No one wants to see the hackers who prey on cyber security flaws profit from their actions. But given the widespread nature of the threat, investors have an opportunity to capitalize on a sector that’s only growing in importance.
The recent security breach of Sony’s PlayStation Network and Qriocity music service has once again put the issue of cyber security front and center. Additionally, the proliferation of mobile devices has created a whole new demand for security.
“Sony’s just one of many. We’ve seen several major intrusions that have happened over the last 12 to 18 months,” says Rob Owens, analyst at Pacific Crest Securities. He cites the 2010 attack on Google’s corporate network that originated in China and the intrusion into the Nasdaq’s computer servers earlier this year.
“I believe at some point this is going to start to drive an accelerated pace of adoption of these technologies,” Owens says.
But analysts point out that while the security sector as a whole stands to benefit in the long run, there are near-term hurdles to overcome, which means investors will need to place their bets wisely.
Adapting to New Threats
Analysts believe the computer security sector as a whole stands to benefit from an ever-increasing cyber security threat environment. But Timothy Quillin, analyst at Stephens Inc., says it’s best to focus on a company that can respond quickly to the dynamic nature of cyber threats. That’s his rationale for being bullish on Sourcefire (FIRE), which develops intrusion prevention systems that are used heavily in government environments.
"Just because security is hot doesn't mean the stocks are going to outperform."
“They are located in Columbia, Md., close to where the National Security Agency is headquartered,” Quillin says. “There’s probably no organization in the world that’s seen the type of threats that NSA has. You tend to learn at the speed of your customers. Because they have a relatively large government business, they’re seeing more serious and more relentless threats from nation states and organized crime. That puts them in a position to help large companies manage their threats as well.”
Gary Spivak of Noble Financial Capital Markets also favors Sourcefire, noting that the company is at the forefront of a security strategy called “whitelisting” that’s gaining traction in large organizations. Unlike the more common blacklist approach, which allows all connections by default unless specifically prevented, whitelisting denies all connections by default except for ones that are explicitly granted access.
“Sourcefire addresses the critical need of firewalls and intrusion prevention,” Spivak says. “It’s a pure play in that area. I think you’ll see more and more firms looking to deploy some element of whitelisting in their environments.”
The explosive growth of mobile communications is also providing more opportunities in the security sector. As more people depend on smartphones and tablets to access information, it’s tougher for corporate network administrators to protect their data.
“It used to be that a company would set up a computer network and have a relatively defined perimeter where you would have relatively few Internet connections and you would just protect those connections coming into your organization,” Quillin says.
“With the mobile enterprise, with things like mobile phones and iPads, there’s no perimeter anymore, so it creates more challenges. I think that’s where the enemy’s trying to find areas where there’s the most vulnerabilities.”
Analysts note that established players like Symantec and McAfee, which was acquired by Intel earlier this year, will likely be the leaders in responding to new mobile threats. Spivak also points out that Vasco Data Security, which develops two-factor authentication systems for mobile banking transactions, is a company to watch in this space.
Given that information security is always a primary concern in the technology world, the sector would seem to be a safe bet for investors. But analysts warn that’s not necessarily the case.
“Everybody points to security as one of the top needs in the enterprise, but the spending rarely translates into any of these stocks,” Spivak says. “Just because security is hot doesn’t mean the stocks are going to outperform. It hasn’t always worked out in the near term.”
In its most recent guidance, for example, Sourcefire warned of slower near-term growth because of spending cuts in the federal government.
“In the short term, our federal government doesn’t necessarily have a budget plan in place,” Owens says. “We’re not seeing the associated spending increases that we’d like to, especially to protect our cyber infrastructure. One of your largest consumers of this technology currently is on a flat spending budget on a year-over-year basis. You’ve got austerity programs internationally, as well, that are somewhat mitigating the near-term spend opportunity.”
But analysts note that the long-term outlook remains strong.
“The federal government is and has been one of the most attempted-to-be-hacked organizations in the world,” Spivak says. “They have to invest in this area.”
And because cyber criminals operate a step ahead of the technologies designed to thwart them, there will always be opportunities within the sector for investors.
“Given the attacks that we’re seeing on a national level, on a local level, and in enterprises, we’ll continue to see a ramp in cyber security spending over the next five to 10 years,” Owens says. “A pretty dramatic ramp, which should set up a pretty positive fundamental backdrop for a majority of these companies.”