impact of coronavirus on security spend

The chart below shows a subset of the vendors we showed above. Remember, this survey was taken at the height of the lockdown from the pandemic. Budgets were under immense pressure. Nonetheless, Microsoft, Cisco, Palo Alto, Fortinet and Zscaler all held up. CrowdStrike also held steady and maintained a very elevated Net Score level. Okta dipped somewhat but from a high level as well. Only Proofpoint of the four-stars we showed earlier declined notably from a 48% to a 40% Net Score.

SailPoint Technologies Inc. didn’t make the four-star cut because it doesn’t have as high a presence in the data set, but its Net Score is solid and its Shared N jumped from 66 last survey to 88 in the latest checkpoint. So we think this identity and access management player seems to be one to watch, especially given the comments we hear from CISOs.

Plotting the leading cybersecurity players

The chart shows a view that we like to share often, juxtaposing Net Score against Market Share.

The chart plots Net Score or spending velocity on the Y-axis and Market Share on the X-axis. Remember, Net Score measures spending momentum by calculating the net percent of companies planning to spend more versus less on a company’s technology. Market share is calculated by dividing the number of mentions for a company by the total mentions in a sector.

You can see above a continued theme of Microsoft momentum. The company continues to stand out in many sectors and cyber is no different. It has an elevated Net Score and big presence in the survey.

For context, we plotted IBM Corp. and Dell Technologies Inc. (which is the legacy RSA business). These are two companies with strong security brands, but as you can see, they are not the giants they used to be in cybersecurity software.

Some additional points on this graphic:

• CrowdStrike jumps out as the momentum play on the chart, no surprise given its focus on endpoint security and the pivot to WFH.
• Okta with its cloud-based identity management focus continues to show strong.
• CyberArk, a privileged-access player, is very important in this remote worker environment.
• Zscaler shows quite strong and steady from the last survey. However, Zscaler saw some of the biggest action in the stock market, which we will address later in this post.
• Proofpoint saw a deceleration in Net Score, but it’s right in the mix, as is Fortinet.
• Palo Alto Networks remains strong  and we think a very strategic player to CISOs.
• Finally, Cisco in cyber shows a very credible Net Score and a large market presence. As we reported in a January Breaking Analysis, security is one of the brighter spots in Cisco’s portfolio.

So the big takeaway from the ETR data is despite the pandemic, cybersecurity software has held up very well from a spending standpoint.

What does the stock market tell us?

First, as we know, there’s a disconnect between what’s happening in financial markets and the fundamentals of the economy. And within the security sector there’s a dissonance among companies. In particular, the technology market has shaken off this pandemic and the valuations of several companies in the security sector have exploded, while others have declined. We want to discuss that dynamic in this segment of our report.

The chart below updates data that we showed in February from our last cybersecurity update. This data adds a comparison to the performance of the S&P and the Nasdaq as of Feb. 19. It compares these indices with the performance of our four-star cyber players from that date to June 11, the day of an 1,800-plus-point drop in the Dow. So some of the steam has been let out of the market, but the fundamental story won’t change.

First, the S&P is off 11% since that time but the Nasdaq is off only 3%. But note the deltas of our four-star companies.

Splunk

Let’s start with Splunk, which we didn’t show in the earlier charts. The value metrics of Splunk haven’t moved much since our February report. Its Net Score was down somewhat in the sector, but remember Splunk does more than just security. It really is becoming a critical big data player in analytics.

We think investors perhaps don’t like the tepid 2% revenue growth, but Splunk is transitioning to an annual recurring revenue model and that will take some time to show up in the income statement. Splunk acquired SignalFX late last year to give it a stronger software-as-a-service play in monitoring and analytics. We like Splunk’s fundamentals and would compared it to Adobe Inc. and Tableau Software LLC (now owned by Salesforce.com Inc.), which had to make similar transitions to a subscription model and ultimately powered through because they are great companies with loyal customers.

Palo Alto Networks and Fortinet

In our last security update we spent a fair amount of time explaining the valuation divergence between these two companies because of some cloud challenges Palo Alto was facing. We said Fortinet had done a better job transitioning to cloud. But Palo Alto had a great quarter in its latest report. It beat earnings and revenue and gave solid guidance. The stock moved up nicely but it ran into resistance and you can see it’s tracking about with the S&P 500.

And you can see the revenue multiples show the valuation divergence is even more stark relative to Fortinet, which held steady in the period. That is, Fortinet’s valuation and revenue multiple held while Palo Alto showed a double-digit decline its value over this time period.

But we like the fundamentals of Palo Alto Networks. Not did Palo Alto beat earnings, but it shows solid performance in the ETR data set, despite the COVID pandemic. Further, anecdotal evidence and discussions with IT leaders suggests that organizations want to do business with Palo Alto. It’s considered a thought leader in the market and we think will do very well this decade. Maybe there are some technical aspects going on with the stock, which we’re not qualified to address, but it clearly saw some resistance despite its strong quarter.

CyberArk Software and Proofpoint

Let’s skip over the green box for a moment and quickly comment on the last two companies in the chart. We’ll start with CyberArk. The company is underperforming this group even though you would think with a focus on privilege access security it would do well in this environment. It beat earnings last quarter but suspended guidance.

On its earnings call, the company cited exposure to some industries that were hard-hit from the pandemic.  Notably, the company is aggressively hiring and increasing operating expenses so management is confident and perhaps just being cautious. But CyberArk is taking a valuation hit as a result. Notably, its Net Score in the ETR data looks very strong, so we’ll be watching closely the results from the June survey.

Proofpoint has also taken a valuation hit in our period of analysis despite beating estimates last quarter. Maybe not as strong a WFH play but again, beating in this environment is a positive.

Okta, CrowdStrike and Zscaler shine

Now let’s talk about the three companies highlighted in green: Okta, CrowStrike and Zscaler. Again, Zscaler was added to the Four Star list in February.

The valuation of these three companies has soared since the pandemic as they have benefited from the cybersecurity tailwinds as a result of the new reality. Okta with its identity management focus, CrowdStrike with endpoint and Zscaler with its security cloud are all seeing huge momentum. It makes sense. These three companies are very focused and aligned with a remote-worker economy and the shift to cloud. As well, they all beat earnings and management had a sanguine outlook going forward.

But look at the revenue multiples compared to their peers. Are these justified? As we said before, there’s a difference between the stock market and what’s happening in the real world today. So we would say we want to see these companies continue to outperform estimates, and frankly, at these revenue multiples, we would expect maybe even higher growth rates, especially from Okta and Zscaler.

The point is the market’s exuberance is based on future expectations and we do think there was a bit of fear of missing out at play here, with investors hopping on the bandwagon. However, the growth growth rates of these three firms is meaningfully higher than the peers we’ve listed. Of course, much of the stock action is based on performance relative to earnings estimates. So we will see if these firms can continue to beat estimates and justify these juicy valuations.

The data from ETR shows these companies are strong – although we’d like to see Zscaler’s Net Score and market presence continue to improve. And the momentum of Palo Alto and CyberArk shown in the ETR data could signal positive results going forward. So we’ll be watching the next survey very closely.

Keeping an eye on Wall Street versus Main Street

The disconnect between financial markets and the real world economy creates uncertainty. So you have to be cautious here if you’re chasing momentum. We know a lot of young investors who comment to us on these segments. To stress, we’re not qualified to tell you where to invest; we are reporting on fundamentals and financial trends and we try to formulate opinions using survey data from ETR and theCUBE community. Please do your own research and be patient with this market.

The COVID economy and the remote WFH momentum will not be a rising tide to lift all ships. But there’s no doubt CISOs are rethinking cyber. We’ve said for years that spending was going to shift from protecting the perimeter to secure remote devices and distributed data. To some degree, this change has occurred, albeit more slowly than we expected. However, in the last 90 days we’ve seen a more dramatic shift in mindset than in the previous three years.

The scourge of VPNs, the albatross of multiprotocol label switching or MPLS networks, and even the efficacy of SD-WAN are being called into question as security technologies that exploit the internet and cloud appear more attractive to CISOs.

We are also seeing more collaboration between organizational boundaries and even many chief information officers becoming much more involved in security, as are line-of-business heads. As we’ve said many times, cybersecurity has become and will continue to be a board level agenda item.

Near-term, we don’t see the fragmentation of products decreasing. If anything, the shiny new security tools will probably increase granularity in the market because organizations can’t just unplug their legacy infrastructure – as much as they’d like to do so.

Longer-term, however, there will be more consolidation in this market as the whales purchase companies to fill holes. For example, look at VMware Inc., a company we haven’t cited in this segment. It’s trying to elbow its way into the security market with an aggressive acquisition agenda. And the cloud as well will attack this problem of complexity, which in part stems from too many tools.

Look for survey updates on the ETR website, and you may want to check out this ETR Tutorial we created, which explains the spending methodology in more detail. Also, check out SiliconANGLE for all the news and analysis. These episodes are all available as podcasts wherever you listen.

Ways to get in touch: Email david.vellante@siliconangle.com, DM @dvellante on Twitter and comment on our LinkedIn posts.

Here’s this week’s full video analysis:

Image: DreamyArt/Pixabay